The Mona Lisa Heist

by

This CTF is now closed for submission. You may still attempt to play, but we cannot guarantee all parts still work as intended.

Rules

  • CTF will be open to submissions until 31.07.2022 at 22:00 EET
  • You can browse the question submission without submitting right away
  • After submission you receive an email with your answers and your certificate of completion

Mission Briefing

from[email protected]
to[email protected]
date: July 01, 2022, 21:00 EET
subject: Briefing “The Mona Lisa Heist”

Well good evening,

As you’ve probably heard in the news recently, the Mona Lisa was stolen from the Louvre Museum in Paris. Together with a variety of other high profile heists, INTERPOL believes these are all linked to the same organization. As of now we do not know which that would be. The most prominent paintings  recently stolen, which are believed to be taken by the same organization:

Watercolors – Marc Chagall

An Allegory – Sandro Botticelli

La Bella Principessa – Leonardo da Vinci

Portrait of Alexander Mornauer – Hans Holbein

The passion – Hans Holbein

Lady with an ermine – Leonardo da Vinci

The Annunciation – Sandro Botticelli

America Windows – Marc Chagall

The School of Athens – Raffaello Sanzio da Urbino

The Starry Night – Vincent van Gogh

American Gothic – Grant Wood

The Persistence of Memory – Salvador Dali

Mona Lisa – Leonardo da Vinci

The operations undertaken to heist these paintings have a lot of similarities. Camera footage is missing or replaced with seemingly still footage. Guards did not find anything, the alarms are disabled and no forced entries from the outside. CCTV footage is still being examined to find people who entered but haven’t left. So far it is believed the criminals wear disguises, even if we find unaccounted people, it might lead nowhere.

Given the camera’s malfunction, guards incompetence and alarms not going off, we suspect inside jobs. Or at least partially. This means interrogations are ongoing with all security personnel from the involved venues. We believe the only place these painting will show up are the underground markets, either online or offline. Regular buyers will stay away from these stolen goods. This leads INTERPOL to believe they are stolen out of personal interest, or to be sold to other criminals.

For months the case has gone without any leads. However, just this week, we were able to compromise an email account. The account contained one email. Forensics into this email did not lead my team anywhere. Which is why our hope of finding anything now rests with your team. We need your OSINT magic to figure out where the next heist will take place, so we can lay a trap for the thieves. Given their global profile, it is impossible to predict where they would strike next.

Here you find the contents of the email, please let us know what you find.

Alright one of the paintings we're going to hit has it's description hidden in the riddle that follows from the resolution below:

0-4      maUjVifKaNU
0-2      CdZDXKVuMlE
0-2      D7vCxL45Jn8
2-5      1GEFhh1kxuY
0        Yykfw9eNA5s
1-4      v72zb9_dxnA
2-3      Eo4s1o-u1wU
2-5      XAH4Ovuyjxg
0        l0WKYlaqKq4
1-3      9T6HGC-m8zU
1        ipf7ifVSeDU
1        1EpuHGMn7B0
0-2      dS71chsx104

Other heist is included in the plans with images of how we're doing that one. You will receive the details on the exact locations in another way.

/;;7:_TT)0;[email protected];U.\w

Best Regards,

Dimitri Zechev
Head of Red Team Operations
Tiberian Serpent HQ

Disclaimer

ANY MENTION OF REAL LOCATIONS, PEOPLE, COUNTRIES, ORGANISATIONS AND SUCH, ARE NOT AFFILIATED WITH HACKTORIA, OR OUR CHALLENGES. THESE ARE INCORPORATED INTO OUR STORIES TO MAKE THEM MORE IMMERSIVE AND RELATABLE. PLEASE DO NOT CONTACT ANY ORGANISATION, GOVERNMENT OR INDIVIDUAL, OTHER THAN THOSE EXPLICITLY MARKED FOR INTERACTION IN OUR CHALLENGES. ALL ACCOUNTS, LINKS, PEOPLE AND MATERIALS CONTAINING IMPORTANT INFORMATION ARE INCLUDED IN THE CTF BRIEFING.
– Players will never have to incur costs to complete a CTF, for example calling phone numbers
– No hacking unless explicitly mentioned for the specific CTF
– Our CTF’s are fictional events, any resemblance to real events is purely coincidental
*All copyrighted materials shown, belong to their respective owners, and they are used for educational purposes only. Any reproduction is prohibited.

8 thoughts on “The Mona Lisa Heist”

  2. Has anyone got anywhere with the hints?
    I have tried pretty much every option on Cyberchef, but have not achieved any meaningful result.

    Reply

  3. Great challenge! The only part not clear for me was the distinguishing between real or fake paintings. I also hope that answers will be checked manually because I’m pretty sure I solved the whole challenge but got only half of the points.

    Reply

    • Hey, this challenge does not have a manual review. But if you’re unsure about some questions just reach out and we can double check them. There’s also no limit to your amount of tries to get the answers correct 🙂

      Reply

Leave a Comment