The use of messaging application Signal by high-ranking officials in the Trump administration’s national security sector raises concerns regarding the platform and the method by which the administration conveys sensitive government data.
Cybersecurity professionals expressed their astonishment upon discovering that conversations included sensitive information, such as airstrike strategies, as reported on Monday by Atlantic Editor-in-Chief Jeffrey Goldberg.
The report was “quite astonishing,” stated JP Castellanos, head of threat intelligence at Binary Defense. He previously served in the Cybersecurity division of the US Central Command (CENTCOM).
Goldberg, a veteran foreign affairs journalist, released the report on Monday, claiming he had been invited to Signal’s group chat earlier in the month by national security adviser Mike Waltz.
As per Goldberg, senior security figures, including Defense Secretary Pete Hegses and Vice President Vance, discussed strategies for an attack in Yemen, allegedly coordinated with Iran just hours prior to the report’s release.
The National Security Council affirmed that the messaging chain is legitimate and stated that an investigation is underway regarding how Goldberg became part of the chat. The White House attempted to mitigate the situation on Tuesday, with spokesperson Caroline Levitt asserting that “war plans” were not a topic of discussion in the chat.
Levitt remarked that the White House advisory office “offers guidance on numerous platforms to ensure that President Trump’s senior officials communicate in the safest and most efficient manner possible.”
During his time at the Department of Defense, Castellanos noted that he conducted various tests on applications to confirm the agency was secure from foreign hacking attempts.
“It’s a very lengthy and meticulous process,” Castellanos elaborated.
It remains unclear whether Signal was among the approved applications or if officials used messaging services on official government devices.
CIA director John Ratcliffe confirmed on Tuesday that he was part of a group chat, revealing that a Signal application was installed on his work computer, “as is standard for many CIA employees.”
“One aspect I learned from an early-serving senator was about the acceptability of using Signal for work by individuals in CIA Records Management,” Ratcliffe shared during a previously scheduled Senate Intelligence Committee hearing. He appeared alongside Tarshi Gabbard, the director of national intelligence, and another report member in the chat.
While there are still doubts concerning the usage of Signal and whether the conversations were classified at that time, cybersecurity specialists and lawmakers quickly warned about the security risks associated with discussing highly sensitive information on non-government platforms.
“This exemplifies careless, incompetent conduct, as this is neither a singular incident nor a first-time mistake, especially regarding classified information,” stated the top Democrat on the Senate Intelligence Committee, Senator Warner, at the hearing’s opening on Tuesday.
Warner called for Waltz and Hegses to resign, and some Democrats urged Congressional Republicans to bring civil servants before Congress for testimony.
Signal offers end-to-end encryption, meaning no details about users’ private discussions are accessible to tech companies. The platform is commonly utilized by journalists, Capitol Hill personnel, and some businesses looking for extra security in their messaging.
Cybersecurity professionals have indicated that while it offers a degree of protection, the federal government is still far from what is required for high-risk information.
“[Signal] is safer than many other messaging systems,” remarked Mark Montgomery, a senior fellow and director at the Center for Cyber Innovation at the Democracy Foundation.
“However, device compliance is not upheld at the same high standard,” Montgomery added. “Thus, I view this as a clear operational security lapse.”
Several experts pointed out that officials likely opted for Signal due to its ease of use, whereas the user-friendly classified handheld devices are often more complex.
Former national security adviser John Bolton criticized the administrative team for using Signal and told CNN on Monday, “If you believe Signal is on par with secure US government communications, reconsider that notion.”
If an adversary gains access to the phone number or Signal number of a White House official, they could dispatch a harmful link to install malware, spyware, and listening software, potentially accessing sensitive data.
“Numerous adversaries are trying to discover opportunities to effectively spear-phish and compromise these users’ devices,” Castellanos noted.
Matthew Mittelstead, a cybersecurity and emerging technology expert at a libertarian think tank, expressed concern opposing the apprehensions, as it is not an official governmental channel.
“The realm of encryption is substantially broader than just the government,” Mittelstead informed Hill.
Mittelstead added that he is more concerned about the safety of actual “endpoint devices,” such as phones and laptops where these messages are transmitted.
“Signal may be highly secure, but the confidentiality of messages via Signal depends on the overall practices established by the individual. It’s as secure as your personal device, and the anxiety regarding your environment may ultimately leak information from your device in some fashion.”
Just days following the creation of the Signal chat, the Pentagon issued a warning note regarding the use of messaging applications, although it remains unclear if there is a connection, NPR reported.
The Hill contacted the Pentagon and requested a comment regarding Signal.
Some experts questioned whether officials violated any spying laws, but have stated that there is currently insufficient detail to ascertain the legal implications regarding the nature of the released material.
“Did the communication contain classified information?” a cybersecurity expert in the Washington area inquired. “If the response is ‘Yes’, one must ask, was the usage of Signal an inappropriate means of handling classified information?”
