xorl %eax, %eax

OPSEC fail: Hawaii Emergency Management Agency

leave a comment »

The past few days Hawaii Emergency Management Agency became popular in the news due to a false emergency alert which was a result of human error along with badly designed UI. This media attention brought to light some bad OPSEC practices from this agency.

News agencies start digging for content for the Hawaii Emergency Management Agency and brought up a news article from 22 July 2017 titled “North Korea Missile Threat ‘Unlikely,’ But Hawaii Prepares”. This news article from Associated Press included some high resolution photos. One of them was the following which shows Jeffrey Wong, the Hawaii Emergency Management Agency’s current operations officer and it was taken at the agency’s headquarters in Honolulu on 21 July 2017.

The photo reveals various details about the agency including the software used, internal discussion board, naming conventions, etc. However, the following close up gives some really interesting insights.

On the far right in the above photo we have a paper with the SWP (State Warning Points) call list that includes phone numbers per region. Then each of the two monitors has a Post-It note. The right one (WP2) says “Sign out” and the left one (WP1) says “Password Warningpoint2”. So, multiple operational security failures in this agency as well as the AP photographers and journalists that did not censor all those sensitive details from the photos before publishing them.


Written by xorl

January 17, 2018 at 10:10

Posted in opsec

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s