back to article Panic of Panama Papers-style revelations follows Bermuda law firm hack

A major offshore law firm admitted it had been hacked on Tuesday, prompting fears of a Panama Papers-style exposé into the tax affairs of the super rich. Jersey-based Appleby only admitted it had suffered the breach – which actually happened last year – after a group of journos from the International Consortium of …

  1. Lee D

    Though I cannot ever condone hacking, or even journalistic release of such material unless it's literally directly damning in a criminal sense...

    If the truth of what you do is politically embarrassing to you, maybe you shouldn't be doing that?

    1. Naselus

      But then we'd have to pay taxes!

    2. Pen-y-gors Silver badge

      As our leaders so often tell us...

      If you've done nothing wrong you have nothing to hide.

      Obviously a load of cobblers, but sauce/goose/gander etc.

    3. Voland's right hand Silver badge

      If the truth of what you do is politically embarrassing to you, maybe you shouldn't be doing that?

      If memory serves me right, Animal Farm is still part of the GCSE syllabus.

  2. Stork Silver badge

    Confidential information in unencrypted emails - i.e. all the privacy of postcards.

    1. Anonymous Coward
      Anonymous Coward

      Eh, not really. Not if they're sent over TLS (as almost all are) and/or they're sent internally (as most of the MosFon emails were). Encrypting the emails themselves properly is a surprising amount of work that very few organisations actually do.

      1. Lee D

        Pfft.

        There is no transport security in SMTP whether or not you use TLS.

        Internal emails, possibly, but that's about it.

        The reason? Any mail server en-route can read the email and forward it on to any other mail server unencrypted without you ever becoming aware of it. The chances of a customer of this place sending potentially embarrassing email to this place without - at some point - there being a non-TLS SMTP connection involved is very high. But the fact is, you can never know because you will never find out.

        That's not counting anything they email internally via their personal accounts "because the attachment is blocked" or "I have no VPN access here" or whatever.

        SMTP is security-less, to all intents and purposes. Even things like SPF etc. don't work to guarantee that the mail SERVER you are sending TO is legitimate. It only ever works the other way around (i.e. that that mail from fredbloggs.com did come from a fredbloggs.com-authorised server). And even THAT is dependent on unencrypted basic DNS being authoritative.

        Please stop spouting nonsense. You either encrypt the whole message with something and that lets the transport metadata completely open, or nothing. The TLS around SMTP is entirely optional, strippable, unverifiable and useless. It's to protect your SMTP password details, not your email.

        1. Anonymous Coward
          Anonymous Coward

          "There is no transport security in SMTP whether or not you use TLS."

          There is if you use Exchange of Office365. You can require certificate and domain validation. i.e. the TLS certificate has to be trusted and match the remote host domain name.

          1. Voland's right hand Silver badge

            There is if you use Exchange of Office365.

            Same for most MTAs. However, for a long list of reasons most production mail installations are configured to accept self-signed certificates and most have no support for certificate caching. This should have gone away with DANE, but that has not quite happened.

  3. This post has been deleted by its author

  4. Anonymous Coward
    Meh

    Few people will get upset...

    ...lose a few quid, move a few quid, make a few quid.

    Little will change.

    1. phuzz Silver badge

      Re: Few people will get upset...

      Little changed last time for the rich, but a journalist was killed recently for digging into the Panama papers, so perhaps we should hope for even less to change?

  5. Anonymous Coward
    Anonymous Coward

    If I was a betting man I would say that they'll find some of Trumps money there so he can brand it as fake news.

    What a corrupt little planet we all live on.

    1. Naselus

      Doubt it, since Trump doesn't actually have any money. Like everyone else in real estate, he generally uses other people's, since his own assets are decidedly less liquid.

  6. John Stirling

    There is a big difference between 'illegal' and 'subject to challenge'

    Rich folk often do things which their lawyers tell them are legal, but not to tell HMRC (for UK residents) as HMRC may take a different view.

    Make no mistake this will result in a flurry of activity unless the breach is seriously limited.

    Whilst I'm not sure I'd set the bar at 'politically embarrassing' as Lee D does, there is a good point that if you're not prepared to justify your behaviour to the relevant authority (which may be the court of public opinion) think hard before acting, as we now live in a world where if you're high profile it's probably going to be public knowledge eventually.

    This and other leaks like it may change the 'rich and powerful' to become slightly less psychopathic, which will be no bad thing.

    1. John Brown (no body) Silver badge

      Re: There is a big difference between 'illegal' and 'subject to challenge'

      "(which may be the court of public opinion) "

      Like Kimmy Carr being booked to host Have I Got News For You at an embarrassingly awkward moment in his life. He certainly had some news for us on that show :-)

  7. Zog_but_not_the_first
    Trollface

    Gotta admit...

    It's tiny violin time.

  8. chivo243 Silver badge

    we have reviewed our cyber security and data access arrangements

    ...with Drupal and Wordpress ? E-mazing!

    1. Spudley

      Re: we have reviewed our cyber security and data access arrangements

      ...with Drupal and Wordpress ? E-mazing!

      Drupal is generally pretty secure, but anyone using Wordpress gets zero sympathy from me if they get hacked. It's a diabolically awful platform.

      Of course in either case, as with any software you happen to be using, you've got to apply the patches.

      If you fail to patch or use unsupported versions, then you are leaving yourself wide open to mischief, no matter what the software is.

      1. Aodhhan

        Re: we have reviewed our cyber security and data access arrangements

        You said, "Drupal is pretty secure"... are you kidding us?

        1. WolfFan Silver badge

          Re: we have reviewed our cyber security and data access arrangements

          Compared to WordPress, yes, they are relatively secure. WordPress has all the security of FTP. Maybe less.

        2. beep54
          Joke

          Re: we have reviewed our cyber security and data access arrangements

          "You said, "Drupal is pretty secure"... are you kidding us?"

          Perhaps RuPaul was meant instead

    2. elDog

      Re: we have reviewed our cyber security and data access arrangements

      Please let us poor peasants know what framework is without fault?

      Would I trust one that had large exposure more than your script-kiddie one? Probably.

      I started coding CGI in perl back in the 1950s (kidding, 1990s). There is nothing worse than home-grown or something that is using undocumented/unverifiable plug-ins.

      Anyone know a full-on framework that accepts a ton of plug-ins, is secure, is not based on MS, is not PHP, is provably secure? Please?

  9. Anonymous Coward
    Anonymous Coward

    admitting that it was “not infallible”

    oh dear, if the law firm says they're "not infallible", they must have been involved in something rather naughty....

  10. Nolveys
    Childcatcher

    Taxes are for little people...

    ...they exist to pay the gambling debts of your betters. It would defeat the purpose if the rich and powerful had to pay them.

    Now, who would like to purchase some extremely high quality mortgage backed securities? Oops, they seem to have turned into dog shit. Luckily your government will be more than happy to purchase them.

    Pardon me, I'm going to take my helicopter to my boat (which has a helicopter pad). Both the helicopter and the boat were purchased with your pension money. But don't worry, I'm sure the millennials will pay your pension when it's time to collect it. Surely they will be done working through their 6-figure college debt by serving coffee by the time you are due to retire.

    1. ukaudiophile

      Re: Taxes are for little people...

      "But don't worry, I'm sure the millennials will pay your pension when it's time to collect it. Surely they will be done working through their 6-figure college debt by serving coffee by the time you are due to retire."

      Amusing Nolveys, you seem to assume the Millenials will actually work in a coffee shop. I'd doubt it, they'll probably be protesting that, because they have a media studies qualification, they're entitled to expect anyone with a pension to pay it all out in taxes and grants so they don't have to sully themselves with little issues such as 'earning a living' and 'capitalism' and instead spend their time debating the 'Sociological relevance of Hollyoaks episode 14,000'.

  11. Primus Secundus Tertius

    Appleby advice

    It looks as though Appleby need some advice from Sir Humphrey.

  12. Alistair
    Windows

    wait --

    Appleby's leaked horrendous recipes?

    Nope, different Appleby. Whew! would want that crap food getting into the mainstream.

    /humour

    That said - a Law Firm leaking -- notably a law firm that refers to its customers as "High net worth individuals", effectively hot on the heels of MosFon's leak, tells me that there is somewhere in this cistern of corruption we call the world some few individuals who are serious about chlorinating the cistern. Am I going to laud them for dumping this stuff in the open? Perhaps not, it may run over some folks that don't truly deserve to have their laundry waved about in the open, but I'm *fairly* sure that the intent is to get the dirty laundry of those who use their position to take advantage of the rest of the population in less than fair methods out into the open so that those methods can be removed. Will that happen? who the hell knows, I can hope the changes come, but I doubt it. I'm sure there are still quite a few large pools of financial wealth that will be stolen from the general populace by the 3 card monte global stage acts.

    <sorry - my cynicism is showing in force today. Mostly due to having to do things that were outsourced to another entity ages ago myself to close projects.>

  13. DCFusor
    WTF?

    Hope for a better outcome than this:

    https://www.theguardian.com/world/2017/oct/16/malta-car-bomb-kills-panama-papers-journalist

    That's kinda hard to spin as a suicide, no? Someone had enough money and power to be pretty brazen about "whatever it takes" on the last one.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hope for a better outcome than this:

      Probably less a question of being brazen, and more a determination to make a very public point about the consequences of disturbing their illicit wealth and power accumulation processes in the future.

  14. Doctor Syntax Silver badge

    "News of the breach of Appleby follows nearly 18 months after the release of the so-called Panama papers"

    So they had an opportunity to look and learn but didn't.

    Experience is a dear teacher but there are those who will learn by no other.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022