With the world's journalists still picking over the remains of the Mossack Fonseca and Panama Papers email server breach, the question of how the data was exfiltrated remains largely unanswered.
One theory being mooted is the company's website was running un-patched Wordpress plugins, such as Revolution Slider, which the hacker used to access the company's mail server, which happened to be on the same network as the website IP.
If true this is worrying. Some attribute 25% of the world's websites as using Wordpress - with 50,000 added daily.
At the Palo Alto Ignite Conference last week the Director of the CSI TV series Anthony Zuiker regaled the audience with an anecdote from when he met a senior US official in researching for the TV show.
When Zuilker asked whether there was a message they wanted CSI to disseminate to the general public, the official asked for one thing only:-
"Get people to install security updates and patches."
Mossack Fonseca's main website currently runs an outdated version of Revolution Slider, a WordPress plugin that could grant a remote attacker a shell on the web server, said Feedjit CEO Mark Maunder, in speaking with SCMagazine.com. Maunder said his team assessed Mossack Fonseca's IP history and discovered that the firm's website IP was on the same network as its mail servers. The law firm's website was wide open until a month ago and would have been “trivially easy” to exploit, he wrote on Wordfence.com, in a security update. Wordfence is a WordPress security plugin produced by Feedjit. The update also mentioned that the law firm's web portal accessed by clients reportedly used a vulnerable version of Drupal.