Attacks/Breaches

11/6/2017
11:55 AM
50%
50%

External Attacker Leaked 'Paradise Papers,' Law Firm Reports

The Paradise Papers contain 13.4m documents allegedly hacked by an outsider, the targeted law firm reports.

The release of the Paradise Papers, a collection of 13.4 million documents, has revealed tax affairs of the ultra-wealthy, reports the BBC. Most of the papers came from offshore legal firm Appleby, which says the leak came from a hack on its network and no insiders were involved.

Similar to last year's Panama Papers leak, the documents were first procured by German publication Süddeutsche Zeitung, which worked with the International Consortium of Investigative Journalists (ICIJ).

Leaked financial documents surfaced information on how rich and famous people channel funds through offshore tax havens to protect their cash from tax officials. For example, papers indicate about $13M (USD) of the Queen's private funds were invested offshore. While not illegal, this might prompt questions about the Queen's finances.

It also came to light that Russia funded Facebook and Twitter investments through a business associate of Jared Kushner, President Trump's son-in-law and senior White House advisor. Papers indicate Commerce Secretary Wilbur Ross had a stake in a company which transports oil and gas for a Russian energy firm, whose shareholders include Vladimir Putin's son-in-law and two men sanctioned by the US.

While Appleby says it did not do anything wrong, the disclosure of such sensitive data could have tremendous repercussions for individuals affected.

Read more details here.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jenshadus
50%
50%
jenshadus,
User Rank: Strategist
11/7/2017 | 11:36:54 AM
So how was the hack done?
Was it an insider job?  A brute force attack?  A phishing expedition?  Wish this article would point out the weakness of the law firm.  This is more of a political article than a lessons learned one.
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Lessons from My Strange Journey into InfoSec
Lysa Myers, Security Researcher, ESET,  7/12/2018
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14339
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
CVE-2018-14340
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
CVE-2018-14341
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
CVE-2018-14342
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
CVE-2018-14343
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.