- Parents at the school said they repeatedly requested increased security
- The breach could have admitted terrorists or paedophiles, a mother said
- ‘Paying 20,000 a year to send a child there, you expect better,’ a parent said
A school that Royals attend on the grounds of Windsor Castle suffered a security breach yesterday when an intruder gained access while pretending to be a parent. An unknown woman was seen with pupils at St George’s School during an open morning at the exclusive 7,000-a-term establishment. After the incident, parents said that they had repeatedly requested increased security at the school but their pleas were seemingly ignored.
An unknown woman was seen with pupils at St George’s School during an open morning at the exclusive 7,000-a-term establishment that is attended by Royals
‘It’s shocking she could get in so easily it could have been a kidnapper, terrorist, paedophile or anything . Lessons will have to be learned . Parents will not let this lie.’
‘It’s shocking she could get in so easily it could have been a kidnapper, terrorist, paedophile or anything . Lessons will have to be learned . Parents will not let this lie’ a parent said
Guilty plea: Anthony Brailsford, 69, admitted repeatedly rubbing a young boy s buttocks Another parent said: ‘This highlights an alarming lack of security . Paying 20,000 a year to send a child there, you expect better.’
Headmaster Chris McDade confirmed to The Sun that the intruder was escorted out by staff and police were investigating the incident. Princess Eugenie is a past pupil of the school and Prince Edward’s son and daughter currently attend there. Other pupils include the choristers of St George s chapel – a place of royal worship situated behind the school in the grounds of Windsor Castle.
The unisex day and boarding school takes pupils aged three years to 13 years. This is the second recent controversy to hit the school after a former headmaster admitted sexually assaulting boys in his Latin classes and watching others shower naked in the 1990’s. Anthony Brailsford, 69, who was acting headmaster of the school in Windsor Castle, Berkshire, admitted last year to repeatedly rubbing a young boy s buttocks.
He received a six-month suspended prison sentence in January at Reading Crown Court for the historic abuse.
‘; $(node).before(taboola_node); window._taboola = window._taboola || ; _taboola.push( mode: ‘thumbnails-b’, container: id, placement: “Stream Thumbnails ” + n); }; DM.has(‘infinite-list’, ‘InfiniteList’, url: ‘/api/infinite-list.html?channelShortName=news&pageSize=10’, total: 12.0, from: 0, onAfterAppend: function (container) var items = $(container).children(‘div’); if(!taboola_every_n) return; items.each(function () if (taboola_counter == 0) addTaboola(this); taboola_counter = taboola_every_n – 1; else taboola_counter–; }); } }); });
In September 30, 2016, after an elaborate police operation, two van Gogh paintings were recovered from the home of a Neapolitan Mafia boss . They had been stolen nearly 14 years earlier from the world-famous Van Gogh Museum in Amsterdam on December 7, 2002 . The thieves weren’t too subtle about their approach: they smashed a window, probably with a sledgehammer wrapped in cloth . The expensive alarm system didn’t go off . The guards heard the commotion, but the thieves were too quick for them . They knew exactly which two paintings they wanted, so they walked straight up to them, ripped them off the walls and exited through the broken window. This case is just one of many, and not exclusively in the world of art crime, where expensive security is foiled through the simplest of methods . Most of the time, thieves can render useless a multi-million-pound defence system simply by acting quickly. To boards of directors and insurance companies, expensive, state-of-the-art security2 sounds like it should be the most effective and safest option .
But such an approach raises two problems . First, there always seem to be smart people who enjoy a challenge . When I worked at a major art museum, the computer technician was driven mad by some non-malevolent hacker3 who kept breaking into the system . The hacker wouldn’t do much – turn off a light here, send an email there4 – just enough to show that the system had been breached, and would require a complete overhaul of security protocols. Second, most high-tech security5 – whether for computer systems, banks, homes or museums – is alarm-based . When a perimeter is breached, an alarm – silent or sounding – is meant to notify authorities . This sounds fine in principle, but for the fact that technical devices sometimes don’t work properly, and someone must respond in a timely and effective fashion for the alarm to have served any purpose. In 2008, two museum incidents highlighted the dangers mentioned above . First, at the blockbuster British Museum exhibit of the Chinese terracotta warriors, an activist slipped surgical masks, scrawled with political slogans, over the faces of some of the figures .
Each statue had been expensively protected by a software that drew an invisible barrier around each warrior – if this barrier were breached, an alarm would sound . At least, that was the idea . Not only did the alarm not go off, but tourists had to look for a guard to tell them what was happening . Second, that same year, a bunch of drunken vandals smashed open the employee entrance to the Mus e d’Orsay in Paris . The alarms went off, but the intruders were able to rush in, punch a hole through a Monet and sprint out before guards could reach them. Human response is of critical importance to high-tech security, both in terms of the natural human prankster impulse and the practical response of guards or police to an alarm sounding. To counteract this over-reliance on technology, some ingenious security specialists have come up with low-tech, analogue defensive measures to compliment the laser barriers and heat-sensor cameras . Dennis Ahern, director of security UK at Christie’s auction house and previously head of security for the Tate museums, taught a course on museum security at the ARCA postgraduate programme in art crime and cultural heritage protection . He likes to combine low- and high-tech devices in the same gallery .
The analogue methods, some as mundane as affixing a sculpture to its plinth with high-tensile steel fishing line, offer an element of surprise . Hostile surveillance – casing a joint, as criminals are wont to do when considering a location for a crime – might spot CCTV cameras and motion detectors, but the last thing a thief expects is a bit of fishing line.
Bolting statues to plinths, or frames to walls, is done less than you might think (there is some concern about speed of removal of objects in the event of a fire), but lashing a valuable that you don’t want going anywhere to an immobile surface is a tried-and-true safety mechanism, at least delaying potential thieves, if not stopping them altogether . Average police response time to a 999 call in cities is ten to 15 minutes, so delaying a thief is crucial . Add a surprise element to your alarm system, and that fishing line might buy police an extra minute or two to stop the bad guys . They also offer a failsafe if technology fails. Hanging side-by-side in London’s National Gallery are Portrait of a Man (Self Portrait?) and Margaret, the Artist’s Wife, a pair of pendant portraits by Jan van Eyck . There they rest, doubtless secured by various alarms and tracking devices (museums don’t like to go public with the details of their security measures) . For centuries, these works were displayed together at the painter’s guild hall in Bruges . But back in the 18th century, Portrait of a Man was stolen .
To make sure its neighbour didn’t go anywhere, a heavy iron chain was affixed to it . Now that the two portraits are reunited in the National Gallery, perhaps it would be fitting (and safer) to have them both chained to the wall ? In addition to all that high-tech security, of course.
In October, a massive denial-of-service cyberattack on internet infrastructure Dyn knocked huge swathes of the web offline for millions of Americans and Europeans, from Netflix to Twitter . It was the largest attack of its kind in history2 and it was powered by an army of hacked webcams and smart devices with shoddy or non-existent security.
In short: The “internet of things” is a nightmare a fundamental threat to the security and safety of the web.
But Google and other tech giants now have a plan to fix it.
On Tuesday, the Broadband Technical Advisory Group (BITAG) published a report on the security and privacy of the IoT, including recommendations on how to improve it . If you haven’t heard of BITAG, its a tech industry body formed back in 2010, which includes Google, Cisco, AT&T, T-Mobile, Comcast, Mozilla, and others. (We first saw its report on Engadget3.)
While IoT device hijacking for use in DoS attacks is disturbing, it’s not the only way the tech is being abused.”Several recent incidents have demonstrated that some devices do not abide by rudimentary privacy and security best practices,” BITAG’s report says4.
“In some cases, devices have been compromised and allowed unauthorized users to perform Distributed Denial of Service (DDoS) attacks, perform surveillance and monitoring, gain unauthorized access or control, induce device or system failures, and disturb or harass authorized users or device owners.”
Problems with devices range from leaking Wi-Fi passwords to not being update-able, from having hardcoded default passwords to outdated and vulnerable firmware.
So that fancy internet-connected kettle you just bought might be spying on you, or leaking your home Wi-Fi password, or attacking computer networks thousands of miles away .
To try and solve this, BITAG has laid out a number of recommendations that it wants IoT manufacturers to abide by . Some of these are pretty basic (pointing to the scale of the problem), including shipping devices with “reasonably” current software without known vulnerabilities, and that manufacturers should follow best practices for encryption.
The group also wants to ensure that devices continue to work even without cloud or internet support, that privacy policies should be easily understandable, that there should be clear mechanisms for reporting bugs and vulnerabilities, and that devices should be resettable. (You can read BITAG’s full report below.)
BITAG’s not a regulatory body, so it doesn’t have any power to force manufacturers to make changes . But there’s a growing chorus of voices calling for government action, and it may add extra weight to these efforts.
“I’m really divided on what I think about regulation, but if it’s needed somewhere, this might be it,” F-Secure chief research officer Mikko Hypponen said in October5. “We’re regulating things on appliances anyway . They should not be able to give you an electric shock, they should not catch fire, they should not leak your Wi-Fi password either I think that would be a good thing.”
However, many of the hijacked devices used in recent attacks were made by a Chinese electronics company6 raising the possibility that even if American manufacturers upped their game, some overseas companies looking to cut costs might not bother.
- ^ Kamyar Adl/Flickr (CC) (www.flickr.com)
- ^ the largest attack of its kind in history (www.theguardian.com)
- ^ We first saw its report on Engadget (www.engadget.com)
- ^ BITAG’s report says (www.bitag.org)
- ^ F-Secure chief research officer Mikko Hypponen said in October (uk.businessinsider.com)
- ^ were made by a Chinese electronics company (krebsonsecurity.com)
- ^ the status quo (krebsonsecurity.com)