from the fafo-as-a-service dept
If you feel this nation is beset on all sides by the inequities of the selfish and the tyrannies of evil men, you probably should be scared shitless that the clowns are running the circus. Of course, those backing Trump aren’t truly concerned about any of this, not even those running his agencies and/or repeating the lie that the mere existence of foreign people on our soil is an act of war.
Area drunk/The War Room Is Now The Green Room Defense Department head Pete Hegseth is probably the tip of the iceberg, but his DM indiscretions are not solely his own. When a journalist got added to a war plans Signal chatroom, there was cause to be concerned, especially once one was done laughing. When Hegseth was so desperate for personal interaction, he decided to share war plans with his wife and members of his family, there was even more reason to be concerned, especially when the Trump Administration decided to stand by its man, even when that man routinely appeared to be incapable of standing on his own.
America is feeling less like a nation and more like a frat house whose occupants are so self-deluded they think they’re capable of handling anything more than tapping a fresh keg. Perhaps that’s why we’re being subjected to nationwide hazing, which appears to take the form of being shipped off to a foreign maximum security prison for the rest of whatever.
The fun never stops. Top level NATSEC folks are being stupid and not very secure on main, exposing a bunch of stuff to journalists these department heads are fully aware are present. Here’s some more stupidity from a Trump official, which 404Media’s Joseph Cox has the kindness to say was an accidental revelation:
Mike Waltz, who was until Thursday U.S. National Security Advisor, has inadvertently revealed he is using an obscure and unofficial version of Signal that is designed to archive messages, raising questions about what classification of information officials are discussing on the app and how that data is being secured, 404 Media has found.
On Thursday Reuters published a photograph of Waltz checking his mobile phone during a cabinet meeting held by Donald Trump. The screen appears to show messages from various top level government officials, including JD Vance, Tulsi Gabbard, and Marco Rubio.
“Inadvertently” might be true, but “stupidly” is far more accurate. I mean, we all had a good laugh when Kanye West scored an audience with Trump during his last presidential term and revealed his device security habits were just as solid as his personal judgment skills.
For what it’s worth, Waltz is no longer the nation’s national security advisor. Instead, he being turfed to UN Ambassador duty, which pretty much just means running interference for whatever new war-like expansionist plan Trump happens to announce during upcoming press conferences and media appearances.
Don’t breathe a sigh of relief just yet, though. It appears the remarkably under-qualified Marco Rubio will not only be failing to competently run the State Department, but he’ll also be required to collect and collate national security briefings the president will never read.
Say what you will about Signal, but this isn’t a Signal problem. It’s a Hegseth-Trump-Waltz-etc. problem. Signal is secure. But that security means nothing when deployed by extremely stupid people. Former NSC advisor Waltz is stupider than most, not only for logging in while in camera range of journalists, but for using a third-party app that deliberately undermines the privacy protections offered to users by Signal.
The Reuters photo shows Waltz’s phone asking him to input his “TM SGNL” pin. This is not part of Signal’s software. It’s a third-party app that offers functions Signal decidedly does not.
TM SGNL appears to refer to a piece of software from a company called TeleMessage which makes clones of popular messaging apps but adds an archiving capability to each of them. A page on TeleMessage’s website tells users how to install “TM SGNL.” On that page, it describes how the tool can “capture” Signal messages on iOS, Android, and desktop.
Even if others in war plans chatrooms might have taken the precaution of utilizing the auto-delete function, TeleMessage allows users to undercut that privacy/security function. On top of that, it makes it clear top officials using products like these do have the capability of preserving official government communications even while using Signal, which means they shouldn’t be allowed to claim otherwise when responding to lawsuits, public records requests, or public records request lawsuits.
But, of course, using TeleMessage presents its own security issues. It’s certainly not an officially supported offering by Signal, which makes it a target for hackers, and hackers have descended. On Monday it was reported that the app has been hacked:
A hacker has breached and stolen customer data from TeleMessage, an obscure Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages, 404 Media has learned. The data stolen by the hacker contains the contents of some direct messages and group chats sent using its Signal clone, as well as modified versions of WhatsApp, Telegram, and WeChat. TeleMessage was recently the center of a wave of media coverage after Mike Waltz accidentally revealed he used the tool in a cabinet meeting with President Trump.
The hack shows that an app gathering messages of the highest ranking officials in the government—Waltz’s chats on the app include recipients that appear to be Marco Rubio, Tulsi Gabbard, and JD Vance—contained serious vulnerabilities that allowed a hacker to trivially access the archived chats of some people who used the same tool. The hacker has not obtained the messages of cabinet members, Waltz, and people he spoke to, but the hack shows that the archived chat logs are not end-to-end encrypted between the modified version of the messaging app and the ultimate archive destination controlled by the TeleMessage customer.
So even if you believe that using Signal was safe because of its end-to-end encryption, the fact that they were using TeleMessage basically meant that they put a man-in-the-middle attack into their own Signal chats, making it that much more insecure. So insecure that it was hacked.
In other words, the one single redeeming quality of them using Signal (“well, at least it uses end-to-end encryption”) was done away with via their own actions.
And then, after the hack was revealed, TeleMessage announced that it was… shutting down the service at least for the time being.
TeleMessage, the app that President Donald Trump’s former national security adviser, Mike Waltz, appeared to use to archive his group chats, has suspended all services after hackers claimed to have stolen files from it.
A spokesperson for Smarsh, the company that owns TeleMessage, said Monday that the company “is investigating a potential security incident. Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation.”
“Out of an abundance of caution, all TeleMessage services have been temporarily suspended,” the spokesperson said.
Normally, if the government is using a system for important classified information sharing it would be thoroughly tested and carefully vetted. Here, it appears that none of that was done. Beyond the texting of war plans to a journalist, outside the texting of war plans to family members, here we have these officials using a sketchy third party app that obliterates the value of end-to-end encryption by mirroring the conversations to an insecure third party Israeli company, who was quickly hacked.
And, it appears, the hackers were able to obtain fairly real time messages:
One hacked message was sent to a group chat apparently associated with the crypto firm Galaxy Digital. One message said, “need 7 dems to get to 60.. would be very close” to the “GD Macro” group. Another message said, “Just spoke to a D staffer on the senate side – 2 cosponsors (Alsobrooks and gillibrand) did not sign the opposition letter so they think the bill still has a good chance of passage the senate with 5 more Ds supporting it.”
This means a hacker was able to steal what appears to be active, timely discussion about the efforts behind passing a hugely important and controversial cryptocurrency bill; Saturday, Democratic lawmakers published a letter explaining they would oppose it. Bill cosponsors Maryland Sen. Angela Alsobrooks and New York Sen. Kirsten Gillibrand did not sign that letter.
This is base-level dumb. We expect better from our government officials, even if they’ve decided to be just another yes man trapped in Trump’s orbit. This casual stupidity isn’t limited to the moments captured by visiting journalists. It infects everything in the nation at this point because if there’s anything the Trump Administration values more than cruelty, it’s blind loyalty. And no one anywhere has ever considered those traits to be indicative of intelligence. But, for now, those are the traits that get you closest to the power, so that’s what we’re stuck with.
Filed Under: defense department, jeffrey goldberg, mike waltz, national security, national security advisor, pete hegseth
Companies: signal, telemessage
