SQL injection vuln found at Panama Papers firm Mossack Fonseca

Grey hat hacker continues probing scandal-hit lawyers


Grey hat security researchers have discovered new flaws in the systems of Panama leak firm Mossack Fonseca.

A self-styled “underground researcher” claims to have found a SQL injection flaw on one of the corporate systems of the Panamanian lawyers.

“They updated the new payment CMS, but forgot to lock the directory /onion/,” he said via the “1x0123” Twitter profile.

Mossack Fonseca specialises in helping its clients to set up firms in tax havens such as the British Virgin Islands. The leak of its client information as part of the Panama Papers has created a huge political stink

The lawyers informed clients in early April that the leak to journalists has been traced back to a hack on its email server, rather than a whistleblower. Its apparent failure to adequately lock down its systems is surprising in the circumstances.

“It looks like MF [Mossack Fonseca] had really very low security level, [such] that hackers continue to hack them for fun,” a security intelligence source who notified us of the claimed vulnerability told El Reg.

In between flagging up security issues with Mossack Fonseca, the same hacker has been busy over the last week attacking major media outlets, such as the LA Times and New York Times, and offering to sell access to insecure systems at NASA, among other hi-jinks.

The same hacker (1x0123) contacted Edward Snowden, notifying him of some bugs on one of his projects. Snowden acknowledged the bug report on the Freedom of the Press Foundation website on Sunday. ®

Similar topics

Broader topics


Other stories you might like

  • Hackers weigh in on programming languages of choice
    Small, self-described sample, sure. But results show shifts over time

    Never mind what enterprise programmers are trained to do, a self-defined set of hackers has its own programming language zeitgeist, one that apparently changes with the wind, at least according to the relatively small set surveyed.

    Members of Europe's Chaos Computer Club, which calls itself "Europe's largest association of hackers" were part of a pool for German researchers to poll. The goal of the study was to discover what tools and languages hackers prefer, a mission that sparked some unexpected results.

    The researchers were interested in understanding what languages self-described hackers use, and also asked about OS and IDE choice, whether or not an individual considered their choice important for hacking and how much experience they had as a programmer and hacker.

    Continue reading
  • Stolen-data market RaidForums taken down in domain seizure
    Suspected admin who went by 'Omnipotent' awaits UK decision on extradition to US

    After at least six years of peddling pilfered personal information, the infamous stolen-data market RaidForums has been shut down following the arrest of suspected founder and admin Diogo Santos Coelho in the UK earlier this year.

    Coelho, 21, who allegedly used the mistaken moniker "Omnipotent" among others, according to the US indictment unsealed on Monday in the Eastern District of Virginia, is currently awaiting the outcome of UK legal proceedings to extradite him to the United States.

    The six-count US indictment [PDF] charges Coelho with conspiracy, access device fraud, and aggravated identity theft following from his alleged activities as the chief administrator of RaidForums, an online market for compromised or stolen databases containing personal and financial information.

    Continue reading
  • Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs
    Hitting big targets, untouchable, technically proficient. Who will it inspire next?

    Analysis The Lapsus$ cyber-crime gang, believed to be based in Brazil, until recently was best known for attacks on that country's Ministry of Health and Portuguese media outlets SIC Noticias and Expresso.

    However, the gang is climbing up the ladder, swinging at larger targets in the tech industry. Over the past few weeks, those have included Nvidia, Samsung, and Argentine online marketplace operator Mercado Libre. Now, Lapsus$ is suspected of attacking game developer Ubisoft.

    Lapsus$ in February compromised Nvidia, stealing a terabyte of data that included proprietary information and employee credentials, and dumping some of the data online. The crew also demanded the GPU giant remove limits on crypto-coin mining from its graphics cards, and open-source its drivers.

    Continue reading

Biting the hand that feeds IT © 1998–2022