Hawaii's missile alert agency keeps its password on a Post-it note
Last Saturday the people of Hawaii received a terrifying alert about a ballistic missile heading its way.
Fortunately the alert was a false alarm, caused by a worker who was supposed to send an internal test, and accidentally chose the wrong menu item.
It took a full 38 minutes for the Hawaii Emergency Management Agency (HEMA) to allay fears, and send out a correction.
Serious questions have been asked about how the bogus missile alert could have been sent out, and what can be done to ensure that members of the public are more rapidly informed if more mistakes occur in the future.
My feeling is that although there was no foul play behind the false missile warning, HEMA might be wise to also look at its general approach to IT security.
As Business Insider describes, evidence has come to light that some of the organisation’s staff might be in the habit of sticking Post-it notes containing passwords onto their computer monitors.
That in itself is far from ideal, but what’s even worse is that these Post-it note passwords have been caught on camera by the media, and available for anybody to view on the internet.
A photograph, taken by Associated Press back in July 2017, shows HEMA’s operations officer in front of a bank of computer screens at its headquarters in Honolulu. But if you look past Jeffrey Wong’s colourful Hawaiian shirt, and zoom in on the computers used to monitor potential hazards, you’ll see a solitary Post-it note.
My eyesight isn’t perfect, but it looks to me like it reads:
Now, there’s no suggestion that that is a password that could be used to remotely access computers at the agency, or indeed that it’s a password connected with the sending of alerts, but… it surely does say something about the state of security practices at what should be a considered a potential target for a state-sponsored attack.
Organisations who have previously accidentally revealed their passwords in front of the media’s unblinking gaze include BBC News, France’s TV5Monde (ironically in a news report about how it had been recently hacked), and the Super Bowl’s top secret security hub, amongst others.
If the media is visiting your office, it’s probably sensible to remove any passwords which could appear in the background. In fact, maybe it makes sense to remove any such visible passwords regardless of whether someone is likely to be pointing a camera around.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
FOLLOW US ON
You might also like
August 02, 2021
July 30, 2021