BestNetTech is off for the holidays! We'll be back soon, and until then don't forget to 
National Insecurity: The Trump Administration’s NATSEC Boys Just Can’t Stop Fucking Up
from the fafo-as-a-service dept
If you feel this nation is beset on all sides by the inequities of the selfish and the tyrannies of evil men, you probably should be scared shitless that the clowns are running the circus. Of course, those backing Trump aren’t truly concerned about any of this, not even those running his agencies and/or repeating the lie that the mere existence of foreign people on our soil is an act of war.
Area drunk/The War Room Is Now The Green Room Defense Department head Pete Hegseth is probably the tip of the iceberg, but his DM indiscretions are not solely his own. When a journalist got added to a war plans Signal chatroom, there was cause to be concerned, especially once one was done laughing. When Hegseth was so desperate for personal interaction, he decided to share war plans with his wife and members of his family, there was even more reason to be concerned, especially when the Trump Administration decided to stand by its man, even when that man routinely appeared to be incapable of standing on his own.
America is feeling less like a nation and more like a frat house whose occupants are so self-deluded they think they’re capable of handling anything more than tapping a fresh keg. Perhaps that’s why we’re being subjected to nationwide hazing, which appears to take the form of being shipped off to a foreign maximum security prison for the rest of whatever.
The fun never stops. Top level NATSEC folks are being stupid and not very secure on main, exposing a bunch of stuff to journalists these department heads are fully aware are present. Here’s some more stupidity from a Trump official, which 404Media’s Joseph Cox has the kindness to say was an accidental revelation:
Mike Waltz, who was until Thursday U.S. National Security Advisor, has inadvertently revealed he is using an obscure and unofficial version of Signal that is designed to archive messages, raising questions about what classification of information officials are discussing on the app and how that data is being secured, 404 Media has found.
On Thursday Reuters published a photograph of Waltz checking his mobile phone during a cabinet meeting held by Donald Trump. The screen appears to show messages from various top level government officials, including JD Vance, Tulsi Gabbard, and Marco Rubio.
“Inadvertently” might be true, but “stupidly” is far more accurate. I mean, we all had a good laugh when Kanye West scored an audience with Trump during his last presidential term and revealed his device security habits were just as solid as his personal judgment skills.
For what it’s worth, Waltz is no longer the nation’s national security advisor. Instead, he being turfed to UN Ambassador duty, which pretty much just means running interference for whatever new war-like expansionist plan Trump happens to announce during upcoming press conferences and media appearances.
Don’t breathe a sigh of relief just yet, though. It appears the remarkably under-qualified Marco Rubio will not only be failing to competently run the State Department, but he’ll also be required to collect and collate national security briefings the president will never read.
Say what you will about Signal, but this isn’t a Signal problem. It’s a Hegseth-Trump-Waltz-etc. problem. Signal is secure. But that security means nothing when deployed by extremely stupid people. Former NSC advisor Waltz is stupider than most, not only for logging in while in camera range of journalists, but for using a third-party app that deliberately undermines the privacy protections offered to users by Signal.
The Reuters photo shows Waltz’s phone asking him to input his “TM SGNL” pin. This is not part of Signal’s software. It’s a third-party app that offers functions Signal decidedly does not.
TM SGNL appears to refer to a piece of software from a company called TeleMessage which makes clones of popular messaging apps but adds an archiving capability to each of them. A page on TeleMessage’s website tells users how to install “TM SGNL.” On that page, it describes how the tool can “capture” Signal messages on iOS, Android, and desktop.
Even if others in war plans chatrooms might have taken the precaution of utilizing the auto-delete function, TeleMessage allows users to undercut that privacy/security function. On top of that, it makes it clear top officials using products like these do have the capability of preserving official government communications even while using Signal, which means they shouldn’t be allowed to claim otherwise when responding to lawsuits, public records requests, or public records request lawsuits.
But, of course, using TeleMessage presents its own security issues. It’s certainly not an officially supported offering by Signal, which makes it a target for hackers, and hackers have descended. On Monday it was reported that the app has been hacked:
A hacker has breached and stolen customer data from TeleMessage, an obscure Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages, 404 Media has learned. The data stolen by the hacker contains the contents of some direct messages and group chats sent using its Signal clone, as well as modified versions of WhatsApp, Telegram, and WeChat. TeleMessage was recently the center of a wave of media coverage after Mike Waltz accidentally revealed he used the tool in a cabinet meeting with President Trump.
The hack shows that an app gathering messages of the highest ranking officials in the government—Waltz’s chats on the app include recipients that appear to be Marco Rubio, Tulsi Gabbard, and JD Vance—contained serious vulnerabilities that allowed a hacker to trivially access the archived chats of some people who used the same tool. The hacker has not obtained the messages of cabinet members, Waltz, and people he spoke to, but the hack shows that the archived chat logs are not end-to-end encrypted between the modified version of the messaging app and the ultimate archive destination controlled by the TeleMessage customer.
So even if you believe that using Signal was safe because of its end-to-end encryption, the fact that they were using TeleMessage basically meant that they put a man-in-the-middle attack into their own Signal chats, making it that much more insecure. So insecure that it was hacked.
In other words, the one single redeeming quality of them using Signal (“well, at least it uses end-to-end encryption”) was done away with via their own actions.
And then, after the hack was revealed, TeleMessage announced that it was… shutting down the service at least for the time being.
TeleMessage, the app that President Donald Trump’s former national security adviser, Mike Waltz, appeared to use to archive his group chats, has suspended all services after hackers claimed to have stolen files from it.
A spokesperson for Smarsh, the company that owns TeleMessage, said Monday that the company “is investigating a potential security incident. Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation.”
“Out of an abundance of caution, all TeleMessage services have been temporarily suspended,” the spokesperson said.
Normally, if the government is using a system for important classified information sharing it would be thoroughly tested and carefully vetted. Here, it appears that none of that was done. Beyond the texting of war plans to a journalist, outside the texting of war plans to family members, here we have these officials using a sketchy third party app that obliterates the value of end-to-end encryption by mirroring the conversations to an insecure third party Israeli company, who was quickly hacked.
And, it appears, the hackers were able to obtain fairly real time messages:
One hacked message was sent to a group chat apparently associated with the crypto firm Galaxy Digital. One message said, “need 7 dems to get to 60.. would be very close” to the “GD Macro” group. Another message said, “Just spoke to a D staffer on the senate side – 2 cosponsors (Alsobrooks and gillibrand) did not sign the opposition letter so they think the bill still has a good chance of passage the senate with 5 more Ds supporting it.”
This means a hacker was able to steal what appears to be active, timely discussion about the efforts behind passing a hugely important and controversial cryptocurrency bill; Saturday, Democratic lawmakers published a letter explaining they would oppose it. Bill cosponsors Maryland Sen. Angela Alsobrooks and New York Sen. Kirsten Gillibrand did not sign that letter.
This is base-level dumb. We expect better from our government officials, even if they’ve decided to be just another yes man trapped in Trump’s orbit. This casual stupidity isn’t limited to the moments captured by visiting journalists. It infects everything in the nation at this point because if there’s anything the Trump Administration values more than cruelty, it’s blind loyalty. And no one anywhere has ever considered those traits to be indicative of intelligence. But, for now, those are the traits that get you closest to the power, so that’s what we’re stuck with.
Filed Under: defense department, jeffrey goldberg, mike waltz, national security, national security advisor, pete hegseth
Companies: signal, telemessage
Comments on “National Insecurity: The Trump Administration’s NATSEC Boys Just Can’t Stop Fucking Up”
Yes, but we didn’t vote for idiots, buffoons, and felons. And we are outnumbered.
Base-level?
Sorry, I disagree.
Base-level dumb was using Signal for government communications. And it is probably a plausible (I am not going to use the “safe” word in this context) guess that we are not dealing with government-issued and government-administered communication devices either.
But there has been a whole lot of digging since then, and we are a whole lot lower than base-level dumb. We probably have struck water by now. Most likely tears.
Between this, DOGE completely screwing up every IT system it can get its grossly incompetent paws on, the boxes full of classified documents stored in a Mar-a-lago bathroom, and all the other shit they’ve done, the damage this regime has done to national security will take decades to repair and the full extent of it may never be fully known.
Re:
And we are only 4 months into theses 4 years where obviously none of them have never took a lesson of any of their past incompetence (not even counting about the present ones).
This comment has been flagged by the community. Click here to show it.
Nightmare Blunt Rotation
Re:
Hey bro. Does the restraining order bar you from just petting zoos? Or is it anywhere there are farmyard animals?
Re: Re:
Hi Stephen. I missed you too.
Re: Re: Re:
Bro, I’m not him and you spell like goat anus.
Clean yourself up.
Re:
Low effort. No points.
Re:
I guess we found the bar at which you’ll stop crowing about voting for these dumbasses.
This comment has been flagged by the community. Click here to show it.
Re: Re:
I live in Australia. I did not vote for the American president. I am sorry that the Democratic party ran a bad candidate but they can try again in four years.
Re: Re: Re:
Did you get done in for fucking a roo, as well as copulating with goats?
Re: Re: Re:
I suppose spelling “Republican” like that is the only way you can express sorrow over the event in a way that sounds like glee.
I mean… given that the director of national intelligence is questionably a bought and paid for Russian plant, I think it’s fairly safe to assume by this point that the entire Federal government is a playground for foreign spies at this point. Beijing and Moscow probably have more competent people within positions of trust inside the US government than the United States does, and the sad part is they probably have a stronger vested interest in the continued success and continued existence of the United States than the people ostensibly running the show.
Fractally corrupt and incompetent
So they used a third-party app to communicate highly sensitive information in order to dodge legally-mandated record keeping requirements, and then on top of that used another app to record records that would otherwise have been automatically deleted by the original app.
If the situation wasn’t so dire and the communications in question so critical that would almost be comically impressive levels of stupidity and corruption.
It’s a feature, not a bug. Trump needs someone to blame. Without that, he would need to accept responsibility. That is not something he will ever do.
I haven’t seen it suggested much, but surely it must be possible that Waltz et. al only added this 3rd party app to thier signal chats after the original “Signalgate/leaking of war plans” debacle?
if so then it would mean that they after got their wrists slapped for using signal with auto-deleting messages, one of them had the bright idea to use this extra app and they all went “yeah, good idea! problem solved, it’s secure now!” and fist-bumped and tapped a new keg to celebrate, all the while thier chats are even LESS secure then they were originally!
Re:
👊🇺🇸🔥
Who dunnit
I’m sure Trump will just blame Biden.
Perhaps we should call that organization NatInsec now, since there doesn’t seem to be any security breach they won’t commit.