The title really lacks context. The “person in Russia in the group chat” is Witkoff, the US official in charge of the situation in Ukraine and the Middle East
That is definitely the context needed. Not sure though if he needed to know the exact details of the battle plans whilst in Russia. Still feels like a slight lack of control of sensitive information. Albeit it’s not as bad as forgetting you had a journalist in the same chat.
Possibly, but by private company owned chat? Also while in a foreign country known to be hostile to the US. If you apply this logic it smacks of lack of thought towards control of sensitive information which is pretty much the incompetence this administration has shown since well a long time.
Not sure though if he needed to know the exact details of the battle plans whilst in Russia.
Through an unsecure platform, no less.
There really is no excuse for any of this. And they are denying that a chat existed, or that any classified information was posted, or that there were even plans to attack anyone… imbeciles. Every single one.
Unsecure, meaning not an authorized channel for this type of classified discussion to have even be taken place.
Signal is still “secure” in the sense that it uses encryption, etc.
But as with personal emails, which may also use encryption, is it NOT a secure way (i.e. not the proper method of communication) for sharing highly classified war plans.
Republicans railed on Hillary for the whole server fiasco, but this is magnitudes more damaging to the competency of the administration, and for national security.
Or said differently: signal will probably resist attempts to hack the chat, but it won’t resist the “beat him with a wrench til he unlocks his phone” strategy. That’s why secure comms for governments are usually done in a secure room in an embassy, on hardwired devices.
It’s a complete lack of control of sensitive information. Signal should never be used for this. No phone app can make the security guarantees necessary for this level of detail.
Also, they’re using Signal to dodge FOIA requests, as well as subpoenas, which was recommended by the project 2025 leader Vought last year to hide their illegal activity
To be clear, the Signal protocol has not been cracked. Russia has been using phishing attacks to get victims to link their signal account to a device Russia controls.
Please don’t spread FUD. That memo does NOT claim Signal has been compromised by Russia.
The actual claim is that Russia has used deceptive e-mail style tactics to trick people into authorizing a malicious “linked devices” request. This is a social engineering vulnerability, not a technical one.
No doubt on a personal device, surrounded by hostile cell towers and WiFi hotspots and being bombarded with who knows what kind of state-level malware.
It’s not like they need to break signal; if they can clandestinely screencap, keysniff etc then this chat was completely pwned regardless of how secure it was between TCP endpoints
This is not even a conversation that should be happening on a government issued smartphone in a hostile foreign country.
The title really lacks context. The “person in Russia in the group chat” is Witkoff, the US official in charge of the situation in Ukraine and the Middle East
That is definitely the context needed. Not sure though if he needed to know the exact details of the battle plans whilst in Russia. Still feels like a slight lack of control of sensitive information. Albeit it’s not as bad as forgetting you had a journalist in the same chat.
Well I mean, if anyone needs to know, it’s him, right?
Possibly, but by private company owned chat? Also while in a foreign country known to be hostile to the US. If you apply this logic it smacks of lack of thought towards control of sensitive information which is pretty much the incompetence this administration has shown since well a long time.
Through an unsecure platform, no less.
There really is no excuse for any of this. And they are denying that a chat existed, or that any classified information was posted, or that there were even plans to attack anyone… imbeciles. Every single one.
How is Signal unsecure?
Unsecure, meaning not an authorized channel for this type of classified discussion to have even be taken place.
Signal is still “secure” in the sense that it uses encryption, etc.
But as with personal emails, which may also use encryption, is it NOT a secure way (i.e. not the proper method of communication) for sharing highly classified war plans.
Republicans railed on Hillary for the whole server fiasco, but this is magnitudes more damaging to the competency of the administration, and for national security.
Unsecure ≠ Insecure
Unsecure in this context generally means not in compliance with military and classified security practices and procedures for “securing” information.
Signal is secure in the sense of being strong end-to-end cryptography.
Or said differently: signal will probably resist attempts to hack the chat, but it won’t resist the “beat him with a wrench til he unlocks his phone” strategy. That’s why secure comms for governments are usually done in a secure room in an embassy, on hardwired devices.
It’s a complete lack of control of sensitive information. Signal should never be used for this. No phone app can make the security guarantees necessary for this level of detail.
No, it’s much worse than that. The Pentagon announced not long ago that Signal has been compromised by Russia.
Hate to link reddit here, but this comment does a good job of explaining how damaging this really is:
https://redlib.freedit.eu/r/politics/comments/1jjn8qk/atlantic_editor_suggests_hes_open_to_sharing/mjoedt4/#mjoedt4
Also, they’re using Signal to dodge FOIA requests, as well as subpoenas, which was recommended by the project 2025 leader Vought last year to hide their illegal activity
To be clear, the Signal protocol has not been cracked. Russia has been using phishing attacks to get victims to link their signal account to a device Russia controls.
Please don’t spread FUD. That memo does NOT claim Signal has been compromised by Russia.
The actual claim is that Russia has used deceptive e-mail style tactics to trick people into authorizing a malicious “linked devices” request. This is a social engineering vulnerability, not a technical one.
No doubt on a personal device, surrounded by hostile cell towers and WiFi hotspots and being bombarded with who knows what kind of state-level malware.
It’s not like they need to break signal; if they can clandestinely screencap, keysniff etc then this chat was completely pwned regardless of how secure it was between TCP endpoints
This is not even a conversation that should be happening on a government issued smartphone in a hostile foreign country.