Tag Archives: weak password

Culture

Cybersecurity Expert On Recent Louvre Burglary Reveals Poor Password Choice

Leave a comment

On Sunday, October 19, a burglary took place at the Louvre — one of the best known museums in the world. In broad daylight, minutes after the museum opened, thieves broke into the Apollo Gallery and stole the French Crown Jewels, valued at around 88 million EUR/ $142.5 million CAD. 

While criminals entered the famous museum through a window, the robbery exposed a whole host of security problems at the Louvre, including issues with digital security. For example, French media claim that according to the documents they’ve seen, the server managing the museum’s video surveillance was once protected by a weak password “LOUVRE.”

Media in France cite audit documents which show that the Louvre neglected security issues for years, including holes in physical security, outdated software, shoddy maintenance, and poor password and cybersecurity management.

Karolis Arbačiauskas, Head of Product at the cybersecurity company NordPass, comments:

“Publicly available information increasingly suggests that the museum’s IT security system — which manages access control, alarms, and video surveillance — suffers from numerous vulnerabilities. According to a 2014 audit by the French National Cybersecurity Agency (ANSSI), the museum’s system also relied on insecure passwords. For example, the server managing the museum’s video surveillance was protected by the password ‘LOUVRE.'”

“This is horrible. Such a password breaks all the principles of creating secure passwords. On the other hand, it’s not that shocking. Truth to be told, our own research shows that cybersecurity in the public sector is not the best. Tens of thousands of public sector employee passwords are already on the dark web.” 

“But we need to be careful and refrain from pointing fingers until the investigation is completed. The audit data cited by the media is quite old, and we don’t know if the Louvre took ANSSI recommendations into account. Crucially, poor passwords were not the point of entry for the criminals; they gained access through a window, indicating a broader, comprehensive security failure.”

“Personally, I would like to see a positive side to this horrible story. This theft has become the ultimate penetration test for the Louvre, so I hope it will serve as a stimulus to review and upgrade all of the museum’s security systems and policies, including passwords and outdated software. Otherwise, this robbery may embolden criminals and potentially lead to more crimes in the future”

“Proper password should be at least 20 characters long and consist of a random combination of numbers, upper and lower case letters, and special symbols. Passwords on routers and security systems, including those that manage security cameras, must be extremely strong and perhaps go beyond what is considered a strong password, as these systems can literally and figuratively open almost any door. It is also paramount to never reuse passwords. The rule of thumb is that each account should have a unique password because if one account gets taken over, hackers can use the same credentials for other accounts.”

For the Silo, Gintautas Degutis/ Nordsec.