Opinion Just when it seems they couldn’t be that careless, US officials tasked with defending the nation go and do something else that puts American critical infrastructure, national security, and troops’ lives in danger.
In Signalgate part 3, or possibly 4 — we’ve lost track — on Thursday it came to light that US Defense Secretary Pete Hegseth had an insecure internet connection set up in his office so that he could use Signal on a personal computer.
This followed earlier revelations that the defense secretary used the encrypted messaging app on his personal phone to share sensitive details about military operations in Yemen among multiple Signal groups. One of these was set up by national security adviser Michael Waltz and inadvertently included the Atlantic’s editor-in-chief. Plus, Hegseth himself created at least one other that included his wife, brother, and personal attorney, and again involved the sharing of military plans.
Plus, Waltz and other members of the US National Security Council reportedly used their personal Gmail accounts to exchange information about an unnamed, ongoing conflict, including details about military positions and weapons systems.
All of these incidents should raise a number of security concerns for several reasons. They involve White House officials discussing military operations using commercial apps and services, on their personal devices that are connected to the public internet. Foreign spies routinely target government officials — and their personal email accounts and mobile phones — for surveillance and snooping.
And even if they are using Signal, which is considered the gold-standard for end-to-end chat encryption, there’s no guarantee their personal devices haven’t been compromised with some sort of super-spyware like Pegasus, which would allow attackers to read the messages once they land on their phones.
Circumventing the Pentagon’s security protocol puts sensitive intelligence in jeopardy
“It is certainly a massive concern,” said John Ackerly, who previously worked in the George W Bush White House as a tech advisor before co-founding encryption business Virtru.
“Secure networks for national defense communications are there for a reason: Because other telecom services do not have adequate protections in place to ensure the protection of highly sensitive data,” he told The Register.
“It is no secret that our adversaries are trying every method possible to infiltrate American systems and access sensitive information,” Ackerly added.
“The Salt Typhoon and Volt Typhoon campaigns out of China demonstrate this ongoing threat to our telecom systems. Circumventing the Pentagon’s security protocol puts sensitive intelligence in jeopardy.”
In most cases this would seem to be a fireable offense. But the Trump administration isn’t one for norms — or, it seems, cybersecurity.
Folks in IT security are known to say “security is a team sport” and talk about how they are creating a “security culture” in their corporate environments. In this case, America is screwed.
Our team leaders don’t play by the rules, and they certainly aren’t creating a lead-by-example culture on why things like data privacy and secure communications are important and how cyberthreats can have real-world consequences.
- Signalgate chats vanish from CIA chief phone
- Signalgate: Pentagon watchdog probes Defense Sec Hegseth
- Forget Signal. National Security Adviser Waltz now accused of using Gmail for work
- Signalgate storm intensifies as journalist releases full secret Houthi airstrike chat
There were undoubtedly lessons to be learned about how China’s Salt Typhoon breached American government and telecommunications networks — and how to prevent system intrusions like