The stunning news that a journalist was accidentally included on a Signal chat where Trump defense and intelligence officials including Vice President JD Vance and Defense Secretary Pete Hegseth discussed U.S. military strikes in Yemen has shocked the cybersecurity community, including staff in Trump’s own administration.
The leak was “absolutely ridiculous on so many levels,” said one official at the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security’s digital safety arm.
“They are discussing classified material on an unsanctioned platform, which should result in someone being in jail,” the CISA official told Forbes. Such discussions should only happen on a government phone in a Sensitive Compartmentalized Information Facility (SCIF), which are designed to be secure from outside interference, under a 2009 executive order. Mishandling classified information is a potential breach of the Espionage Act. “Individuals in this administration think they are playing James Bond, but they have the skills of a Dr. Evil.”
Another CISA staffer told Forbes that Signal is not an officially sanctioned app for coordinating government operations, though CISA has recommended it for at-risk officials for private communications. “Signal is great, it’s how it’s used is where the problem lies,” they said. If Hegseth and crew were using Signal on their personal devices, which are unlikely to have the same level of security as government-monitored phones, it’s more likely hackers could have broken in and are able to spy on their chats. “Discussing classified intelligence over personal devices is terrible,” the staffer said.
Worse, Atlantic editor-in-chief Jeffrey Goldberg reported in a widely discussed story about how he’d been added to the sensitive chat that messages in the chat were set to auto-delete after four weeks. That ostensibly violates government retention laws, which require that official records be maintained for either freedom of information requests or for future hearings or inquiries; how long depends on the kind of information. If it’s deemed of “permanent value,” the information should be maintained indefinitely. On Monday, 14 senators including Elizabeth Warren, Tim Kaine and Cory Booker wrote to President Trump to note that the fact that messages were set to disappear on the Signal chat was a violation of the Presidential Records Act, “a further egregious breach of public trust.”
One of the CISA staffers told Forbes that using Signal to avoid government retention laws would have been reason enough to remove those implicated from office entirely in previous administrations. Tod Beardsley, a CISA staffer until he departed in January, added that this appeared to be “a pretty serious security breach.”
And that’s all before you consider the fact that a journalist was somehow added to this Signal chat without anyone knowing who he was, or why he was there. “If anyone I knew with clearance discussed active top secret intelligence in a Signal chat with uncleared individuals, everyone involved would likely, and quickly, lose their clearances and jobs,” Beardsley added. Trump officials in the chat, like Hegseth, had previously called for Hillary Clinton to go to jail after her emails were leaked from a private server.
According to Goldberg’s account, he was invited to the chat by an account that looks to belong to national security advisor Michael Waltz. Other officials who appeared to have been on the Signal channel alongside Vance and Hegseth were secretary of state Marco Rubio, Trump advisor Stephen Miller, special envoy to the Middle East Steve Witkoff, White House chief of staff Susie Wiles and director of national intelligence Tulsi Gabbard.
In the leaked chat, Hegseth talked up his own personal security skills, instructing the group to prevent a leak of information about any possible pause on strikes against Houthis. “I will do all we can to enforce 100% OPSEC [operational security].” But Goldberg was already in the chat.
Both the White House and Hegseth have maintained that there was no leak of classified information. “Nobody was texting war plans,” Hegseth said on Tuesday. Trump has so far publicly defended Waltz, saying he’d learned his lesson, while the White House said he had confidence in his national security team. The Wall Street Journal reported, however, that the president was privately frustrated and angry with Waltz. Waltz has not yet commented.
Hegseth has previously suggested that Hilary Clinton should be prosecuted for her use of a private email server during her tenure as secretary of state. In 2016, he said on Fox Business, “Any security professional — military, government or otherwise — would be fired on the spot for this type of conduct and criminally prosecuted for being so reckless with this kind of information.”
Despite not being a sanctioned app for government comms, Signal is widely used across different departments, including by intelligence agencies. In a Senate Intelligence Committee hearing on Tuesday about the leak, CIA director John Ratcliffe said that he and most of his staff use the app to coordinate more sensitive conversations. “My communications, to be clear, in a Signal message group were entirely permissible and lawful and did not include classified information,” he said during the hearing.
Unlike other messaging apps, Signal offers full encryption, meaning that communications over the app are only accessible to the sender and the receiver (Signal itself does not retain message content or much metadata that could be used to identify a user). But the app is vulnerable if a target’s phone has been hacked. A wily hacker could also try to trick targets into including them on sensitive Signal chats, or convince them to join the hackers’ own channels. As Google researchers recently detailed, Russian hackers have been trying to do the latter in Ukraine. Signal did not respond to a comment request on the Atlantic leak.
There’s also the possibility of someone physically snooping on a Signal chat, added Beardsley. “It’s not hard to peek on a Signal chatter’s screen, and we don’t know who else was in eyeball range when these messages were written,” he said. “This is why people discussing classified info are only supposed to do it inside the walls of a SCIF.”
