- How to stream Tottenham Hotspur vs. Watford Friday 9:00 PM
- How to stream Barcelona vs. Eibar Friday 6:00 PM
- How to stream ‘Bigfoot’ Silva vs. Gabriel Gonzaga in BKFC Friday 6:00 PM
- Demi Lovato’s nude photos allegedly leaked on Snapchat Friday 3:07 PM
- NBA TV is the new streaming service for basketball fanatics Friday 3:02 PM
- California residents will get cell phone alerts seconds before earthquakes Friday 2:29 PM
- How to stream Real Madrid vs. RCD Mallorca Friday 2:00 PM
- Trump accused of ‘using the language of ethnic cleansing’ regarding Kurds Friday 1:42 PM
- Hillary Clinton also thinks Tulsi Gabbard is a Russian bot Friday 1:13 PM
- TikTok girls dancing to voicemails from sh*tty exes is a vibe Friday 12:34 PM
- Netflix reports strong growth—but it faces 3 major hurdles in Q4 Friday 12:33 PM
- Telegram is hosting videos of extrajudicial killings in Syria Friday 12:32 PM
- ‘El Camino: A Breaking Bad Movie’ tops 8 million viewers in first week Friday 11:31 AM
- ‘Uncut Gems’ brings a high-stakes gambling risk to life Friday 11:29 AM
- Mark Zuckerberg gives a revisionist history about why he started Facebook in big speech Friday 10:52 AM
On Saturday, people in Hawaii woke up to a ballistic missile alert that was accidentally transmitted by a Hawaii Emergency Management Agency (HI-EMA) worker who pressed the wrong option in a drop-down menu. The incident raised questions about the security of an agency tasked to warn residents of serious threats.
Now, an Associated Press image that started circulating across the internet on Tuesday is adding insult to injury. The photo shows a HI-EMA employee standing in front of a desk filled with monitors. On the frame of one display is a Post-it note with writing on it. Zoom and enhance and you’ll see a password written in big letters.
A spokesperson at the agency confirmed to Hawaii News Now that the password is legitimate but was for an “internal application” they believe is no longer in use. The image was originally taken in July 2017 so it’s possible the software was still active when it was first uploaded. Regardless, the photo shows a lack of understanding of security best-practices from an agency tasked to inform millions of a potential threat.
People on social media responded in disbelief, opening discussions about the level of training required of emergency management workers. Writing down passwords is one of the worst security errors you can make. It’s forgivable if you do so in a secret notebook, but broadcasting it to everyone in your office (or in this case, the internet) is inexcusable.
The password to the Hawaii alert system on a post it note stuck to the face of the monitor. Broadcast live on TV for the whole world to see. Government total incompetence on display. https://t.co/y8jmplFPS5— name redacted (@nameredacted5) January 16, 2018
Do you want more cybersecurity training? Because that’s how you get more cybersecurity training. https://t.co/cf4PGECisw— Crispin Burke (@CrispinBurke) January 17, 2018
Around the time the image was going viral, the HI-EMA published a representation of the system it uses to send out emergency alerts—the same sort of UI that was used when the false missile alert was accidentally transmitted. The interface was criticized for its archaic appearance and confusing layout, leading to another round of harsh questioning from concerned residents.
This is the screen that set off the ballistic missile alert on Saturday. The operator clicked the PACOM (CDW) State Only link. The drill link is the one that was supposed to be clicked. #Hawaii pic.twitter.com/lDVnqUmyHa— Honolulu Civil Beat (@CivilBeat) January 16, 2018
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.