Outdated Software Opened the Door to Confidential Data
Doubtless you have read in the news of the Panama Papers leak – the significant leak of 11.5 million documents purportedly showing the financial strategies of politicians, financiers, athletes, the elite around the world. You might think of off-shore accounts and income tax evasion, or you might not. Apparently this is the world’s largest data breach ever. And we can’t help but appreciate the most convenient reference tag ever: the Panama Papers. No more “gates.” Just Panama Hats. And men making deals. Secretly.
We call this to your attention because according to findings from Forbes and WP Tavern the documents may have been leaked because the managing Panamanian law firm was using outdated software versions. Obsolete or outdated software has a very high vulnerability level which could easily have contributed to the ability of hackers to access the high-class financial information.
The news has been filled with persons denying wrongdoing, yet resigning posts. While feverish work to cover tracks from the massive leak is afoot, such a release of information to the world has had the effect of shining light on the money moves of the wealthy and powerful. And of loudly declaring, “Don’t let outdated software ruin you!” Better to keep your software up to date.
One report indicated a three-month old version of website software, while another found evidence that the software used was released in December 2014 – 15 months old. Even technical novices know that in terms of outdated software a gap of 15 months is not acceptable. There are updated design features and many critical security updates issued along the way during a 15 month period.
Combine that with a three-year old client portal program (Drupal), so notorious for its vulnerability that fully 25 security patches were issued during the three year period of inactivity at the law firm. Anything else? Oh yes. Seems they were using a 2009 version of Microsoft Outlook Web Access. Which was unencrypted. Now add to all this outdated software the eagerness of the cyber-criminal to find easy access and you have a stirring story of lots of data on the lose.
Lesson: While one lesson might be – “If you have money tucked away it will be found.” For the tech, the lesson is different. If you have information that would embarrass yourself or your clients should it be published to the world, the simplest step to keep that data safe is to keep your software updated.
Sort of an initial, no-brainer step. There are other steps to protect your data. Off-site backups. Firewall protection. Virus and Malware protection. But keeping your software up to date is certainly something that must not be overlooked. The obvious penalty for failing to have the most recent version is data loss or data exposure or both. Every email. All internal comments. Documents. Images. Drafts. Calendar notes. Everything exposed for the whole wide world (WWW) to inspect and analyze.
And outdated software as the cause.
I think this is the point where those in charge in Panama would bang their heads against the wall and cry out, “If only I’d done a simple update or two…” We feel your pain. Panamanian pain. By the way, we have records that tell us how up to date your system is. Curious? Call! 626-461-1300.