A huge leak of confidential documents has revealed how the rich and powerful use tax havens to hide their wealth. Eleven million documents were leaked from one of the world's most secretive companies, Panamanian law firm Mossack Fonseca. They show how Mossack Fonseca has helped clients launder money, dodge sanctions and avoid tax.
http://www.bbc.co.uk/news/world-35918844
Brian Spector, CEO at MIRACL, says: “As far as hackers are concerned, any legal firm represents a treasure trove of personal and financial data – but this latest attack is an absolute goldmine. Protecting your clients’ data is a fundamental part of being a lawyer, so it’s difficult to see how this firm can recover from a hack of this magnitude.
Whilst it is too early for a more detailed analysis, the attack vectors commonly used to initialize attacks of this magnitude are to gain access by stealing employee credentials. The credentials are still all too often simply user name and password. Attackers know that when a password, irrelevant of how complex the password may be, is successfully stolen, the attacker can get access to internal systems and work their way to sensitive information - and steal it all.
The underlying issue is that the username and password system is old technology that is not up to the standard required to secure the deep information and private services that companies and individuals store and access online today. In order to retain their customers’ trust, online services need to remove the password from their systems altogether, and implement rigorous authentication technologies.”