 "How the Panama Papers got leaked to the ICIJ")
The massive data leak from a Panama-based law firm, now known across the world as the "Panama Papers", has put many world leaders, politicians, celebrities and sport-stars under the spotlight.
The leaked files from the Panamanian firm Mossack Fonseca has revealed that it hid billions of dollars in assets for its clients. The files, comprising over 11 million documents from the firm totalling close to 2.6 TB of data, have revealed names which have shocked many.
The International Consortium of Investigative Journalists (ICIJ) and 100 other media partners conducted an investigation into the files and unearthed information on more than 214,000 offshore companies connected to people in more than 200 countries and territories. The information might throw light on a widespread system of global tax evasion.
This is how ICIJ came to be in possession of the Panama Papers:
According to WIRED website, ICIJ director Gerard Ryle said that the leak began in late 2014, "when an unknown source reached out to the German newspaper Suddeutsche Zeitung, which had reported previously on a smaller leak of Mossack Fonseca files to German government regulators".
Ryle revealed that Bastian Obermayer, a Suddeutsche Zeitung reporter, said that the source had contacted him via encrypted chat, offering data intended “to make these crimes public.”
Upon being contacted by the source, Obermayer asked, “How much data are we talking about?”
More From This Section
Obermayer told WIRED the source's response: “More than you have ever seen.”
Additionally, according to the report, Ryle said that the source had warned Obermayer that his or her “life is in danger”.
Obermayer said that he communicated with his source over a series of encrypted channels that they frequently changed. They took the precaution of deleting all history from their prior exchange each time.
Without revealing the exact channels used for communicating with the source, Obermayer, according to the report, alluded to crypto apps like Signal and Threema, as well as PGP-encrypted email.
Obermayer revealed that each time the reporter and the source re-established a connection, "they would use a known question and answer to reauthenticate each other".
“I’d say ‘is it sunny?’ You’d say ‘the moon is raining’ or whatever nonsense, and then both of us can verify it’s still the other person on the device,” Obermayer told WIRED.
“I’d say ‘is it sunny?’ You’d say ‘the moon is raining’ or whatever nonsense, and then both of us can verify it’s still the other person on the device,” Obermayer told WIRED.
As the source provided the files, Suddeutsche Zeitung contacted the ICIJ.
The WIRED report says that the ICIJ’s developers built a "two-factor-authentication-protected search engine" for the leaked files, the URL for which they shared "via encrypted email with scores of news outlets including the BBC, The Guardian, Fusion, and dozens of foreign-language media outlets".
Given the sheer size of the leak and the terabytes of data involved, it is unlikely that it could all be shared over email. However, Obermayer, according to the report, refused to divulge how the source was able to pass on all that information.