Last month, an entire security system of the Louvre came under fire when jewels worth more than $102 million were stolen in a brazen heist. This meant that the security perimeter of the museum was one major flaw; the burglars broke into the building and entered the inside using the windows.
The brazen daylight theft of a fortune’s worth of crown jewels from the Louvre Museum practically exposed a flaw in security so ludicrously simple it seems a parody. Documents from an internal investigation after the heist reveal that the password to the museum’s video surveillance system was, believe it or not, its own name: “LOUVRE.”
This pathetically simple password thus afforded a quite ludicrously easy entry to the digital defense system designing to protect truly priceless works of art. This revelation turns an audacious crime into a national embarrassment, putting a glaring spotlight on the ever-ignored bankruptcy of even basic digital defense at one of the world’s most treasured cultural institutions.
While the full extent of the password’s involvement in the recent heist is still being investigated, its very existence stands as a reflection of the negligence that critics have been warning about for years. It is a witness to the fact that the security of the French national treasures was barely better than leaving the keys under the doormat.
Historical Insecurity And Neglect
The existence of the password “LOUVRE” was not so much an oversight as a chronic security compromise. As far back as 2014, a wide-ranging investigation by the French National Cybersecurity Agency (ANSSI) had already pinpointed the museum’s network as being penetrated by the use of “trivial” passwords, and a system poorly maintained with epoch-old security patches.
The classified report underscored that “LOUVRE” allowed access to a server that managed video surveillance. Another one, for different software, was reportedly the name of the developer of the software: “THALES.”
These egregious weaknesses were not new; they had been repeatedly brought to attention, documented, and just as crucially, left unattended for nearly a decade, thereby pointing towards an under-appreciation of cyber risk running deep through the very hierarchy of the museum.
Outdated Defenses And Obsolete Tech
Apart from easily guessable passwords, the investigation also brought to light the fact that the Louvre operated very important security software that was terribly out of date.
The documents indicate that most of the surveillance and access control programs were before the early year 2000, and most of them were no longer scrolling along with their respective developers. Some systems also still operated using retired operating systems such as Windows 2000 and XP, complete with lacking the current security patches and anti-virus protections.
Add this outdated technology to the ridiculously weak passwords, and you have a disastrous security posture. It is difficult to say whether the thieves exploited the password directly or by bypassing any of the systems weakened by age, but overall, the shambolic defense structure turned the world’s most-visited museum into an easy target for a smash-and-grab that should have been impossible.
Also Read: Amazon Down: Thousands Of Users Report Checkout Issues, Here’s What We Know
A recent media graduate, Bhumi Vashisht is currently making a significant contribution as a committed content writer. She brings new ideas to the media sector and is an expert at creating strategic content and captivating tales, having working in the field from past four months.
