Leaked: U.S. military war plans discussed in private Signal chat — how secure is this?
https://moonlock.com/us-war-plans-signal-group-chat
Posted by Individual-Gas5276
Leaked: U.S. military war plans discussed in private Signal chat — how secure is this?
https://moonlock.com/us-war-plans-signal-group-chat
Posted by Individual-Gas5276
4 comments
It’s laughably embarrassing
Signal is secure
But the government needs a proper platform for chat
Records of the chat should be kept
Who is in the chat should be vetted
If there is a clearance requirement, the chat should enforce it
Surprises me the government doesn’t already have such a system
The fact that they are trying to normalize this should be shocking, but of course isn’t.
People who worked in roles with the NSC in the past have talked about how insane this is. Ben Rhodes, who worked in the Obama administration was talking about how your reaction to being pulled into these PC meetings should always be to get to a secure location. He mentioned how he was on a trip in Oregon with his family when he got told that he was needed for a PC meeting and had to drive an hour and a half away to get to the nearest FBI field office where he could get on a secure line for the conversation.
It’s worth pointing out that one of the members participating in the PC was traveling *in Russia at the time*. As far as anyone’s aware, Signal itself is secure and hasn’t been compromised…but that’s only what we publicly know. Government hacking groups hoard any zero day exploits they can get their hands on and it’s entirely possible for a nation state to have compromised the app without anyone being aware of it. US diplomats traveling to countries like Russia and China in the past, under Obama at least, were required to leave their personal devices secured away on Air Force One. They even did it when traveling to the allied country of France just to be safe. Someone from the administration at this level seemingly openly texting from their personal device in a conversation chain with classified information while meeting concerning officials in Moscow should also be a massive deal.
But then there’s also the point that this should be concerning in a general sense. Not only were the officials incredibly ignorant of basic security (like verifying everyone involved, since the entire one of a PC is to keep the group small and focused), but if they are discussing a strike like this on the app with the records set to delete instead of using the proper secure channels that are also configured for archiving (I want to stress again, this strike was discussed by someone traveling with an unsecured device in a country allied with Iran, the country supporting the Houthis) it also seems safe to assume they are talking about many other sensitive topics the same way. We don’t know what these people are potentially exposing to the world because they apparently can’t be bothered to do the bare minimum required to properly converse over secure channels.
The risk is personal accounts being compromised. Signal does not offer an enterprise solution. So it’s all personal accounts that will lack best practices like MFA. It is likely bad actors have their logins and are listening in on all their conversations.
Comments are closed.