Outdated software since 2003 and easy access to the security network by external experts will have exposed one of the most important museums in the world to high risks of cyberattacks.
After the robbery at the Louvre Museum in Paris, which took place on October 19, an audit revealed serious flaws in the security system, which had been present for several decades. The investigation shows that the the largest art museum in the world has been experiencing serious vulnerabilities in the area of cybersecurity for more than 10 years.
O had access to confidential documents detailing several critical flaws in the security system. A worrying example is the fact that the password for the video surveillance system is simply ‘Louvre’.
The report highlights that security problems are not new, but have been going on for at least a decade. In particular, it highlights that eight pieces of software responsible for critical areas of security have not been updated for several years, exposing the museum to high risks.
One of the programs, called partnerwas acquired in 2003 to oversee the camera circuit and entry controls, but the maintenance contract had already expired and was never renewed.
Windows discontinued
A 2021 document revealed that the Sathi system, used to manage security at the Louvre Museum, still operated on a server with the Windows Server 2003 system.
This system, which was discontinued by Microsoft in 2015, no longer receives security updates, which exposes not only the works of art, but also the security of visitors, making the environment vulnerable to attacks. The combination of outdated and incompatible systems further exacerbates the fragility of the museum’s security infrastructure.
The experts who carried out the audit were able to easily access the Louvre’s security network from ordinary computers, which allowed them to compromise the video surveillance system. In another test, they managed to change permissions and break into the museum’s database.
The report concludes that these flaws could be easily exploited by external hackers, as the passwords used were exposed in a vulnerable way.
According to the National Information Systems Security Agency (ANSSI), to access a video surveillance system server, simply write ‘LOUVRE’, or ‘THALES’, the name of the company responsible for the software.
Robbery in broad daylight
On October 19th, four robbers took less than eight minutes to steal several pieces of jewelry valued at 88 million euros.
the thieves used a freight elevator to enter the museum, broke a window, entered the Apollo gallery where jewels from Napoleon III’s collection are on display and broke the display cases that protected the jewels with an angle grinder.
Were roEight jewels were worn, including Eugénie’s tiara, adorned with around 2,000 diamonds, as well as the sapphire necklace that belonged to Marie-Amélie, the last queen of France, and Hortense de Beauharnais, mother of Napoleon III.
