That time I got FBI Director Kash Patel's cell number from the president
Jeffrey Goldberg’s unintentional invitation to a group chat of top security officials who discussed a military strike got me thinking about operational security. And then I remembered a moment from November. It was not the same situation, but it still raised concerns with former national security officials who I spoke with for this story.
I should start by saying that journalists do a lot of research on a lot of different levels. We don’t have job security, but we do have the magic power of sleuthing.
After President Donald Trump got re-elected last November, I was hearing that Kash Patel would likely play a major role in his administration. He had been already been Chief of Staff to Trump’s acting Secretary of Defense, Chris Miller. So I did what any journalist would do when a new administration would be settling into Washington, D.C. I went searching for Patel’s contact information.
I found it in a letter which was signed by Trump and on the National Archives website. Dated June 19, 2022, it introduced the acting archivist to Patel as a representative to access Trump’s records while in office, in keeping with the Presidential Records Act. FBI agents had just visited Mar-a-Lago to collect classified documents, after the National Archives’ numerous requests and a grand jury subpoena. In August, there would be an FBI raid. About a year later, there would be an indictment and now infamous photos of files stored in a Mar-a-Lago’s ballroom, bathroom, and spilling out on a floor.
The letter had Patel’s personal cell phone number and email address on it. None of the information was redacted. (I chose to do that, below, out of courtesy to Patel.) His phone number was missing one digit, which appeared to be a typo. But I guessed the missing digit was the last one, which meant I only had 10 options. My hypothesis was confirmed. I also wrote to the email address in the letter and a few hours later, heard back from Patel’s press person.
Fast forward to today. Patel is leading the FBI and “Signalgate” is the talk of the town. As conversations unfold around security and vulnerability, Trump’s letter is still online, meaning that anyone could potentially contact or target the FBI director.
The number was still in service when I tried it on Saturday night, though Patel didn’t pick up. An automated female voice came on inviting me to leave a message. Was I overreacting in my solitary research as a journalist? Apparently not.
“The head of an agency like the FBI would be a huge target for any foreign SIGINT agency,” a former senior intelligence official told me on the condition of anonymity. “If Kash is talking on his personal phone about pizza deliveries, that’s fine. But if he’s doing business on that phone, that’s a risk.”
I asked the former official about other risks, especially if a personal cell phone doesn’t have the same level of security as a government-issued device. The person described a process by which foreign intelligence services can pick up the contents and metadata of a cell phone call or email. “The global telecommunication system is such that [if] I'm sending from Washington to Dallas, for example, that potentially it routes to Germany. The telecommunications company will reroute from the most cost-effective option.”
That matters because now a foreign intel service can build out a network of associates who interacted with that person — a basic intelligence-gathering technique called contact chaining. And none of it actually requires hacking. “It all depends on the mode and route of transmission and the capabilities of the foreign adversary.”
As far as foes go, Russia and China are unsurprisingly the best at it. “I’d hesitate to put one ahead of the other, each are better in different ways,” the former official said.
Put it all together and a foreign intel service can analyze how long and how often a target is contacting other people and who those people are. That gives them indirect access to the individual for recruiting.
Of course, there are also the usual hacking and monitoring threats. Sending out an email or text with a malicious link or attachment, potentially paired with a message mimicking a familiar person or place. “We see everybody doing this, not just Russia and China — criminal groups and state actors,” says Peter Warmka, a former CIA officer who founded an Orlando-based firm called the Counterintelligence Institute.
Did no one in the government think to do a search on Patel before he started at the FBI, for his privacy and national security? It is notable when this administration has taken down so much on government websites. References to the Enola Gay, a World War II plane which dropped an atomic bomb on Japan, were inadvertently removed in the DEI purge. But maybe, to quote Thomas Friedman, that’s just “Trump’s right-wing wokeism.”
Still, the National Archives has a series of categories under which they will remove or destroy records. That includes national security matters and “when an agency identifies Federal records that pose a continuing menace to human health, life, or property,” NARA states.
Is it unethical to take down a letter that was part of what launched a criminal investigation into Trump’s handling of classified documents, or is it unethical to leave it as a potential vulnerability of Trump’s FBI director?
I don’t know who uploaded Trump’s letter to the National Archives site. But as Jason Leopold, an investigative reporter and master FOIA-er, has stated, “NARA is one of the most vulnerable government agencies in terms of being targeted by Trump for retaliation… No agency is considered safe, but there is perhaps none with a bigger target on its back than NARA. The once sleepy agency staffed with librarians and archivists became Trump’s nemesis after it sparked the sprawling criminal investigation related to top secret documents Trump stored at Mar-a-Lago.”
In February, Trump fired the head archivist, and others have since been terminated or taken buyouts.
Meanwhile, at the FBI, I asked the press team to comment on Patel’s personal contact information still being easily findable on a government site, and whether that presents a security issue. A spokesperson did not ask which website it was on, and simply told me the bureau does not have any comment.
A lot lives in the open source world. Maybe U.S. officials from the Biden or Obama administration also have personal contact information in public places. But what else is out there, just sitting around for the taking? Who wants to bet that some adversary will use AI to find it faster than I did?