In September 30, 2016, after an elaborate police operation, two van Gogh paintings were recovered from the home of a Neapolitan Mafia boss . They had been stolen nearly 14 years earlier from the world-famous Van Gogh Museum in Amsterdam on December 7, 2002 . The thieves weren’t too subtle about their approach: they smashed a window, probably with a sledgehammer wrapped in cloth . The expensive alarm system didn’t go off . The guards heard the commotion, but the thieves were too quick for them . They knew exactly which two paintings they wanted, so they walked straight up to them, ripped them off the walls and exited through the broken window. This case is just one of many, and not exclusively in the world of art crime, where expensive security is foiled through the simplest of methods . Most of the time, thieves can render useless a multi-million-pound defence system simply by acting quickly. To boards of directors and insurance companies, expensive, state-of-the-art security2 sounds like it should be the most effective and safest option .
But such an approach raises two problems . First, there always seem to be smart people who enjoy a challenge . When I worked at a major art museum, the computer technician was driven mad by some non-malevolent hacker3 who kept breaking into the system . The hacker wouldn’t do much – turn off a light here, send an email there4 – just enough to show that the system had been breached, and would require a complete overhaul of security protocols. Second, most high-tech security5 – whether for computer systems, banks, homes or museums – is alarm-based . When a perimeter is breached, an alarm – silent or sounding – is meant to notify authorities . This sounds fine in principle, but for the fact that technical devices sometimes don’t work properly, and someone must respond in a timely and effective fashion for the alarm to have served any purpose. In 2008, two museum incidents highlighted the dangers mentioned above . First, at the blockbuster British Museum exhibit of the Chinese terracotta warriors, an activist slipped surgical masks, scrawled with political slogans, over the faces of some of the figures .
Each statue had been expensively protected by a software that drew an invisible barrier around each warrior – if this barrier were breached, an alarm would sound . At least, that was the idea . Not only did the alarm not go off, but tourists had to look for a guard to tell them what was happening . Second, that same year, a bunch of drunken vandals smashed open the employee entrance to the Mus e d’Orsay in Paris . The alarms went off, but the intruders were able to rush in, punch a hole through a Monet and sprint out before guards could reach them. Human response is of critical importance to high-tech security, both in terms of the natural human prankster impulse and the practical response of guards or police to an alarm sounding. To counteract this over-reliance on technology, some ingenious security specialists have come up with low-tech, analogue defensive measures to compliment the laser barriers and heat-sensor cameras . Dennis Ahern, director of security UK at Christie’s auction house and previously head of security for the Tate museums, taught a course on museum security at the ARCA postgraduate programme in art crime and cultural heritage protection . He likes to combine low- and high-tech devices in the same gallery .
The analogue methods, some as mundane as affixing a sculpture to its plinth with high-tensile steel fishing line, offer an element of surprise . Hostile surveillance – casing a joint, as criminals are wont to do when considering a location for a crime – might spot CCTV cameras and motion detectors, but the last thing a thief expects is a bit of fishing line.
Bolting statues to plinths, or frames to walls, is done less than you might think (there is some concern about speed of removal of objects in the event of a fire), but lashing a valuable that you don’t want going anywhere to an immobile surface is a tried-and-true safety mechanism, at least delaying potential thieves, if not stopping them altogether . Average police response time to a 999 call in cities is ten to 15 minutes, so delaying a thief is crucial . Add a surprise element to your alarm system, and that fishing line might buy police an extra minute or two to stop the bad guys . They also offer a failsafe if technology fails. Hanging side-by-side in London’s National Gallery are Portrait of a Man (Self Portrait?) and Margaret, the Artist’s Wife, a pair of pendant portraits by Jan van Eyck . There they rest, doubtless secured by various alarms and tracking devices (museums don’t like to go public with the details of their security measures) . For centuries, these works were displayed together at the painter’s guild hall in Bruges . But back in the 18th century, Portrait of a Man was stolen .
To make sure its neighbour didn’t go anywhere, a heavy iron chain was affixed to it . Now that the two portraits are reunited in the National Gallery, perhaps it would be fitting (and safer) to have them both chained to the wall ? In addition to all that high-tech security, of course.
In October, a massive denial-of-service cyberattack on internet infrastructure Dyn knocked huge swathes of the web offline for millions of Americans and Europeans, from Netflix to Twitter . It was the largest attack of its kind in history2 and it was powered by an army of hacked webcams and smart devices with shoddy or non-existent security.
In short: The “internet of things” is a nightmare a fundamental threat to the security and safety of the web.
But Google and other tech giants now have a plan to fix it.
On Tuesday, the Broadband Technical Advisory Group (BITAG) published a report on the security and privacy of the IoT, including recommendations on how to improve it . If you haven’t heard of BITAG, its a tech industry body formed back in 2010, which includes Google, Cisco, AT&T, T-Mobile, Comcast, Mozilla, and others. (We first saw its report on Engadget3.)
While IoT device hijacking for use in DoS attacks is disturbing, it’s not the only way the tech is being abused.”Several recent incidents have demonstrated that some devices do not abide by rudimentary privacy and security best practices,” BITAG’s report says4.
“In some cases, devices have been compromised and allowed unauthorized users to perform Distributed Denial of Service (DDoS) attacks, perform surveillance and monitoring, gain unauthorized access or control, induce device or system failures, and disturb or harass authorized users or device owners.”
Problems with devices range from leaking Wi-Fi passwords to not being update-able, from having hardcoded default passwords to outdated and vulnerable firmware.
So that fancy internet-connected kettle you just bought might be spying on you, or leaking your home Wi-Fi password, or attacking computer networks thousands of miles away .
To try and solve this, BITAG has laid out a number of recommendations that it wants IoT manufacturers to abide by . Some of these are pretty basic (pointing to the scale of the problem), including shipping devices with “reasonably” current software without known vulnerabilities, and that manufacturers should follow best practices for encryption.
The group also wants to ensure that devices continue to work even without cloud or internet support, that privacy policies should be easily understandable, that there should be clear mechanisms for reporting bugs and vulnerabilities, and that devices should be resettable. (You can read BITAG’s full report below.)
BITAG’s not a regulatory body, so it doesn’t have any power to force manufacturers to make changes . But there’s a growing chorus of voices calling for government action, and it may add extra weight to these efforts.
“I’m really divided on what I think about regulation, but if it’s needed somewhere, this might be it,” F-Secure chief research officer Mikko Hypponen said in October5. “We’re regulating things on appliances anyway . They should not be able to give you an electric shock, they should not catch fire, they should not leak your Wi-Fi password either I think that would be a good thing.”
However, many of the hijacked devices used in recent attacks were made by a Chinese electronics company6 raising the possibility that even if American manufacturers upped their game, some overseas companies looking to cut costs might not bother.
- ^ Kamyar Adl/Flickr (CC) (www.flickr.com)
- ^ the largest attack of its kind in history (www.theguardian.com)
- ^ We first saw its report on Engadget (www.engadget.com)
- ^ BITAG’s report says (www.bitag.org)
- ^ F-Secure chief research officer Mikko Hypponen said in October (uk.businessinsider.com)
- ^ were made by a Chinese electronics company (krebsonsecurity.com)
- ^ the status quo (krebsonsecurity.com)
A protester who caused a Donald Trump security alert has claimed the Republican’s fans kicked and choked him – for holding a SIGN.
Austyn Crites, who is a Republican, spoke out after the billionaire was bundled off stage by US Secret Service agents1 last night at a rally in Reno, Nevada. The alert was sparked when someone shouted “gun!” – but the 33-year-old said he was simply holding a sign that said “Republicans against Trump”.
“These people couldn t grab the sign – they start tackling me, and then just piled on, and someone yelled something about a gun.
Secret Service agents bundled Donald Trump off stage in dramatic scenes
“I was yelling down there, ‘There is no gun ! I only have a sign ! I only have a sign!
“But there were people wrenching on my neck so hard they could have strangled me to death.
“Other people were grabbing at my balls . Other people were kicking me . It was absolutely nuts.”
Mr Crites said police arrived and started “pushing people off” because “people just kept coming back for more.”
But Austyn Crites insisted he was just holding a sign peacefully
He said he had been registered Republican for about six years but Mr Trump was a “fascist”, and people like him “take good people and they turn them into animals.”
He told other journalists outside the venue: “I m a Republican and have been supporting Republican candidates for quite some time.
But I just don t support Donald Trump . I ve been fairly vocal during the primary process as well as now.
You know I agree with them on many, many different issues but I just believe that, you know, he s very dangerous for the country .
And so I just came with a sign, I literally just had one sign that said Republicans against Trump .
Police detained the protester but later confirmed they found no gun There were scenes of chaos at the rally
The US Secret Service detained the suspect at the rally but found no weapon. A Secret Service statement said: “Secret Service agents and Reno Police Officers immediately apprehended the subject . Upon a thorough search of the subject and the surrounding area, no weapon was found.”
Mr Crites said he had no injuries and Mr Trump returned to the stage a short while later to continue his rally speech.
He said: “No one said it was going to be easy for us, but we will never ever be stopped.”