How to Get the Crown Jewels Stolen

It would seem that the people responsible for the recent heist at the Louvre, which netted over $101 million in jewelry, may have used a more complicated plan than strictly necessary. According to a French publication, the famous museum has a long history of cybersecurity mistakes and faux pas… many of which, given the museum’s fame, are truly shocking.

Let’s go over what we know about the Louvre’s protections over the years, and what they suggest about the current state of things. We’ll probably learn a thing or two by doing so.

Bad Passwords and Outdated Systems

Over a decade ago, in 2014, the French National Agency for the Security of Information Systems (ANSSI) audited the famous museum’s surveillance system. Through this audit, it was discovered that the Louvre used a password that was decidedly—almost comically—weak.

That password: “LOUVRE”

That’s right: the Louvre, the most famous and prestigious art museum in the world, with a collection valued in the billions, protected a key security tool with its own name.

It gets worse. The museum was also found to be using a system put together by the cybersecurity company Thales. The password protecting this key system: “THALES.”

Plus, the Louvre’s automation network used computers running Windows 2000, an operating system that had been designated EOL in 2010… four years earlier.

Fast forward to 2017, and an audit by the National Institute for Advanced Studies in Security and Justice was completed. This audit was more in-depth than its predecessor and, in addition to the issues the 2014 audit revealed, exposed even more security vulnerabilities in both the museum’s physical and digital protections. Almost a decade later, the museum was still using an outdated operating system in 2021.

Finally, another security audit was conducted this year. These findings have not yet been revealed, but we have gotten a few context clues—namely, the fact that the person in charge of the audit stated that the museum’s systems had to be “truly modernized,” and that the museum’s management was aware of this need. In fact, there were plans to modernize security being explored since 2018—after the National Institute for Advanced Studies in Security and Justice’s audit—but were repeatedly pushed back due to the COVID pandemic and the Paris Olympics, scheduled to start next year and finish all the way in 2032. 

Of the estimated $95 million these upgrades would cost, only $3.5 million had actually been invested as of 2024. Amongst these investments was an overhaul of the former palace’s camera system, in which 134 new digital cameras were added. Additional improvements were reportedly planned, but the theft happened before they were implemented.

It Just Goes to Show: the Basics Matter for Everyone

While the multimillion-dollar theft took a different approach, it just goes to show that anyone can have serious cybersecurity issues. Here’s the thing… you and other business owners who operate in Upstate New York don’t have to accept this.

Directive is here to help you improve your cybersecurity and assist you with your business’ general use of technology. We’ll work with you to identify your needs and implement the tools needed to boost your operations and the security that protects them. Learn more by reaching out at 607-433-2200.