Is your site safe? Lessons from the Panama Papers

Panama Papers Hack & Website Security: What every business owner needs to know.

Monitor your website's Back End

We know there are hackers working day and night trying to break into websites. But, we don’t really need to worry about them because they wouldn’t be interested in a businesses website, right? Wrong. This has never been more apparent than the example provided by the Panama Papers Hack.

Learn why network security experts think the Panama Papers hack could have been avoided by a simple CMS update; and the consequences of not regularly monitoring your website’s backend.

Brief on the Panama Papers

Mossack Fonseca is a law firm and corporate service provider from Panama with 40 offices around the world.. It became a household name globally due to the leak of the Panama Papers.

According to the 11.5 leaked confidential documents that make up the Panama Papers that were pulled from Mossack Fonseca’s website, suggests that it helped its clients avoid paying taxes through legal and illegal tax evasion, and has resulted in an “unprecedented inquiry into global tax evasion”.

Shockingly, Mossack Fonseca ran out-of-date installs of two CMS platforms, WordPress and Drupal. These platforms had not been updated for 3 years, and consequently were a ticking time bomb, in that being hacked was only a matter of time.

It’s speculated by WP Tavern and Forbes that the outdated WordPress plugin and Drupal install were critically vulnerable, and likely what allowed the hackers to breach the website’s security. It believed that an out of date Drupal install allowed the hacker to get access to documents and an old WordPress plugin that gave them access to emails.

Had Mossack Fonseca done something as simple as updating to their CMS platforms, the website would have been much more secure. The unidentified hacker(s) may not have been able to access the information so readily and it’s possible that the Panama Papers leak would never have happened.

The importance of regular monitoring and updates

Most people think that websites are set and forget. But they are not. Websites need to be marketed for a start- this is done through SEO, content marketing and other digital strategies to keep traffic to your website growing.. Equally important, websites that need to be updated to fix bugs, close vulnerabilities and update plugins. Plugins are beneficial for a whole range of reasons, they allow for the integration of social media platforms, assist with SEO practices and are used for the maintenance and creation of databases, among other things. CMS platforms (WordPress, Joomla Magento, Drupal) also need to be updated for security and performance Updated platforms will run smoother and faster, giving your website better SEO rankings and usability.

Websites will not cave in if you do not complete every update, but it can increase the risk of being hacked. All platforms are susceptible to a security breach by a hacker. A team of network security experts are constantly looking for vulnerabilities in the CMS platform. When they find a vulnerability it is directly sent to a team of developers to create a way to secure the vulnerability. When they develop a patch in the security a new update is released in the platform.

With this release, a hacker is able to look at the new code and decipher where their was a vulnerability in the old plugin or platform. A hacker will share with other hackers where the vulnerability lies and they will look for websites, like Mossack Fonseca, that have not been updated and hack into them.

4 Reasons why a Hacker would like to Break into your Website

  1. Black Hat SEO practices. Some hackers have automatic hacking script for SEO purposes, this puts spam links in your website to help their own page rank higher.
  2. Grab email addresses. Others hack websites to steal email address to send spam too. Again, this is usually an automated script that gets blasts out. This common hack extracts emails and automatically puts it into a mailing list database to send out spam.
  3. Steal Confidential Information. Others hack to steal information like emails and passwords. The do this to sell email addresses or use passwords that they can then try on multiple accounts and websites with the hope of getting access credit card details or a bank account, because many people use the password for multiple accounts.
  4. Another hack is to place a tracking code that informs the hacker of all the information that is occurring on a site This includes user location, (where they are browsing from) and any information that they input into the site, such as emails, passwords and credit card details.

Why this is important to you

If Google detects that your website has spam hack it may remove it from search results and add a notice that will say “this site may be hacked”. This will decrease your SEO, reduce the number of clicks to your website dramatically, and you’ll lose customer trust completely. Additionally, if someone has enrolled into your newsletter and their email and name has been stolen from your website, their rights to privacy has been breached and they have the right to pursue legal action.

How to secure your website?

It’s not wise to try to update your CMS on your own- without the right skill set and upgrade can cause the entire CMS to crash and for the site to be rebuild. You can read more about that in our blog article, “Don’t Upgrade Your CMS Alone!”

Our Advice? Contact us to learn about our monthly website monitoring package for increased security and website performance.

Share This Article
View More Blogs