On a recent Wednesday evening, a university professor in a large town in western Germany was preparing several paintings to be sold through the British auction house Christie’s. Using his iPhone, he took pictures of the inherited works at his home to upload to the company’s website. Within a few weeks, the site promised, Christie’s would give him an estimate of their value and tell him if it was interested in auctioning them.
Art
Security flaw at Christie’s exposed location data of artwork owners sought to sell
But by uploading the images, he not only sent pictures of the pieces to Christie’s, he also revealed their exact location for anyone to see online, according to two German cybersecurity researchers. Hundreds of other would-be Christie’s clients, including Americans, were exposed to the same vulnerability, the two researchers, Martin Tschirsich and André Zilch, told The Washington Post.
The findings show how cybersecurity vulnerabilities aren’t just an issue for big tech companies, but for almost everyone as more and more business is transacted over the internet. As was the case with the professor, photos uploaded to Christie’s oftentimes include GPS coordinates for where they were taken; those coordinates are so precise that they reveal not just a street address but can even identify within a few feet exactly where inside a building a photo was taken. “Around 10 percent of the uploaded images contain exact GPS coordinates,” the researchers said.
At the end of July, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned generally about the kind of vulnerability the German researchers found. “[These vulnerabilities] have resulted in the compromise of personal, financial, and health information of millions of users and consumers,” CISA said in a joint statement with the National Security Agency and the Australian Cyber Security Center, without referring explicitly to any developments at the auction house.
Christie’s, which says it’s committed to treating personal data with the utmost care and security but has also been criticized for offering anonymity to clients, declined to answer questions about or confirm the researchers’ findings. “We continuously assess our security safeguards, thoroughly address issues relating to the security of our clients’ information, and comply with our legal and regulatory obligations,” the auction house said in a statement.
But the company seems to have taken steps to resolve the issue, according to the researchers, though only after being contacted about it by The Post. “It was only Tuesday when Christie’s appears to have implemented technical measures to close the vulnerability,” Tschirsich said. He said the researchers had informed Christie’s about the problem more than two months ago.
It is unclear if Christie’s has informed any of its clients about the security lapse. The German professor, who spoke on the condition of anonymity because he did not want to discuss a breach of his personal data that may have been easily accessible to everyone online, said Christie’s had not contacted him. He said he learned his artwork’s location had been made public from The Post. “Especially with a renowned house like Christie’s, I would not have expected that,” he said.
Tschirsich and Zilch say they had alerted Christie’s to what they called a “serious vulnerability” by the time the professor had uploaded his images. Messages viewed by The Post show they first told Christie’s of the vulnerability in June. An offer by the researchers to help resolve the difficulty was rejected by a Christie’s executive, according to records the researchers shared with The Post. “Thank you, but we do not require any advice or assistance,” the executive said, after confirming that the researchers’ findings had been forwarded to an internal security team.
“As cybersecurity researchers we were very surprised by this reaction,” Zilch said.
Some tech companies routinely pay a fee to researchers who reveal a vulnerability that on the black market could be worth an even higher prize. Larger companies also have what are called bug bounty programs to incentivize cybersecurity researchers to report flaws that can lead to breaches. However, Christie’s does not appear to advertise such a program.
Tschirsich and Zilch say they were not looking for a bounty or a job from Christie’s, but just wanted the company to fix a vulnerability that put users at risk. Both for years have probed systems for vulnerabilities with the goal of reporting them to companies and organizations, often free of charge. In the past, the two have identified vulnerabilities putting the health data of patients in Germany at risk. Tschirsich, together with other researchers, also uncovered problems in German election software that could have disrupted the counting of votes. Both problems were investigated for free and fixed after the researchers warned the affected organizations about them.
The German researchers took a look at Christie’s after an acquaintance asked them about how secure Christie’s service was. “Unfortunately, it only took us a few minutes to come across this serious vulnerability,” Tschirsich told The Post. “The vulnerability is so simple that it can be exploited by anyone with a browser within a few minutes.”
Tschirsich said Christie’s lack of a quick response surprised him. “It actually takes only a few hours to temporarily close the vulnerability and two days to completely fix the problem,” Zilch said.
Continue Reading
Art
Calvin Lucyshyn: Vancouver Island Art Dealer Faces Fraud Charges After Police Seize Millions in Artwork
In a case that has sent shockwaves through the Vancouver Island art community, a local art dealer has been charged with one count of fraud over $5,000. Calvin Lucyshyn, the former operator of the now-closed Winchester Galleries in Oak Bay, faces the charge after police seized hundreds of artworks, valued in the tens of millions of dollars, from various storage sites in the Greater Victoria area.
Alleged Fraud Scheme
Police allege that Lucyshyn had been taking valuable art from members of the public under the guise of appraising or consigning the pieces for sale, only to cut off all communication with the owners. This investigation began in April 2022, when police received a complaint from an individual who had provided four paintings to Lucyshyn, including three works by renowned British Columbia artist Emily Carr, and had not received any updates on their sale.
Further investigation by the Saanich Police Department revealed that this was not an isolated incident. Detectives found other alleged victims who had similar experiences with Winchester Galleries, leading police to execute search warrants at three separate storage locations across Greater Victoria.
Massive Seizure of Artworks
In what has become one of the largest art fraud investigations in recent Canadian history, authorities seized approximately 1,100 pieces of art, including more than 600 pieces from a storage site in Saanich, over 300 in Langford, and more than 100 in Oak Bay. Some of the more valuable pieces, according to police, were estimated to be worth $85,000 each.
Lucyshyn was arrested on April 21, 2022, but was later released from custody. In May 2024, a fraud charge was formally laid against him.
Artwork Returned, but Some Remain Unclaimed
In a statement released on Monday, the Saanich Police Department confirmed that 1,050 of the seized artworks have been returned to their rightful owners. However, several pieces remain unclaimed, and police continue their efforts to track down the owners of these works.
Court Proceedings Ongoing
The criminal charge against Lucyshyn has not yet been tested in court, and he has publicly stated his intention to defend himself against any pending allegations. His next court appearance is scheduled for September 10, 2024.
Impact on the Local Art Community
The news of Lucyshyn’s alleged fraud has deeply affected Vancouver Island’s art community, particularly collectors, galleries, and artists who may have been impacted by the gallery’s operations. With high-value pieces from artists like Emily Carr involved, the case underscores the vulnerabilities that can exist in art transactions.
For many art collectors, the investigation has raised concerns about the potential for fraud in the art world, particularly when it comes to dealing with private galleries and dealers. The seizure of such a vast collection of artworks has also led to questions about the management and oversight of valuable art pieces, as well as the importance of transparency and trust in the industry.
As the case continues to unfold in court, it will likely serve as a cautionary tale for collectors and galleries alike, highlighting the need for due diligence in the sale and appraisal of high-value artworks.
While much of the seized artwork has been returned, the full scale of the alleged fraud is still being unraveled. Lucyshyn’s upcoming court appearances will be closely watched, not only by the legal community but also by the wider art world, as it navigates the fallout from one of Canada’s most significant art fraud cases in recent memory.
Art collectors and individuals who believe they may have been affected by this case are encouraged to contact the Saanich Police Department to inquire about any unclaimed pieces. Additionally, the case serves as a reminder for anyone involved in high-value art transactions to work with reputable dealers and to keep thorough documentation of all transactions.
As with any investment, whether in art or other ventures, it is crucial to be cautious and informed. Art fraud can devastate personal collections and finances, but by taking steps to verify authenticity, provenance, and the reputation of dealers, collectors can help safeguard their valuable pieces.
[unable to retrieve full-text content]
Ukrainian sells art in Essex while stuck in a warzone BBC.com
Source link
The Courtauld Gallery at Somerset House has reopened its doors to the public after a fire swept through the historic building in central London. While the gallery has resumed operations, the rest of the iconic site remains closed “until further notice.”
On Saturday, approximately 125 firefighters were called to the scene to battle the blaze, which sent smoke billowing across the city. Fortunately, the fire occurred in a part of the building not housing valuable artworks, and no injuries were reported. Authorities are still investigating the cause of the fire.
Despite the disruption, art lovers queued outside the gallery before it reopened at 10:00 BST on Sunday. One visitor expressed his relief, saying, “I was sad to see the fire, but I’m relieved the art is safe.”
The Clark family, visiting London from Washington state, USA, had a unique perspective on the incident. While sightseeing on the London Eye, they watched as firefighters tackled the flames. Paul Clark, accompanied by his wife Jiorgia and their four children, shared their concern for the safety of the artwork inside Somerset House. “It was sad to see,” Mr. Clark told the BBC. As a fan of Vincent Van Gogh, he was particularly relieved to learn that the painter’s famous Self-Portrait with Bandaged Ear had not been affected by the fire.
Blaze in the West Wing
The fire broke out around midday on Saturday in the west wing of Somerset House, a section of the building primarily used for offices and storage. Jonathan Reekie, director of Somerset House Trust, assured the public that “no valuable artefacts or artworks” were located in that part of the building. By Sunday, fire engines were still stationed outside as investigations into the fire’s origin continued.
About Somerset House
Located on the Strand in central London, Somerset House is a prominent arts venue with a rich history dating back to the Georgian era. Built on the site of a former Tudor palace, the complex is known for its iconic courtyard and is home to the Courtauld Gallery. The gallery houses a prestigious collection from the Samuel Courtauld Trust, showcasing masterpieces from the Middle Ages to the 20th century. Among the notable works are pieces by impressionist legends such as Edouard Manet, Claude Monet, Paul Cézanne, and Vincent Van Gogh.
Somerset House regularly hosts cultural exhibitions and public events, including its popular winter ice skating sessions in the courtyard. However, for now, the venue remains partially closed as authorities ensure the safety of the site following the fire.
Art lovers and the Somerset House community can take solace in knowing that the invaluable collection remains unharmed, and the Courtauld Gallery continues to welcome visitors, offering a reprieve amid the disruption.
News6 hours ago
Langford, Heim lead Rangers to wild 13-8 win over Blue Jays
Sports7 hours ago
Edler to sign one-day contract to retire as a Vancouver Canuck
News7 hours ago
Billie Jean King set to earn another honor with the Congressional Gold Medal
Media1 year ago
12 Bizarre Things People Did Just To Make Social Media Content
Sports5 years ago
AP source: Bears acquiring quarterback Nick Foles from Jaguars – Sportsnet.ca
Investment5 years ago
dynaCERT Inc. Invites You to Join Us at the Vancouver Resource Investment Conference | INN – Investing News Network
-
News19 hours agoMK-ULTRA: Ottawa, health centre seek to dismiss Montreal brainwashing lawsuit
-
Health19 hours agoHealth Canada approves updated Moderna COVID-19 vaccine
-
Sports18 hours agoFledgling Northern Super League adds four to front office ahead of April kickoff
-
News18 hours agoRCMP warn of armed robbery suspects west of Edmonton
-
Politics19 hours agoNDP beat Conservatives in federal byelection in Winnipeg
-
News19 hours agoOttawa threatens to pull funds for Chignecto Isthmus if N.B., N.S. don’t partner
-
News19 hours agoCanadanewsmedia news September 17, 2024: Bloc wins Montreal Liberal stronghold
-
Economy18 hours agoEnergy stocks help lift S&P/TSX composite, U.S. stock markets also up
