The Louvre robbery uncovers serious technological flaws: vulnerable software and passwords

The French newspaper Liberátion publishes an investigation in which, in addition to revealing that the museum's password was the name of the entity, shows critical security flaws at the Louvre such as the use of Windows Server 2003, software that lacks security updates since 2015, in addition to specialized programs, also obsolete.

The Windows Server operating system 2003 It is considered an enterprise version of Windows XP., since it shares many internal and external operating characteristics. While Windows Server 2003 stopped receiving official support from Microsoft in 2015, the domestic version did the same in 2014, one year before.

In this sense, Sergio Garcia, manager of i3e, a specialist in technological solutions that has 25 years of experience in the IT sector, explica que “along with having the name of the museum as a password, The entity lacked security infrastructure, something that, very surely, has been one of the most critical points that have led to the theft of incalculable value of Napoleonic pieces”.

An investigation published by the French media Libération reveals that, in addition to the Windows Server operating system, the Parisian museum had outdated programs to its credit: eight computer programs dedicated to facility surveillance, entre ellos, Thales, who did not receive any type of support.

The investigation published by Libération reveals that the entity used software purchased in 2003. Nevertheless, The companies consulted by the French-speaking media explain that “there was no maintenance contract for these programs, and the museum did not contact the developers at any time to update the services”.

Additionally, a public bidding document 2019 states that one of the programs used for critical surveillance of the museum, Thales, I also did not receive support from Sathi, the parent company. Even more, that this same program was running on a machine running the Windows Server operating system 2003, a modified version of Windows XP.

Accumulation of obsolescence

Experts warn that, in these cases, despite the fact that the machine continued to operate in strict terms, “It really didn't serve its purpose anymore.”, explains Garcia.

“The objective of using programs for surveillance lies in the fact that the 'vigilante' himself’ be aware of what is happening. In the case of the museum, It wasn't just the password that was in danger. Era, also, the use of outdated software on old operating systems that ran on early machines”, says the i3e manager.

Given this fact, the i3e company reminds us of the risks involved in having a “accumulation of technological obsolescence”.
“Not only has one piece failed. The entire security suite has failed. For this reason, It is important to keep all equipment up to date through solid maintenance contracts and to have personnel who, constantly, be aware of security holes, vulnerabilities and elements that have to be changed or modified”, García concludes.