(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Art Theft’ Category

Art Forgeries Sold In The Darknet

leave a comment »

Stolen Forgeries:

Surfing the Darknet, as one does, I came across a new site that finally settled a prediction I made a few years ago. The site, “Fisher Shop” claims to be selling forged artworks as well as gold and diamonds. Now, I don’t really care about the diamonds and the gold bullion, but the art is the thing that enthuses me. I think I even once posted a blog about how I thought the Darknet could be used in art forgery, theft, and other machinations to sell stolen or forged artworks. This day has come to pass and I thought I would share it with you all.

The site itself is kinda poorly put together, or renders poorly on my browser for some reason and thus the text is all messed up pagination wise and makes it harder to read. Security wise the site is secure enough, an onion scan produced no vulnerabilities or leaks of data save for the email addresses that they are providing for contact. Both of the emails are easily obtainable sites like protonmail and sigaint so there isn’t much there unless you start talking to them and they slip up somehow OPSEC wise so at least this seems somewhat professional at the least.

The artwork though is what interests me most of all but I also will be taking a look below at the bitcoin acct they are using and those who have transfered money to it in the past. First though, the art…

The art works for sale range from old masters to Picasso. Two of the paintings on offer are missing pieces that have been stolen and not recovered yet. The one that intrigues me the most is the Rembrandt piece “Christ In The Storm On The Lake of Galilee” which was stolen from the Isabella Stewart Gardner museum in 1990 and recently was being searched for just a few miles from where I live a year or two ago. This work has been missing since 1990 but was claimed to have been seen by a reporter who was taken blindfolded to an unknown location and shown the work unrolled lit by a flashlight.

Scan of original from Isabella Stewart Gardner Museum of Rembrandt Van Rijn Christ on Sea of Galilee

Image from darknet site. Not whole image of the painting

Now in looking at the image provided by the darknet site along side the image presented by the Isabella Stewart Museum of the lost work itself, you can see variance in the image already. The colors are not the same and there are subtle differences in the work itself. Also the image that is provided on the darknet is not the whole canvas that was lost in the theft in 1990. The image has no real EXIF data to work with either so I cannot tell if this was a copy from elsewhere on the net easily. I have hashed the image and will do a bit more searching to see if I can lock it to a specific sample. However, when using image search for this hosted image we get a plethora of hits that are very much like it.

By looking all of these you can see a great variance in the colors but most of them have the same cropped image to show you. all of this is just stuff to go down the rabbit hole on but my main concern here is that this site is offering forgeries, and in some cases forgeries of lost art …Which makes you wonder just who might buy it? In the case of the Rembrandt the cost of the painting for purchase in bitcoins is 7,000 Euro’s which as of today is $8.331.00 ! Eight grand for a forgery of a stolen painting! Oh and this guy claims that he has been doing this for years and not been caught all the while admonishing the buyer about the security around packages and shipping.

Anyway, the original Rembrandt that was stolen has a 3.2 million dollar reward on it so I guess eight grand for a forgery of it is a steal huh? Speaking of steal, I started looking through the image search engine for the other paintings on offer and low and behold the Raphael on offer was stolen in 1945 and the Picasso went missing in October 2012! So, looking for a forgery of a stolen work? Look no further than Fisher on the Darknet it seems.

Picasso Harlequin Head


Raphael: Portrait of a Young Man


Now where the searches got interesting on the images was from the two listed paintings with original photos; the Frederick H. Clark painting of a cottage in Martha’s Vineyard and the John Bunyon River School pieces both it turns out are photos that originated from where one can sell artwork and other things. If you look closely at the photos from the darknet forgery site and the images from playthemove they are identical. You can see that there has been some manipulation of the tones (contrast shift) but by looking at the background you can see that the backdrops are the same. So, the forgery site is using these images to show you “forged” paintings on offer. Now the playthemove site claims that these are original paintings for sale. So, either these images were cribbed from playthemove and used on the darknet (which I cannot prove as the images have been manipulated and metadata stamped out) or the same people at playthemove have taken second sets of these photos sans the time stamp that we see on playthemove.

Notice identical background folds and lack of time stamp on darknet sample (bottom)

Implies it is an original…


Same folds from playthemove but lacks the time stamp and has been edited (timestamp and curves)


Curiouser and curiouser no? Now the question becomes are the people selling these works on playthemove also trying to sell forgeries of the paintings in the darknet? Or was this just conveniently found online so they decided to use these because really, when you pay for them you will get nothing back? Which at this point one has to ask the question “Will you get anything from these guys?” I mean, caveat emptor in the darknet right? But what if you did get a copy? What if it really came? These two paintings are fairly odd in that they are not commonly known works that people are looking for so it begs the question, did someone have the original and decided to maximize their returns by making copies?

Interesting…. Oh and one more fun fact, they are wanting just a bit more for the fakes than the original sold for on playthemove!

Bitcoins and Wallets:

Next I looked at the bitcoin wallet that they are using on this darknet forgery site. The wallet (1DEKexRrsUadfiLF3gvzMCSMoBkmMHjRhV ) has 70 transactions on it and held about 8.10093985 BTC or the equivalent of $77,201.92 which is a pretty penny indeed. Of course the wallet is empty presently but that is quite the bit of traffic through there up to Oct 17 2017. The transactions spread out to numerous addresses and I started to go down that rabbit hole with Maltego but after a while it just became a morass. I may pick at this later on but the largest set of transactions happened in September of this year;

Overall I have not been able to see this wallet used on other darknet sites and I have yet to run into anything that could tip me off as to who may own the wallet or where else on the darknet it has been used with other entities. So we are back again to the whole idea of forgeries being sold as “forgeries” on the darknet. One has to ask are these being sold to people who will put them in their house or, do you think perhaps the goal here might be to sell these on to those who may try to pass them off as real to unsuspecting buyers in the art world?

This is an interesting conundrum for me because who would you sell a hot forged Rembrandt to? I mean, wow, you would have to then claim you are part of the cabal who stole it and entice someone to buy this highly known piece, stolen in a highly known robbery that the FBI and everyone else is looking for. Now that takes some major balls! Though, in the art theft world and grifter verse, I can see some of them trying to pull this one off. I mean if there were the mythical “collector” who was offered a painting like this, would they take the offer? Ok ok ok, so look at it this way, if you even got the painting in the first place from this site, to be able to turn that eight thousand dollar investment into say, five hundred thousand dollars to an unscrupulous buyer… WIN right?

Interesting… Very interesting.

I will keep an eye on this site and maybe send them an email asking some questions. If I see anything else I will update this piece.



Written by Krypt3ia

2017/11/27 at 19:59

Art Theft *Not* Funded or In Demand Because of “Rich Collectors”

leave a comment »

Karl Heinz Kind, who heads Interpol’s Stolen Works of Art unit, scoffed at the romantic, cinematic notions nurtured by “The Thomas Crown Affair,” which featured a stolen Monet, that rich collectors are behind art thefts.

“Pure fiction,” he said.

Full article here at the NY Times

Dear Karl,

You are full of shit as are all your friends who say the same thing. Sure, on average you cannot say that there have been a plethora of rich tycoons setting up heists. However, what you can extrapolate and you fail to do so for this article, is that it takes a wealthy individual with a desire to acquire such art, to PAY for it. Thus, the thieves always know that there will be at least three ways to fence the object;

1) They will make a ransom demand or a play for the reward for return of the art

2) They fence it and the fence hopes to find a fat cat buyer who “wants” it or knows someone else who does

3) They will try and turn it in for a reward

Really Karl, think outside the box a bit huh?



Now that I have that rant out of the way… Let me talk a little bit about this articles contention as well as a nice business that I think should be started up. As I mentioned in my rant, there has to be a “MARKET” in order to perform the crime and expect to be remunerated! Do you really think that Joe blow on the street is going to have the money to buy these illicit art pieces from the fence? I mean, am I just not seeing the big picture here or something? The illegal economy has its wealthy clients no matter what Karl has to say. Sometimes I will admit though, the client may not know the provenance of the piece.. As well as some may not “want” to know that provenance either right?

On the flip side, this article has some interesting things to say that are kind of contradictory again to the whole picture of the gentleman thieves and “daring do” of the classic cat burglar in film and story. Life IS imitating art here no matter how much the cops want to deny it. You see, the thieves are becoming more sophisticated in their intelligence gathering, their skill sets, and their heists in some cases. The recent heists involving stole art works have been mostly interesting crimes where there is very little evidence to follow on just who did the deed because they have been doing their homework, much like what you have seen in the movies (Oceans 12, Heist, Thomas Crown, etc)

In real life the heists like that of the Antwerp Diamond heist have very strong elements of planning that mirror the best of the heist movies out there. What’s more, as the article mentions, it has become a game or a puzzle that the thieves are proud of pulling off, it’s something to be proud of in their minds. Think about it though, why are all those heist movies so popular huh? We all want to be that smart and that daring right? It’s a part of our genetic makeup…

Simple fact is this.. If you could get away with it… You’d try... And that is the appeal of daydreaming about it.

Meanwhile, the museums today have been hit hard by recession and the lack of arts spending, so is it any wonder (as the article alludes to) that the systems that protect the art are sub par or broken? They don’t have the money to really protect it properly so they rely on security through obscurity. The other side of this is that most of the art is accessible to the public in close quarters. The Mona Lisa is behind bulletproof glass and vaulted, but that is only after the attacks on the Uffizzi that this really happened. All too often today, you can go up to a famous piece of art and see that there aren’t any real security systems around them or, as in the case of the Paris museum, the system had been in need of repair and known to at least 100 people.

You see, unlike all those films that we have seen with lasers protecting the art, the real stuff sometimes has absolutely NO SECURITY. In the case of the Picasso’s they were in the home of family and not wired. These guys had the audacity to go in while she was there and cut them from their frames! I personally saw a large collection of known works in a corporate building that I was there to do a security assessment of. None of the artwork was wired and in fact one of the pieces I liked best was right next to an fire exit door that was not alarmed either! I could have made off with a nice little Monet.


I put that in my report and the response wasn’t favorable. They in fact said it had nothing to do with their computer security.. I came back with:

“Well, if you aren’t going to protect your art masterpieces with alarms, how secure do you think you have protected your server room and your AS400?”

They shut up after that…

What it all comes down to is you have to take the due care to protect your valuables just like your data. If you can’t be bothered to do so, then you will lose it eventually.

The Mindset Change that has taken place in the criminal set too is also quite important. The article mentions that there are no groups that have specialized skills that work together. Well, wrong again. The “School of Turin” was an interesting group of men who had specific skill sets that worked together and honed their skills to pull off the Antwerp diamond heist. So that particular statement came right out of that Interpol officers ass… Which really makes me wonder what the fuck they are thinking…

Anyway, the criminals have been evolving with the hackers. That’s it right there. The hackers have adopted the methods not only of technical hacking but also elements of espionage tradecraft and surveillance. All of these techniques, when used together can coalesce into a heist planned out and implemented with precision. It is only natural then that teams of thieves going after targets would get individual players with specific skill sets to carry out their plans huh? The net net here is that if you want to steal that object of desire today, usually you have to have some technical know how and a plan.

Now, about that business idea… I have always liked the idea of being the art theft investigator. They play a role in most of the heist films, and they are usually the folks who are the recovery specialists for the insurance companies. I think though, that I would like to put a twist on that and be the penetration tester for museums to test their security. Now that would be a fun gig. A red team for the art world that is hired to break into museums and steal.. Well steal as much as you can huh?

This would be a great challenge I think… Of course given the state of things lately, perhaps not huh?

It would be an interesting job to have being technically inclined as well as having the interest and practice in physical security… I will have to ponder this some more…

Take a read through the article.. Then take your copy of “The Italian Job” and have a sit down….


Written by Krypt3ia

2010/08/27 at 18:24