"SignalGate" is Worse Than You Thought

So much happens with the administration of cult leader, convicted felon, and failed President Donald Trump that I can't keep up with everything. There are topics about which I plan to write, but from which I get distracted by other topics. In some cases, the missed topics are overtaken by events and, at other times, they just fall out of the news. I want to go back to one topic that is no longer in the headlines, but still deserves some discussion. That is the use of the Signal messaging application by Trump administration officials.

Signal is a messaging program developed by the non-profit Signal Foundation. The program is open source, which means that anyone can download and modify the source code. Signal is best known for its use of end-to-end encryption, which means that eavesdroppers should not be able to intercept conversations held using the application. Signal received significant publicity when former Trump National Security Advisor Michael Waltz used it to arrange a chat involving high-level members of the Trump administration, including Vice President J. D. Vance, Secretary of Defense Pete Hegseth, and Secretary of State Marco Rubio. The chat group was arranged to discuss the pending U.S. bombing of the Houthis in Yemen, but Waltz inadvertently included the editor of "The Atlantic", Jeffrey Goldberg, in the chat. Subsequently, Goldberg revealed a transcript of the conversation, including detailed war plans posted by Hegseth.

As this experience shows, Signal, while providing secure communications, is not fully secure. It does not, for instance, prevent human error that can lead to unwanted participants such as Goldberg being included in a chat. Moreover, while the data is secure while in transit, it is not secure on the devices being used to participate in the chat. As such, Goldberg was able to make screenshots that he reproduced later to reveal what had been discussed. Moreover, because Signal is not an application authorized for transmitting classified information, the participants were likely using personal devices with lower security controls than their government-provided devices. If any of those devices had been compromised, the hacker would likely have access to the Signal chats as well.

The Washington Post reported that Hegseth had Signal installed on a computer in his Pentagon office where there is no cell phone coverage. The Post suggested that this might have been a second computer installed in Hegseth's office for this purpose. Hegseth "bridged" the Pentagon's classified network with Signal by pulling classified information from the government network and posting it on Signal where Goldberg was able to make screenshots. Hegseth is also reported to have posted the same information in a second Signal chat group that included his wife and brother among others. To make matters worse for Hegseth, the Associated Press reports that in order to use Signal on the computer in his office, he had an Internet connection established in his Pentagon office that bypassed the Pentagon's security protocols. As a result, Hegseth was communicating highly classified information by using an unauthorized application over an insecure Internet connection, possibly on a personal device that lacked Pentagon security requirements, and including participants who lacked security clearances. There is hardly a security violation that he didn't commit.

Things would be bad enough if they stopped there. But, unfortunately for Waltz, and possibly for U.S. security, they didn't stop there. Waltz's Signal addition appears to be such that he could not control himself even while participating in a cabinet meeting being held by Trump. Photographers caught him looking at his phone with what appeared to be the Signal application open. The picture revealed a number of Waltz's contacts including Vance, Director of National Intelligence Tulsi Gabbard, Rubio, and de facto Secretary of State Steve Witkoff. However, sharp-eyed observers quickly noticed that Waltz was not using the official Signal client, but rather a version known as TeleMessage Signal or TM Signal. There is some irony here. When the use of Signal by top Trump officials was revealed, there were many criticisms leveled at the administration. Most of those were due to the security implications. But several critics also argued that federal laws requiring retention of records were being ignored. One feature of Signal — a feature that Goldberg's screenshots revealed was being used — is that it can delete conversations after a configurable length of time. Therefore, many suggested, the chat participants violated federal law by not preserving records of their conversations. A feature of TM Signal is that it can archive messages. Therefore, Waltz may have chosen the Signal clone in order to comply with record retention laws. However, this opened additional security vulnerabilities.

As mentioned above, Signal is open source. That means that anyone can download the source, modify it, and create their own Signal program. One company that did exactly this is TeleMessage, an Israeli company founded by a former Israeli military intelligence officer. Whether intentionally or by accident, TeleMessage also made their modified source code for the Android client publicly available. As a result, information security journalist Micah Lee was able to analyze TeleMessage's modifications. What he discovered was very disturbing. TeleMessage's version of Signal stores a copy of each message received by the application in a database. Periodically, the messages are copied from that database to an Amazon Web Services (AWS) cloud server controlled by TeleMessage. The archived messages on this server are subsequently forwarded to another destination controlled by the end user (e.g. Waltz). The important aspect of this is that, while Signal messages are encrypted during transit between chat participants, they are unencrypted on the participating devices (enabling users to read them). TeleMessage is copying plain text (i.e. unencrypted) versions of the messages to their own server and then to a server controlled by the end user. This provides TeleMessage — again an Israeli company founded by an Israeli spy — with access to unencrypted copies of all messages received by its version of Signal.

That's obviously not good. What are the chances that a former Israeli spy had the ability to view classified communications between top U.S. government officials and didn't take advantage of that opportunity? Moreover, if the company did access the messages, what might they have done with them? In theory, TeleMessage could have provided the messages to anyone they wanted, the most likely prospect being the Israeli government. But things get worse. Last week, Lee revealed that a hacker had gained unauthorized access to TeleMessage's archived data. According to Lee, "The data stolen by the hacker contains the contents of some direct messages and group chats sent using its Signal clone". None of the data belonged to Waltz or other top Trump officials. However, "Data related to Customs and Border Protection (CBP), the cryptocurrency giant Coinbase, and other financial institutions are included in the hacked material". So, not only were Waltz and other Trump administration figures using an unauthorized application to communicate classified information, they were using a version that potentially provided direct access to their communications to Israelis and was exposed to hackers.

Anyone who has worked in an environment involving sensitive information knows that there are plenty of tedious rules and regulations concerning how to handle such data. But, as "SignalGate" shows — repeatedly — there are reasons for such rules. Had Waltz used official U.S. government communications systems that were certified for classified communications, he would not have been able to accidentally add the editor of "The Atlantic" to a chat. Had Hegseth stuck to the same classified systems, he would not have potentially opened multiple security vulnerabilities by bypassing Pentagon security mechanisms. It is good that Waltz showed some concern about data retention, but he did so by making things even worse. Instead of using government-approved software that has been evaluated for security problems, he relied on an unproven clone that operated in an insecure manner and contained wide-open security vulnerabilities. For its part, TeleMessage has now "paused" its service.