The looming mystery behind the Panama Papers: How did the largest document leak in history even happen?

After similar coups by WikiLeaks and others, we had an idea of who pulled the trigger, and why. Not this time

Published April 7, 2016 5:18PM (EDT)

"Hello. This is John Doe. Interested in data?" That line -- apparently written in English and using an American cultural reference -- is much of what we know about the source, possibly a hacker, behind the Panama Papers, a massive trove of documents on which four hundred journalists have been collaborating for up to a year, detailing how a Panamanian law firm called Mossack Fonseca has helped some of the world's most powerful people set up shell companies capable of concealing vast amounts of wealth. The source reached out to Bastian Obermayer, a reporter for Germany's Sueddeutsche Zeitung newspaper, over a year ago, explaining, "I want to make these crimes public."

Beyond that, the International Consortium of Investigative Journalists (ICIJ), the group with which Sueddeutsche Zeitung shared the documents in order to expand the investigation, has explained only that, "The source wanted neither financial compensation nor anything else in return, apart from a few security measures."

Indeed, Obermayer has claimed, in an interview with Wired, that he doesn’t know who the source actually is. “I don’t know the name of the person or the identity of the person,” though he says he has had extensive conversations with the person.

So four hundred journalists are writing -- and have been reporting on, many of them, for a good part of a year -- about documents that they can't explain the provenance of.

Contrast that with what we know about several of the previous big leaks. Before the bulk of the documents Chelsea Manning leaked to WikiLeaks were published, she had reached out to several people, including hacker Adrian Lamo. In chats that Wired published in June 2010 (again, before the bulk of the documents were leaked), Manning told Lamo that she was "an army intelligence analyst, deployed to eastern [B]aghdad, pending discharge for 'adjustment disorder'." (The full chats, published in 2011, would make it clearer she was talking about being transgender.) She admitted sending files to Assange, and hoped they would elicit "worldwide discussion, debates, and reform."

Likewise, within days of the first Edward Snowden leak, he appeared on a video admitting he was the source. "My sole motive is to inform the public as to that which is done in their name and that which is done against them," he explained. That video and an accompanying story reviewed a great deal of his biography, providing some details on how he could have access to the NSA's crown jewels. Those details have led to an incessant debate about whether Snowden accurately described his motives -- or whether he had outside help from a foreign intelligence service like Russia. While that debate often deviates pretty wildly from known facts, at least some details are out there to debate.

Likewise, Hervé Falciani was already a publicly known fugitive, sharing data with authorities for years before the public got its first glimpse at the records of HSBC clients hiding their money, which he took when he worked as a computer engineer for the bank. As with Snowden, various commentators have described Falciani alternately as a crook and a whistleblower, but they've done so based on a knowledge of his stated motives and actions.

Even for mega-leaks sourced to external hacks -- like the Ashley Madison and Sony hacks -- the presumed identity of the hacker is known. In the former case, a group calling itself the Impact Team threatened Ashley Madison in an apparent (and unsuccessful) attempt to get it to pull down two sites for which AM had falsely promised to delete accounts upon request and payment. The ostensible purpose of the hack was to destroy the company for making false promises about secrecy. In Sony's case, U.S. government officials have claimed hackers working for North Korea, calling themselves the Guardians of Peace, infiltrated and then brought down the Sony Pictures website in retaliation for the unflattering picture of North Korea's Supreme Leader, Kim Jong-un, in Sony's movie, "The Interview."

That's in no way to say that Panama Papers should expose their source. As the incarceration or exile of these other leakers make clear, there's good reason to avoid revealing anything that might expose the source. But it does mean there are key questions about this leak we can't answer.

Readers of Panama Papers have just that one opening line -- "I want to make these crimes public" -- to explain the source's motive, although as Sueddeutsche Zeitung and other outlets reporting on the story are required to explain, some uses for offshore accounts are perfectly legal; and, as many outlets have noted, Mossack Fonseca is just one cog in a giant industry supporting tax havens, key parts of which are in the United States.

Mossack Fonseca would like readers to believe this came from an email hack. The company informed its customers (in a message posted to WikiLeaks suggesting not all of them had been compromised) that its email server had been compromised. "We rule out an inside job. This is not a leak. This is a hack," one of the founders of the firm, Ramon Fonseca, told Reuters. "We have a theory and we are following it." The firm also reported a crime to authorities.

However, there are good reasons to doubt that this was just an email server hack. While Mossack Fonseca's emails appear not to have been encrypted, there is far more to the leak than emails. It includes scanned passports and some database excerpts, suggesting that, however the files were obtained, it went beyond what got sent via email. Moreover, multiple outlets have identified outdated code and other configuration problems in Mossack Fonseca's public website. So it seems probable that the firm's trove of customer data has been exposed far more than MF wants to admit.

Which then raises the question: Do security vulnerabilities on Mossack Fonseca's systems explain why it, and not another of the even bigger law firms serving tax haven customers, got exposed in this hack? Or is there another explanation? Did the hacker -- if that is where these documents came from -- single out Mossack Fonseca because it had already been exposed as a firm serving dubious clients, or did the source just target an easy mark, given MF's security problems?

To be sure, none of these questions diminish the importance of the Panama Papers project, which has already led to the resignation of some key figures exposed by the stories. Even if there were less noble motives behind this leak, there would still be tremendous value in exposing the problems and pervasiveness of tax havens. But these questions should be part of the discussion about what we're seeing.

We've been given a giant snapshot of one really important part of a really damaging part of global finance. The snapshot is important and the reporting on it is crucial. But we might want to ask, why are we getting this particular snapshot?

By Marcy Wheeler

Marcy Wheeler writes at and is the author of "Anatomy of Deceit."

MORE FROM Marcy Wheeler

Related Topics ------------------------------------------

Chelsea Manning Corruption Global Inequality Sony Hack The Panama Papers Wikileaks