According to the White House, Steve Witkov, a special US envoy, did not use signals on his personal phone while in Russia. This has led to increased fears due to repeated Hacking of Moscow of encrypted apps, which is the focus of recent leaks.
As US officials were discussing a classified strike against the Houthi rebels in a signal group chat shared with journalists, Witkov, who was in the chat, traveled to Moscow to meet Russian President Vladimir Putin.
Following reports on the timing and potential security violations, Witkov said he was unable to access the phone while in Russia and only joined the “Houthi PC Small Group” after leaving Moscow.
“When you travel to an area where you don't want to compromise your device, I had a safe phone that the government would provide for special circumstances.” He wrote on x.
“I couldn't access my personal devices until I got back from my trip,” he added. “That's the responsible way I do these trips and that's how I do myself all the time.”
White House spokesman Karoline Leavitt supported Witkov's claims, saying that the phone provided by the US government was “the only phone he had while in Moscow.”
Russia is known to be a target signal, an open source, encrypted messaging app flagged by the National Security Agency (NSA) for its potential vulnerability.
The NSA warned the Department of Defense last month about the risk of using signals. In particular, it cites the epidemic of Russian hacking groups that actively attack the app. CBS reported.
“The use of signals by common targets of surveillance and espionage has made applications a high value target for intercepting sensitive information,” the NSA document read.
The Pentagon previously issued a department-wide memo in 2023, warning against using signals for private official information.
“Note: Third-party messaging apps (such as signals) are permitted by the policy for uncategorized accountability/recall exercises, but are not authorized to process or store private, uncategorized information,” the memo reads.
The NSA warning came when Google's cybersecurity division discovered that a state-related hacking group in Russia had sneaked into signal accounts of Ukrainian military staff to obtain sensitive information.
Russian groups were able to use phones acquired on the battlefield to allow access to staff members' accounts. This account is used to send modified “group invitations” links, violating more accounts. According to the report.
Signal claims that the app is safe from hacking and that there are previous violations made through phishing and device linking methods.
National Intelligence Director Tarsi Gabbard and CIA director John Ratcliffe testified Tuesday that no classification material was shared in the signal chat shared with Atlantic Editor-in-Chief Jeffrey Goldberg.
Goldberg later shared a screenshot showing details on the timing and methods of the Yemen airstrike.
National Security Advisor Mike Waltz has since accepted “all responsibility” for the incident, but he has not yet explained how Goldberg ended up in a group chat with top US officials.
