Weeks Ago, the NSA Warned of Russian Attempts to Compromise Signal
Programming Alert: Join
, , and me today at 12 PM ET for this week’s episode of Over It! We’ll be joined by Rep. Becca Balint (D-VT). You can watch here.
Last month, the National Security Agency issued an unclassified bulletin titled Signal Vulnerability. It began:
(U) A vulnerability has been identified in the Signal Messenger Application. The use of Signal by common targets of surveillance and espionage activity has made the application a high value target to intercept sensitive information.
(U) Russian professional hacking groups are employing the "linked devices" feature to spy on encrypted conversations. The feature allows the chat and voice messenger application to be utilized on multiple devices concurrently. The hacking groups embed malicious QR codes in phishing pages or conceal them in group invite links. After gaining access via the malicious code, the groups add their own devices as a linked device. This allows the group to view every message sent by the unwitting user in real time, bypassing the end-to-end encryption.
Several weeks later, the man overseeing the National Security Agency, Secretary of Defense Pete Hegseth, discussed war plans and other deeply sensitive information on a Signal text chain.
Joining Hegseth in the chat were leaders of the Trump Administration’s national security team, including Steve Witcoff, Donald Trump’s Ukraine and Middle East envoy. Witcoff was in Moscow when CIA Director John Ratcliffe texted the name of an intelligence asset on the Signal app.
CBS provides the timeline:
During the group discussion on Signal… Ratcliffe named an active CIA intelligence officer in the chat at 5:24 p.m. eastern time, which was just after midnight in Russia. Witkoff's flight did not leave Moscow until around 2 a.m. local time, and Sergei Markov, a former Putin advisor who is still close to the Russian president, said in a Telegram post that Witkoff and Putin were meeting in the Kremlin until 1:30 a.m.
Witcoff should have been aware that his electronic devices would have been compromised the moment he set foot in Moscow. During the Sochi Olympics more than a decade ago, Americans were warned that their personal information would be hacked the moment they set foot in Russia. Back then, ABC News reported:
U.S. officials generally are required to trade in their regular smartphones for "clean" devices when traveling to countries such as Russia and China, which have the most sophisticated spy operations. The assumption of government security officers, based on past experience, is that smartphones operating on foreign networks are easily comprised by foreign intelligence services.
The Russian electronic surveillance program, called SORM, rivals any American domestic FBI or NSA surveillance program -- with one key difference: the Russians don't need the formality of a court order to suck up all of the targeted person's data, which is archived for three years.
Security services are, as required by law, hardwired into the communications infrastructure here so they don't need the phone and internet companies to give them the data.
Witcoff did not post a text to the Signal group chat until he landed back in the United States but he has refused to clarify whether any device that accompanied him to Russia included the Signal app. Similarly, none of the participants on the group discussion have disclosed which devices they were using to communicate with each other about highly classified material.
In testifying before Congress yesterday, Ratcliffe admitted that, “One of the first things that happened when I was confirmed as CIA director was Signal was loaded onto my computer at the CIA as it is for most CIA officers.”
Let that sink in: the director of the Central Intelligence Agency just testified publicly that the nation’s spies routinely use a commercially-available app that the National Security Agency has deemed “a high-value target” for hostile foreign intelligence services.
Why was Ratcliffe, the nation’s top spy, unaware that one of the people with whom he was sharing a covert officer’s name was, at that precise moment, meeting in the Kremlin with the leader of a hostile foreign power — a hostile foreign power that has the capability of hacking both into Signal and, more broadly, into phones on its soil?
More to the point, why bother issuing guidance about the vulnerability of Signal to Russian hacking if the very people under whose auspices the guidance is issued ignore it?
Finally, in using Signal, Hegseth violated the very policies of the Department of Defense that he oversees. Even if none of what he discussed on the Signal chat was classified (and war plans and the name of a covert CIA operative very much are), the guidance issued in February by his own agency is crystal clear:
Please note: third party messaging apps (e.g. Signal) are permitted by policy for unclassified accountability/recall exercises but are NOT approved to process or store nonpublic unclassified information (e.g. Protected, FOUO, CUI, etc.). Any use or application must abide by DoD and NSA/CSS policy.
Further Reading:
NSA: F9T53 OPSEC Special Bulletin
CBS News: NSA Warned of Vulnerabilities in Signal App a Month Before Houthi Strike Chat
CBS News: As Top Trump Aides Sent Texts on Signal, Flight Data Show a Member of the Group Chat was in Russia
ABC News: What to Know About Signal, which the Pentagon Previously Discouraged Workers from Using
Colorado Politics: Michael Bennet Presses Top Intelligence Officials Over Signal Chat Leak
ABC News: The Other Sochi Threat: Russian Spies, Mobsters Hacking Your Smartphones
One More Thing:
I visited the Grand Canyon and Sedona, Arizona yesterday and am still in disbelief over the beauty that I was lucky enough to see. No photograph can ever do either of these stunning places justice but enjoy a few of these snaps anyway.
(The Southern Rim of the Grand Canyon)
(Sedona)
The current US administration simply does not view Russia as a foe. On the contrary, the incompetent idiot that is POTUS and all his idiots installed, are clearly closely aligned with any Kremlin agenda.
Never ever have so many people suffering greatly from the Donning-Krueger effect been assembled in one administration.
Absolutely!! Back in February the warning came out. End-to-end encipherment is breakable - and apparently Russian operatives did it.