2 min read

Hawaii's missile alert agency keeps its password on a Post-it note

Graham CLULEY

January 17, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hawaii's missile alert agency keeps its password on a Post-it note

Last Saturday the people of Hawaii received a terrifying alert about a ballistic missile heading its way.

Fortunately the alert was a false alarm, caused by a worker who was supposed to send an internal test, and accidentally chose the wrong menu item.

It took a full 38 minutes for the Hawaii Emergency Management Agency (HEMA) to allay fears, and send out a correction.

Serious questions have been asked about how the bogus missile alert could have been sent out, and what can be done to ensure that members of the public are more rapidly informed if more mistakes occur in the future.

My feeling is that although there was no foul play behind the false missile warning, HEMA might be wise to also look at its general approach to IT security.

As Business Insider describes, evidence has come to light that some of the organisation’s staff might be in the habit of sticking Post-it notes containing passwords onto their computer monitors.

That in itself is far from ideal, but what’s even worse is that these Post-it note passwords have been caught on camera by the media, and available for anybody to view on the internet.

A photograph, taken by Associated Press back in July 2017, shows HEMA’s operations officer in front of a bank of computer screens at its headquarters in Honolulu. But if you look past Jeffrey Wong’s colourful Hawaiian shirt, and zoom in on the computers used to monitor potential hazards, you’ll see a solitary Post-it note.

My eyesight isn’t perfect, but it looks to me like it reads:

Password: Warningpoint2

Now, there’s no suggestion that that is a password that could be used to remotely access computers at the agency, or indeed that it’s a password connected with the sending of alerts, but… it surely does say something about the state of security practices at what should be a considered a potential target for a state-sponsored attack.

Organisations who have previously accidentally revealed their passwords in front of the media’s unblinking gaze include BBC News, France’s TV5Monde (ironically in a news report about how it had been recently hacked), and the Super Bowl’s top secret security hub, amongst others.

If the media is visiting your office, it’s probably sensible to remove any passwords which could appear in the background. In fact, maybe it makes sense to remove any such visible passwords regardless of whether someone is likely to be pointing a camera around.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Crypto Exchange Finds Location Data on Hacker, Recovers Some Stolen Funds Crypto Exchange Finds Location Data on Hacker, Recovers Some Stolen Funds
Silviu STAHIE

October 04, 2022

2 min read
German Police Arrest Three People Accused of Running Massive Phishing Campaign German Police Arrest Three People Accused of Running Massive Phishing Campaign
Silviu STAHIE

October 03, 2022

1 min read
Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read