An accidental spy on Signal, after Russia breached the encrypted app
The irony of accidentally inviting a reporter into private discussions on U.S. military plans? The country’s top national security officials turned Jeffrey Goldberg, the editor-in-chief of The Atlantic, into a sort of spy. But instead of turning to a foreign government, Goldberg exposed their conversation in an article. And he chose not to share the full name of an active CIA officer, human targeting details, and other sensitive information on the U.S. military plans to strike the Iranian-backed Houthis in Yemen.
Why didn’t anyone in the small chat group — including National Security Adviser Mike Waltz, CIA Director John Ratcliffe, and Director of National Intelligence Tulsi Gabbard — notice that there was one participant who had not uttered a single word?
One time a few years ago, the FBI accidentally included me in an email. It was their planning for a press event — and they caught it and asked me not to report on it. It happens. The story ended there.
But on Tuesday, intelligence leaders were supposed to be discussing the newly released Annual Threat Assessment and got sidelined by questions linked to Monday’s article by Goldberg. Ratcliffe testified to lawmakers that the White House and Department of Homeland Security had approved his use of Signal, the encrypted app where the conversation took place.
But just last month, Google’s cybersecurity firm Mandiant sent me a then-embargoed report which made clear that the app has security risks. It revealed how hackers were exploiting Signal to benefit Russia’s intelligence services. It goes back to as early as 2022.
Mandiant said that state-aligned actors were abusing Signal’s “linked devices” feature, which allows users to synch their Signal communications across multiple devices. Bad actors were using malicious QR codes to gain access to users’ accounts. They had crafted more tailored operations by combining QR codes with phishing pages made to look like specialized apps. Lastly, they were taking legitimate “group invite” pages — what Waltz apparently used to bring in Goldberg — and then redirecting victims to a malicious URL that connected them to hackers. Mandiant called this suspected Russian espionage cluster “UNC5792.”
The targets appeared to be military personnel in Ukraine. But Dan Black, the analyst who wrote the report, warned of wider implications. “We anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war,” he wrote.
If Waltz, a widely respected former Green Beret, could accidentally add Goldberg to a group text, and discussions normally reserved to secure settings take place on Signal, could these more clever attempts at intrusion prove especially dangerous?
In the fallout, the National Security Council essentially confirmed Goldberg’s reported texts, aka, the chat “appears to be an authentic message chain.” But President Donald Trump, Ratcliffe, and Gabbard insisted that nothing in the conversation was classified.
“If that is the case, please release the whole text stream,” the independent Senator Angus King of Maine told Gabbard in the hearing.
Another troubling detail: Gabbard admitted to the Senate Intelligence Committee that she had been traveling abroad as the texts were coming in. And Special Envoy Steve Witkoff was in Moscow, reportedly waiting eight hour before he sat down with Russian President Vladimir Putin in an attempt to negotiate a ceasefire in Ukraine.
It’s unclear whether the FBI will investigate the Signal group chat as a potential breach of security procedures. Goldberg noted that the officials set their messages to disappear, when all official communication is supposed to be archived under federal record-keeping laws.
I wonder what message Russia, China, North Korea, and Iran are getting from this incident. If only Russian Foreign Minister Sergei Lavrov accidentally included journalist Christo Grozev in a text thread. Meanwhile, Trump has called Waltz a “good man” and Goldberg a “sleaze bag.”
Trump has his adjectives backwards, as usual.
Good lord.