1. Mick West

    Mick West Administrator Staff Member

    Hawaii officials say missile alert was a mistake .
    http://www.sandiegouniontribune.com/news/nation-world/la-na-hawaii-missile-alert-20180113-story.html
    Must have been pretty terrifying for a large number of people. The root cause is going to be some kind of human error, but of course it's going to get called some kind of "False Flag", from the "there are no accidents" crowd.


    Source: https://twitter.com/JenniferSpaw/status/952260122855854083



    Source: https://twitter.com/DazAltTheory/status/952263705416355840


    Source: https://twitter.com/holddaphone/status/952257311401132032
     
  2. Mick West

    Mick West Administrator Staff Member

    Full text of the false alarm warning:
    http://ipawsnonweather.alertblogger.com/?p=18764
    The audio link is still active (11:53 AM PST), attached.
     

    Attached Files:

  3. Mick West

    Mick West Administrator Staff Member

    Full Text of retraction

    So warning sent at
    2018-01-13T11:07:08-07:00

    Retracted at:
    2018-01-13T11:45:00-07:00

    38 minutes later.

    There were earlier corrections in the media and twitter.
     
    Last edited: Jan 13, 2018 at 12:04 PM
    • Informative Informative x 1
  4. Leifer

    Leifer Senior Member

    There are several Youtube prank videos where...... somewhat realistic and displayed "emergency broadcast system warnings" would appear suddenly on the family's TV, and are staged to scare (prank) family members or friends into thinking missiles are "inbound" or some other horrible impending disaster, and their reactions are recorded and uploaded.
    I'm not suggesting this was the case here, but I am keen to find-out if the EBS in this case was genuinely an accident, or the EBS system was hacked somehow ?

    EBS = Emergency Broadcast System https://en.wikipedia.org/wiki/Emergency_Broadcast_System
    now often called...
    EANS = Emergency Alert Notification System

    Amber Alerts... are sent to cell phones and in the US, called the WEA,...Wireless Emergency Alert system, sent to all WEA enabled cell phones.

    (from Mick's link, San Diego Tribune)
     
    Last edited: Jan 14, 2018 at 5:07 AM
  5. Hevach

    Hevach Senior Member

    Governor Ige was on CNN and said the cause had been determined. Somehow (in his words, "somebody pressed the wrong button," that could be literal or it could be a simplification) the alert got triggered during a shift change, which delayed identifying and fixing it.


    It seems to me if it were that trivial to trigger it would be equally trivial to fix, but it's conceivable that because it's a serious alert with a likely short warning period that it could be made easier to issue than to take back. And this is an alert that's never been issued and never had to be taken back, so I can imagine a bunch of people flipping through disused manuals trying to figure out how to fix it, probably with a fair amount of blame passing going on.

    Every job I've had, shift changes are the worst time for shit to hit the fan. You've got twice as many people in the building, but half as many on the job and sometimes unclear lines on just who's responsible for what because there's two people for every seat.

    If the person who screwed up was basically out the door when it happened, their replacement needs to figure out what they did and how. And if they didn't realize it was a mistake and instead got the alert as they left work... Well, some people will immediately think they could have screwed up and go back in to see, and some people will be absolutely sure they didn't and join the panic, calling their loved ones is going to be more important than going back to work and clocking a few minutes for a job you don't think you'll live to be paid for.


    Edit: A few other sites I go to have a lot of discussion on how differently this would have played out with a different president, because Trump was golfing and according to some reports didn't answer his phone (according to others he wasn't called, which I find more likely as I explain below). The three flavors of this claim:

    A. If he'd been at work he would have authorized retaliation based on a false alarm
    B. If it'd been some other president *they* would have authorized retaliation based on a false alarm
    C. If it had been some other president, they would have been on TV allaying fears


    A and B are both silly. This was a state level emergency broadcast system. Even if a president is utterly off his rocker like Martin Sheen in The Dead Zone, the joint chiefs and secdef aren't going to be on board with a second strike based on a state emergency alert when launch detection systems are quiet, and NORAD's not going to go to DEFCON 1 over an alarm not coming from their own systems.

    C is... Well, maybe. It's true Trump has restricted media access more than the last several presidents, who have been perpetually trailed by a media circus wishing to happen, but 40 minutes is still a tight window. On 9/11, George W Bush hastily threw together his first TV appearance in a Florida school room where he'd been doing a photo op, and that took 44 minutes after the first attack.
     
    Last edited: Jan 14, 2018 at 7:42 AM
  6. Mick West

    Mick West Administrator Staff Member

    There's some more details here:

    So something like this hypothetical sequence of commands

    > PASSWORD? ****************
    > COMMAND? SEND WEA IBML-3
    > TEST? (Y/n) N
    > CONFIRM NON-TEST WEA (y/N) Y
    > TYPE "SEND" TO SEND WARNING: SEND

    Now since it's "just" a warning, the safeguards were a bit less strict than sending nuclear missiles, so that allowed a distracted person to make two or three mistakes, and bam!
     
    • Agree Agree x 1
  7. Graham2001

    Graham2001 Active Member

    Wikipedia has a list of 'false alarms' using the both the Emergency Alert System and the preceding Emergency Broadcast System, there was an incident in 1971 where someone put the 'wrong tape' into the machine during an exercise and triggered a nationwide alert.

    More pertinent to this event are the testing errors in the 2000's especially the September 2017 incident in California where the end-of-test message was not sent and a bible reading from one of the regional affiliates of the station that handles the emergency alert system, containing the words "extremely violent times will come" was broadcast over a wide area.

    https://en.wikipedia.org/wiki/Emergency_Alert_System#Incidents

    As to the scenario Mike outlines, it's very real and has happened in the past in other circumstances, the classic example is the 1974 crash of Northwest Airlines Flight 6231, where the crew took off with engine heaters on/pitot tube heaters off after someone in the cockpit flipped switches apparently without checking what he was doing. This resulted in false speed readings being sent to the crew, who stalled the aircraft as a result

    https://en.wikipedia.org/wiki/Northwest_Airlines_Flight_6231
     
  8. Hevach

    Hevach Senior Member

    (Edited to a better source)
    http://www.businessinsider.com/hawa...red-in-photo-sparks-security-criticism-2018-1

    Some details, both from the state agency and from internet sleuths.


    Source: https://twitter.com/CivilBeat/status/953127542050795520/photo/1


    This tweet has a picture of the interface for the system, which appears to be HTML based. The person responsible clicked on "PACOM (CDW) - STATE ONLY" when they were supposed to click "DRILL - PACOM (CDW) - STATE ONLY." Procedures were the same from there so by the time the error was realized the alert had been sent.

    There's another bit in the above article, but it goes back a ways. Last July, agency operations officer Jeffrey Wong posed for an AP photograph in which two suspicious post-it notes are visible on monitors. On one is a legible password, and on another is a reminder to sign out when you leave your station. According to the agency, the password was real, but was to an internal system not exposed to the internet, and had expired and been changed before the false alarm. But critics are using it to ask questions about their cybersecurity practices anyway.


    This is a classic example of how robust password policies can actually degrade security. Passwords, especially shared passwords that many people need to know, get written down and left out. Overly complex or frequently changed passwords get written down as well, and the only people being kept out of accounts are their owners.



    Lastly: http://www.cnn.com/2018/01/16/asia/japan-false-missile-alarm-intl/index.html

    The broadcaster NHK in Japan ALSO issued a false ballistic missile J-alert, but only through their phone app and not general emergency channels as happened in Hawaii. Unlike the US, where this is an alert that's never been issued in earnest, Japan has issued these alerts, such as last year when North Korea launch missiles over Japanese airspace, so while people take them seriously, there's perhaps less of an edge of panic to them compared to what we saw in Hawaii.
     
    Last edited: Jan 17, 2018 at 12:17 PM
  9. sharpnfuzzy

    sharpnfuzzy Member

    That is not a screenshot of the actual system. So far it seems that no actual screenshots have been released for security reasons. Those are merely mockups of the options available to operators of the system.



    Having experience with government IT systems, I'm surprised that false alarms like this don't happen more often. The operators should be applauded for being able to navigate the maze of bad UI correctly 99.9% of the time.
     
  10. Leifer

    Leifer Senior Member

    You mean pressing the weekly "system test button", rather than the "not a drill" button ?
    On my Windows machine, I can't install an app without at least 2 definite (decision) clicks.
     
  11. sharpnfuzzy

    sharpnfuzzy Member

    You can be guaranteed for a fact that the system they're using for this critical process has had much much less time, thought, effort, and money invested into it than Windows.
     
    • Agree Agree x 1
    • Funny Funny x 1
  12. Hevach

    Hevach Senior Member

    Yeah, a lot of business and government systems are like that. Training and accountability are cheap, robust software engineering is expensive.