I'm an external individual to the US, but I must admit that some of the sentiments being expressed here in this thread and elsewhere about the lack of accountability deeply concern me, it reminds me of many things I saw growing up and still see today in south asia.
Independent of anything else, I do see the overton window shifting in the US, the most subtle of which are norms and expectations around acts of corruption.
Every nation has it's minor acts of corruption, small favours between friends, which I've always thought of as being functionally impossible to remove as they also allow for a flexible environment which allows things to get done.
However the norms seem to be shifting more towards the idea that those in power can act as they will, and in fact the expected thing is they will act to enrich themselves. I hope this does not happen, because this is death to entrepreneurship, this is one of those things that will poison the economy, when people no longer trust that what they make can be theirs, that others can look on in envy at the work they have built on their blood and sweat and can take it as their due because they have power.
That will create a chilling effect for anyone who wishes to create and will make them wonder as myself and many others have considered, whether it's better to create their life's work elsewhere.
I sincerely hope this doesn't happen here, once this mindset becomes a norm, it's incredibly hard thing to stamp out.
The corruption is caused by their short sightedness, a total lack of critical analysis capacity to see past the surface assessment of pretty much everything. The problem in the United States is that adults are no longer adults, we manufacture immature people with simplistic world views that seriously know no better, and they have the entire Republican Party hostage, a material percentage of the Democratic Party, and in general the USA is awash in a state of noncommunication because such people cannot see past their immediate assessments to find any common ground. Sure, we have real adults, but not enough to make a critical difference in the quality of our public discourse, to reverse this nose dive.
"The statements by Hegseth, Gabbard, Ratcliffe, and Trump—combined with the assertions made by numerous administration officials that we are lying about the content of the Signal texts—have led us to believe that people should see the texts in order to reach their own conclusions. There is a clear public interest in disclosing the sort of information that Trump advisers included in nonsecure communications channels, especially because senior administration figures are attempting to downplay the significance of the messages that were shared..."
The grass isn't always greener. I think the core underlying issue at all of this is social divides within countries. When groups of people become sufficiently antagonistic towards one another, it really enables widespread corruption because people will actively blind themselves (or handwave away) to the wrongs of "their side" and magnify the wrongs of "the other side" with no limits to the hyperbole.
And Europe is most certainly not an exception to this, especially in current times. For instance 65% of EU citizens do not believe that high level corruption is sufficiently pursued. [1] And basically every EU country (outside of Scandiland) has a majority to vast majority who believe that corruption is widespread in their country.
Sure, that's why von der Leyen run the huge Pfizer deals then conveniently "lost" the SMS about them, hired her pals as defense consultants hiding €100+ million of the costs and the decisions which favored the companies supporting her (e.g. lucrative contracts were awarded to the global consulting giant McKinsey & Company, where von der Leyen's son works as an associate, and several other cases.
And she is just the tip of the iceberg of EU corruption. In general such politicians only get repercusions selectively, and usually only when the political direction changes and they're no longer useful to the establishment.
I love how this subthread devolved into arguing about Europe's attached bottlecap regulations and that the GDPR has resulted in lots of very annoying cookie banners.
So in the US you have a corrupt, authoritarian takeover of a society – and in Europe you have well-meaning, but somewhat annoying, regulations that still need some work to function perfectly.
Not sure how you could possibly come up with this idea — but I’d recommend not consuming hysterical media narratives and instead looking at actual data. This is a chart of globally relevant companies founded in Europe in the last 50 years:
The data depicts the exact opposite of what you are saying. As an entrepreneur, you can be “safe” knowing you will have far less chance to succeed in the EU.
Europe suffers from another kind of "corruption", more akin to a corrupted file system: absurd, rigid and unpredictable regulation makes life very hard for businesses, which drives large private capital away.
I am European, and every time I open one of those stupid locked-on bottle caps, I feel pain for my country, for Europe (and for my face).
Yes, unfortunately we’re already at that point. Republicans and their base close ranks so effectively that it’s essentially a safe haven for all sorts of corruption and serious crime. The voters won’t punish them at the ballot and they’ve essentially captured all sources of checks and balances.
It's Republicans and Democrats. You're in this position in the first place because you have no real political diversity. It's not gonna change in that two party system either.
I mean this with all due respect. Anyone who talks about Democrats and Republicans like they’re on one of the teams has totally missed the political charade being orchestrated in DC. These parties do not represent you.
I'm already feeling like entrepreneurship is out the window.
It's a combination of AI being owned from these mega corporations and corruption at the highest level that I'm losing sight of what is the purpose building my startup business in an authoritarian landscape.
Trump illegally promoting Elon's corporation with a yard sale, kissing his feet for donating millions to his campaign thanks to citizens united, allowing him to ransack the federal government as an unelected official, to making vandalism a domestic terrorist act for people fed up when him,and now putting Elon in charge of investigating Signalgate.
>when people no longer trust that what they make can be theirs, that others can look on in envy at the work they have built on their blood and sweat and can take it as their due because they have power.
We just need liberals to embrace the 2nd with as much fervor as the right.
This does not follow. Even in highly corrupt authoritarian countries entrepreneurship can flourish. Just consider Turkey or Russia. In such places one quickly learn whom to pay with corruption payouts becoming business expenses.
Does entrepreneurship flourish in Russia? This would surprise me just because its GDP is smaller than Italy's, and around 17% of it is oil and gas. CAGR for past 10 years in Russia is ~1.5% (compared with ~2.3% for the US).
Just seems logical to me that if entrepreneurship was flourishing, we would see more economic growth as a result.
Please feel free to correct me if I'm wrong, but I get the feeling that this is purely a theoretical exercise for you, life under those conditions is chaotic and complex, at the bare minimum, it limits the complexity of the kind of business you can run.
I don't think entrepreneurs enjoy paying for "protection" when mafia knocks on the door or companies being taken over entirely when somebody in power decides that they like this one.
I began my career in a classified environment working on government satellite programs.
In my first week on the job, I was told, explicitly, that if I shared Classified or Controlled Unclassified information over unapproved channels, I would be reprimanded—likely fired, or less likely, prosecuted.
It was also made clear that safeguarding the nation's secrets from the carelessness of others was my responsibility, too.
It is mind-boggling that 18 people were on this thread, and none of them ever suggested that this discussion would be better served in a SCIF. To say nothing of SecDef starting the thread on Signal in the first place.
How many other such threads are active at the highest levels of government right now?
Does Chinese intelligence know?
I'm not suggesting punishment, or even prosecution, for the people involved. But the idea that this breach can occur with no accountability, consequences, or operational changes is unacceptable.
Why shouldn't punishment or prosecution be suggested. I've worked with classified information, and I would have been held accountable for my actions, why shouldn't they? I'm tired of this Too Important To Have Consequences business. It defeats the whole purpose of having qualifications, and security, and rules of any kind.
> I'm tired of this Too Important To Have Consequences business
Sure, but short of something similar to the UH CEO, do you think anything will actually happen to them?
If they’re doing this then the president presumably knows and does too. Even if they get prosecuted and convicted (after years of legal nonsense) they’d just get pardoned.
Honestly, I'm giving up hoping for even a fraction of deserved punishment too. It's hard to handle the emotional dissonance I feel repeatedly when I see injustice, so I've adjusted myself to expect minimal or no punishment and just hope things improve a little. I know this is exactly what those people who repeatedly do malicious things want to happen, and I'm not suggesting we give up seeking social justice. I just can't handle the rage I feel every time or I'll suffer from severe depression again. I need to save my willpower to still hope for a better world and to encourage or support people who are actually working to improve society.
Do you honestly think that (a) Trump's Justice Department would prosecute any of these offenses, and (b) even if so, that Trump wouldn't just pardon anyone involved?
The problem is that most of those 18 people are just random folks picked on the premise of just one qualification: THey'd be Yes Man/Woman!! They aren't career professionals. I believe that explains the mess they've created and their incompetent approach to their duties.
It's still not too late to impeach that entire shack of clowns.
Those aren't leaders, quite the opposite, nothing but typical Trump-like non-leaders disgracing leadership positions.
>those 18 people are just random folks
OTOH if you picked 18 random patriotic Americans, odds are none would be that far below average at defending what normal Americans have always held dear.
Heck, one of my co-workers at a FAANG freaked out when he realized that he had used his personal phone to take a picture of a meeting blackboard instead of his corp phone. He spent the afternoon trying to figure out how to scrub the photo.
How likely is it that all 18 of those people were accessing from mobile operating systems with no known working exploit chain? I would say pretty unlikely.
If they're "just" using Signal, they're likely "just" using stock Android if there isn't a policy requiring iPhones in lockdown mode. It's a very good question as to whether such a policy exists.
More seriously, having worked in an undisclosed defence company, we were told that we would be prosecuted if we did this. There were many many security controls in place that prevented this from happening on top of the threat.
Are you able to share any of those security controls? How do you stop presumably well-intended Signal app users from conferencing? Are you talking about cellular signal blocking, or are you talking about avoiding public networks entirely in favor of Sensitive Compartmented Information Facilities (SCIFs)?
Because I don't know whether either of those are appropriate.
There aren't many comparable breaches to this one. The closest in modern times may be Hillary Clinton's email server being used for government business. In that case, the FBI investigated and declined to bring charges, under the expectation that a jury would be unlikely to render a guilty verdict.
Okay, fine. But the FBI investigated and laid out the facts.
My fear is that the current administration sees this as a PR problem. No, this was an operational failure. We should feel lucky that merely an American journalist was added by mistake.
We should expect the FBI to investigate this, too. But I worry the facts are too inconvenient for even that level of accountability.
because hackernews is full of people who cultivate a specific naivety when it comes to power so they don't have to contemplate their responsibility or position therin. its endemic and I have a hobby pointing it out again, and again, and again.
Because he wants the behavior to change, as it is a risk to the country's security. Typically these types of things at this level rarely result in prosecution; the compromise typically is a change in behavior / promise to do better / etc.
A US public watchdog is now sueing for action to be taken.
The people in the chat group included Vice President JD Vance, Defense Secretary Pete Hegseth, various other Trump administration officials and aides and notably
Secretary of State Marco Rubio.
As American Oversight lawyers pointed out in their lawsuit Tuesday, Rubio is also the acting archivist of the United States and, as such, “is aware of the violations” that allegedly occurred.
The lawsuit, brought by the watchdog group American Oversight, requests that a federal judge formally declare that Hegseth and other officials on the chat violated their duty to uphold laws around the preservation of official communications.
Those laws are outlined in the Federal Records Act and, according to lawyers for American Oversight, if agency heads refuse to recover or protect their communications, the national archivist should ask the attorney general to step in.
Time will tell how this buttery Signals chat plays out .. it's certainly given other many other countries more fuel to ridicule the USofA, it's hard to believe these clowns are our partners in global "intelligence".
In normal times this might even be something Congress should be interested in. But instead I wouldn't be surprised if the journalist will get prosecuted on grounds that he didn't leave the group as soon as he noticed the mistake.
I have read that one of them (thanks to sibling commenter, yes, Witkoff) was traveling in Russia while on this group chat, and that the chat disclosed the identity of an intelligence officer.
When you get to a certain level, you believe the rules don't apply to you. There are many examples of this, but I won't list any for fear of promoting false equivalencies.
> But the idea that this breach can occur with no accountability, consequences, or operational changes is unacceptable.
There will be no accountability, consequences, or operational changes because the American people (a plurality of them anyway) voted for this. I like how people are even bothering to bring up the risk of prosecution, as if Trump wouldn't just pardon the people involved anyway.
Look, I am as disgusted as you are, but I continue to be impressed/disgusted by the neverending levels of shamelessness shown by Trump and his cronies:
1. Trump is now somehow blaming the reporter for this, calling him a "sleazebag".
2. Probably doesn't need repeating, but all the chants about "lock her up" against Hillary Clinton were due to her supposed mishandling of classified information. Yeah, waiting to hear all the outrage from the right over this 10x more egregious example.
3. I still continue to be awed by Hegseth railing against DEI because it's "anti-merit", as I can't think of an ass clown less qualified to be Sec of Defense.
Nothing will change unless the American people, at large, decide to punish those at the ballot box who exhibit these behaviors, and so far they have not been willing to do that.
I'm concerned that what brings change won't be a smarter electorate, but instead losing a war or having another civil war.
I'm somewhat politically conservative, and I still cannot make any sense of the plurality that voted Trump into office again. I really wonder if I'm in some kind of echo chamber that prevents me from understanding their perspective.
>>>In my first week on the job, I was told, explicitly, that if I shared Classified or Controlled Unclassified information over unapproved channels, I would be reprimanded—likely fired, or less likely, prosecuted.
Now, I’m not replying to you about the morality of what happened or to tell my opinion of what is right and what is wrong.
But do you honestly believe the president is held to the same standard as you?
First felon I know that has had no issues getting a job or getting a place to live. It's amazing how being a felon makes life so much more difficult for normies, yet actually improved his stature. It's embarrassing no matter which angle it is viewed.
Trump won't fire any of them, because nothing they've done displeases him, and displeasing Trump (rather than violating a law, for instance) is the only way to get fired by him.
At 11:44 a.m., the account labeled “Pete Hegseth” posted in Signal a “TEAM UPDATE.” I will not quote from this update, or from certain other subsequent texts. The information contained in them, if they had been read by an adversary of the United States, could conceivably have been used to harm American military and intelligence personnel, particularly in the broader Middle East, Central Command’s area of responsibility. What I will say, in order to illustrate the shocking recklessness of this Signal conversation, is that the Hegseth post contained operational details of forthcoming strikes on Yemen, including information about targets, weapons the U.S. would be deploying, and attack sequencing.
From TFA.
The discussion itself wasn't transacting classified documents as such. But as Goldberg makes clear, information of both general sensitivity and immediate tactical significance was disclosed.
It was confirmed (under oath) that there was no classified information shared, however, the contents of the messages could not be shared with the Senate Select Committee on Intelligence as it is classified information.
The EU knows exactly how the administration feels about them with regards to military support. The Signal thread makes all involved look extremely incompetent. I’m not seeing the advantage if this was planned.
I disagree. When you leak to the press, you often do it with a planted source who "leaks" to a journalist on condition of anonymity. Doing it with an "accidental" group chat add like this signals incompetence without any added value.
CISA explicitly promoted Signal for use by top level government officials. The fact that an outsider was invited to a conversation they didn't belong in is troubling, but basically nothing else about this seems to be outside of recommended policy.
The administration is also claiming that there was no confidential information in the conversation, which I think is certainly debatable, but the rest of the story seems overblown to me.
Organizations may already have these best practices in place, such as secure communication platforms1 and multifactor authentication (MFA) policies. In cases where organizations do not, apply the following best practices to your mobile devices.
And goes on to say:
Adopt a free messaging application for secure communications that guarantees end-to-end encryption, such as Signal or similar apps.
But concludes:
Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.
So they mention signal as an example of an app that they are talking about, but they explicitly state that by mentioning it they are not implying to endorse or recommend or even favor it.
Moreover, the advice doesn't apply to organizations that have their own best practices in place, which the organizations in question certainly do. So the question isn't what CISA recommends it's what the CIA, DoD, Department of State, etc. recommend.
You should read the release that CISA put out [0]. The use of Signal for classified discussions is not a suggested use. True, it's not explicitly forbidden, but people entrusted with that access should know better.
Saying that CISA approved Signal (and, in right-wing sources, saying "Biden administration CISA") is an attempt to minimize and distract.
They shouldn't have been texting classified information. Full stop.
Setting aside the obvious shock of the actual subject, I'm going to try the herculean task of bringing this back to being a HN-related topic...
My guess is that there is someone named Jeffrey Goldberg in the NatSec team (or high up, it seems like a common combination of first and last name at least), and likely that they meant to add him, rather than the EDITOR IN CHIEF of the Atlantic of all people. Could this be a UI/UX thing with Signal? (not differentiating between two Jeffrey Goldbergs on your contact list?).
This sounds less like a Signal problem than an information organization problem. Signal can only show what's in its datastore (your contact list).
I just checked on Android - if you try to add someone to a group chat, it shows their name and profile pic.
One potential Signal-side wrinkle is that it allows you to add people to a group chat who are in another chat you're in, but who aren't in your contacts list. There are strangers I was apparently at a dinner party with years ago who are eligible to be added to a group chat. If Jeffrey Goldberg has his Signal profile name set to JG and he wasn't in Mike Waltz's phone with a more specific name, that could lead to this mistake.
Then it's a good thing there's not an Abdul-Malik al-Houthi in the administration, as they might have included the wrong person on the private group chat.
> This sounds less like a Signal problem than an information organization problem. Signal can only show what's in its datastore (your contact list).
Signal's insistence on punting on the trust/identity problem is a Signal problem IMO, particularly when its advocates make such a fuss (when it suits them) about being a properly end-to-end cryptosystem and not just a toolbox of algorithms. Most of the systems it's competing with make at least some attempt at providing a chain of trust so you don't have to individually verify everyone you want to talk to.
Skype solves it with an invite link. If you want to send an account, you take its invite link and send it, thus making a manual web of trust without search.
i think this is likely what happened, though i also find it just as plausible that he was fat-fingered or drunk-added into the group (i’ve been added to group chats accidentally by both these “methods”)
Entirely possible. Which is why Government services for 'chat' explicitly don't allow contacts to appear who aren't already in the government. You've also no doubt seen email as it appears in Government inboxes with the big red banner "Came from outside, don't trust this" kinds of things will all the links disabled.
Two things that are really troublesome. The first, as Josh Marshall of TPM points out, "No one on that chat asked 'Why are we doing this on Signal?'" which suggests that it isn't the first time Signal was used for 'off books' stuff and that perhaps there are many such conversations. The second is that the conversation was set up while one of the participants was in the Kremlin waiting to talk to Putin. So either 'Kremlin Free WiFi' or the local cell tower providing connectivity?
Most pundits feel like this administration is trying to keep things out of FOIA and discoverability reach which has its own problems.
So yes, tools for Government communications don't have this problem, hell even Microsoft Teams on their US cloud get better protection than this.
meanwhile every company and their dog do this, for 2 lines worth of text you have to go through this litter and "think of the trees" and "if this email was not intended for you we will deny ever having written it" etc...
> Most pundits feel like this administration is trying to keep things out of FOIA and discoverability reach which has its own problems.
Similar issues have come up in the UK about Boris Johnson et al using Whatsapp etc during Covid, and one of the things they said in their defence did have some value - at least in relation to the idea of unminuted discussions.
ie these chat's are what used to be corridor/bar/cafe conversations - ie unminuted discussions are old as government - it's just they are now happening on various messaging apps rather than in person, at much faster pace, and with more people involved.
So I think it's a mistake to think its reasonable that all discussions should be recorded - the real question here is how to get the right balance - and make sure any decision making meetings are recorded - rather than the chat around the decision.
The way it worked in the past - was to get a proper decision you needed all the people in the same room - and so it was automatically minuted as it was an official meeting ( but not the chat at coffee before the meeting ) - now it's possible to get people together virtually that distinction is blurred.
Not sure what the answer is - but just saying it's probably unreasonable to expect all communications to be recorded - people need space to float ideas, or bitch like normal people - however on the other hand it is essential key meetings are minuted - not just for transparency - but for the study of history.
I'm putting my money on somebody fat-fingering the wrong contact. Maybe it's just me but I swear every phone I've ever owned has had extremely unreliable UIs, stemming from a combination of phantom touches being detected, and the phone moving buttons around as I'm trying to interact with it, as if it's on dialup line struggling to load somebody's Sonic the Hedgehog fanpage on GeoCities one gif at a time in 1996. And it's just phones too, this never happens on my PCs.
Of course, none of this excuses the failure to verify the identities of everybody in their chat, the choice to use a (probably) unvetted app on a (probably) unvetted personal device, or any other of a number of basic opsec rules that should be obvious to anybody who is vested with the authority to order an airstrike on the other side of the planet.
Agree, though I 100% see it on PC too, when web pages try to override standard scroll behavior to do some visual trick at the expense of well tested platform and browser scrolling support.
I don't use Signal, and am unfamiliar with the UI/UX.
However, it seems more plausible to me that Jeffrey Goldberg is in someone's contact list from previous on-purpose leaks (to control narrative, etc, typical "anonymous sources say" stuff) - and was accidentally added to this group.
When adding people to a chat, it shows the contact list from the device, with avatars. It is also possible to manually enter a phone number or username.
It's very likely that senior government officials have a phone with journalists saved in the contacts. It's easy to imagine why there are rules against using the same phone for secret war stuff, yet here we are.
There is someone with the same initials, not with the same name. I saw someone else point out a potential candidate here but I don't recall the exact name.
I've seen Jamieson Greer as US Trade Representative (same initials) and Jeffrey Kruse of the Defense Intelligence Agency (same first name) mentioned as possibly being the intended invitee.
I mean, I expect the actual approved governmental secure messaging apps would make it much harder to accidentally add a journalist to the thread, so I don’t know if this is a Signal problem per se.
100%. Let's not blame Signal where it's on you to only invite the proper potentially anonymous contact you want to communicate with. Very different goals.
This also highlights why the conversation being held on Signal is so bad. Imagine if "J G" expressed concerns about going forward with the attack. Making actual decisionmaking on go or no go over a non-classified system is insanely stupid.
> Setting aside the obvious shock of the actual subject, I'm going to try the herculean task of bringing this back to being a HN-related topic...
Is that so shocking? I watch often some forums on reddit related to combat footage, not frequently but enough to see various patterns. Before houthis started attacking shipping lanes, there were tons of videos of them kicking ass of Saudi military but way more often some subsaharan African mercenaries in their uniforms. Like, really badly kicking ass, smart ambushes, devastating results even on heavy machinery. The opposite side had almost nothing.
Then with change of this, the tone and content turned 180 degrees. Almost always absolutely precise laser guided bomb strikes even if for 1-2 guys seemingly in the middle of nowhere, and a lot of them popping up all the time (to the tune of few every single day). Always titled cca 'Saudi air force doing XYZ'. Like sure, if you are clueless and don't know state of their army, their discipline, level of training and so on you can believe that.
I didn't believe this since the switch was sharp, US is simply flying there for quite some time, together with Saudi air force. TBH I don't care, just sharing observations. No way we can know hard facts obviously, but its easy to connect those very few dots. A bit of failure from opsec point of view - if you do this stuff, at least keep it secret and not broadcasting to whole world so politicians can keep big smiles and grand statements, at least for clueless civilians who barely know where Yemen lies on the map.
What others write it matches my observation - “Houthi PC small group”, seemingly short term group about specific attack. US attacks themselves are already happening for a year and something.
This is what I started thinking last night. Any of the people who were added to the chat could be disgruntled and add a reporter to the chat to leak it. Is there even any log of who added who to a chat? There might not even be any way to pin it on the leaker. If the leaker had been involved in several such chats and knew the intent was to intentionally violate federal recordkeeping laws, not only would this accomplish the leak, but there might not even be any record of who caused the leak.
If they have admin privileges. The person who creates a group has them by default, and can grant them to anyone else, admins can add, remove, and grant or revoke admin privileges and set group name/description parameters, and disappearing message configuration. Yes, you could have a group where the founder revokes admin privileges for themselves and then nobody can make changes to the group (although individual members can leave and delete the history on their own devices). Signal users can also delete their own messages.
If anything, I'm a bit surprised that Jeff Goldberg burned this source.
If anything, I'd suspect that he'd keep the channel open as long as he could.
Or, he's got other channels that work better.
All the same, I mean, wow. These guys are just morons here, there's really no other way around it. I'm trying to think of a charitable way to spin this and I've got nothing.
Like, very clearly, these people are going to get service-members killed due to their idiocy
As soon as he realizes (or a reasonable person would realize) that the group chat is not a hoax, and that he is getting confidential military information over that channel, his continued membership in the channel demonstrates intent to receive the information, which makes anything he writes about it in the future legally problematic. It's complicated and it's not like just receiving classified information from a source is intrinsically criminal, but it'll be the entire fact pattern he'd be confronted with by prosecutors.
The fourt cases related to Watergate established that receiving classified information is not illegal, and affirmed 1A rights. I'd argue it's a exactly the same as a journalist overhearing this motley crew discussing the war plan in the halls of the White House without being aware there's a journalist nearby. I wouldn't bank on the current supreme court to uphold precedence, or the current administration persecuting the journalist for "hacking" into a "secure" government chat group - which is what they'll allege without evidence. I suspect the journalist cares more about national security than the cowboys in the chat group, and is acutely aware that they are a target for hacking by nation-states, which would leak classified information.
There should be protection for people that receive information in this manner that is equivalent to whistleblower protection. No law abiding citizen should ever be prosecuted in favor of protecting a government fuck up.
"his continued membership in the channel demonstrates intent to receive the information"
Nope. His authority as a journalist prevails. He published the article -- so his intent was to do his job as a journalist, and the public has a right to know.
National security or institutional trust was not damaged by the journalist -- only by the ignorance of the politicians now running our military.
The information was newsworthy and in the public interest.
Publication did not cause harm (and you might argue that dropping actual bombs caused much more harm).
The information was obtained legally and without foresight.
The journalist has an obligation to report the information if it serves the public interest, especially if it reveals systemic failures, endangers democracy, or impacts public policy.
That's the part you're concerned with? Criminal liability of the journalist while the alcoholic was sending government secrets over a signal group chat to unverified members?
> If anything, I'm a bit surprised that Jeff Goldberg burned this source.
> If anything, I'd suspect that he'd keep the channel open as long as he could.
> Or, he's got other channels that work better.
The Signal chat group was called the “Houthi PC small group.” It appeared to be a short-term, mission-specific group rather than a long-term, open-ended group. Thus, it's unlikely that much more information would be gained in the future. Goldberg's inclusion in the chat was the main story here, not the specific details revealed to Goldberg, many of which he kept confidential.
He was probably worried about the legal ramifications of not doing so, though these days he may be more likely to get sent off to some El Salvadoran prison for writing the article and exposing their staggering incompetence than he would be for continuing to knowingly listen in on the chat.
He did the right thing. He's obviously of a certain political bent, but recognized this kind of leak could lead to the loss of American service member lives. He didn't share everything from the chat. I respect him for what he did.
Hard to say. Sharing it may have lead to saving of servicemen lives since it may cause an abort. Not like it is a self defense mission, attacks on Houthi is totally optional meddling that likely breeds more 'terrorists'.
My guess is that he was consulting their lawyers during this. IANAL but it might have been a crime if he did not leave the group as soon as he was sure it was real. He keeps mentioning that he was not certain this is real until the first attacks. After the first attack, he could not continue this argument.
My theory is that he had to balance the journalistic scoop of the century with the risk of being arrested for illegally accessing/storing classified information. If they had noticed before he published the story then he could have been vanned and the public told that he had infiltrated a secure channel, and who would be able to say otherwise? MAGA people would cheerfully call for his execution.
Under US federal law it is generally not a crime for a person without a security clearance to receive or store classified information. The legal problems come in when they solicit it or take some other action to obtain it.
"If anything, I'd suspect that he'd keep the channel open as long as he could."
The real story is that he was added to the channel, so it doesn't surprise me that he didn't try to lurk indefinitely. I'm guessing these things are also ad-hoc, so perhaps the well was already dry after the attack?
But this is some truly amateur-hour shit. I've seen better communications discipline from volunteer open source projects than this.
One lawyer I follow on Bluesky mentioned the longer he stayed on more exposed he became to legal ramifications. Also, this involves national security which courts may treat differently than other issues.
I am more surprised that he did not save this incident for a future book
This is the type of thing that can get you on jail or even (quietly) killed during a normal US administration. I'm not surprised Goldberg GTFO intermediately.
Dunno, I was surprised how digitally literate these old dudes are to the point of writing long autistic messages in Signal, so long that the author can quote them only as "wrote a lengthy message". Even normie programmers of all people can communicate only with meat sounds.
Who complained here that email can't be replaced by messengers, because you can't write long messages there? Here's a counterexample.
He could have continued for weeks, imho he did the good citizen and responsible journalist thing here. Made the public aware before it really got out of hand.
I'm betting that Goldberg realized, once it was confirmed real, that his only feasible defense was exiting the chat and going public immediately. Otherwise, someone notices he's there, and he's arrested by ICE and disappeared to El Salvador, or worse.
In many ways, being a public enemy of the Trump Admin is the safest enemy to be.
I thought that at first, but the group was clearly temporary, intended for this particular military action. There was likely little value to staying, and as other comments note, a nonzero risk of (likely unsuccessful) prosecution.
Imagine if he stays and obtains some critical information that later happens to get leaked. You're now a prime suspect for the leak, possibly facing charges of something like treason. I think leaving was the wise choice.
Sounds like he received the message purposefully and pretends it was an mistake?
2h is a lot but also not that much time, everything is prepared already it’s more a countdown I would say. What would be a usual timeframe to inform the people you want to inform about an immediate event which is going to happen?
> Sounds like he received the message purposefully and pretends it was an mistake?
Why would he have been added to the group? For what purpose would the current National Security Advisor have to bring in an outsider to discussions that ended up involving almost certainly classified data?
> 2h is a lot but not that much time
He was added to the group two days (13 March) before the strikes (15 March), not two hours.
Steve Witkoff was on the chat while he was in Russia.
There’s a vulnerability in Signal where you can set up linked devices that replicate your signal messages. You can do this by just scanning a QRcode. This is known to be used by Russian hackers.
What are the chances the Russians duped Witkoff into scanning a QR code while he was in Moscow?
Why must a Signal attack take place only in Russia? If Russia intelligence operations can operate freely in the US, they can attack US Officials in the US as well.
Good point. I was just thinking Witkoff must be dealing with Russian functionaries all the time in Moscow so they have near constant direct access. There’s nothing to stop them duping one of them in the US though, and it doesn’t seem like duping these guys would be a stretch.
> There’s a vulnerability in Signal where you can set up linked devices that replicate your signal messages.
You mean the desktop linking feature? If that's considered a vulnerability, then so is being able to chat with someone after getting their public key unverified from an overseas server, the primary mode in which everyone uses it (including the people in this chat, evidently, since no out-of-band key exchange was performed)...
Not to mention the "vulnerability" where you copy the phone's storage and get the key material onto another device to do with what you will, which may be harder or easier depending on the hardware but I'd trust any sufficiently funded security agency to be able to do this for common devices
If you're part of the US government, with access to the most sensitive information which will put people's lives at risk if compromised, then yes this is a vulnerability because "russian GRU agent nicks your phone and scans your signal QR code" is a real threat.
Totally! Probably for a restaurant menu or something. . . It also seems likely that they added Jeffrey Goldberg, (the Atlantic's editor-in-chief) to the chat as the outlet, so the whole thing would become public. . . .
Right. So the problem is not that everyone in the chat was using an unsanctioned app to exchange classified information, but these insidious Ruskies who tricked Witkoff and hacked his personal Signal account.
That's the White House line, apparently they did nothing wrong. It's that Journalists's fault. It can't be the Russians though, they're trusted allies now.
This hypocrisy reminds me of one of my former lead developers. He required everyone on the team to go through multi-person code reviews and pass an extensive CI suite before merging changes into our mainline.
But him? Half that time he'd approve his own changes without review, the other half he would force-push and bypass the CI system entirely.
He knew the system well and seemed to do enough local testing to avoid major breakage but still. Why have a bunch of rules and policies that you do not follow yourself?
He knew the system well and seemed to do enough local testing to avoid major breakage but still. Why have a bunch of rules and policies that you do not follow yourself?
Because these rules and policies are for people that are judged to need them by the person with the authority and responsibility for making the decision.
Policies like these always have a cost and (hopefully) a benefit. Presumably this lead dev judged that the cost vs benefit didn't make sense for themselves but did for others. It's entirely possible they were correct.
One of the main purposes of code review is to ensure that your code is understandable to other people. Good lead developers understand this. Bad ones find a way to push through their changes without review or get them rubber stamped, in my experience. Then you end up with big parts of the codebase that only the lead dev can work in productively.
> Why have a bunch of rules and policies that you do not follow yourself?
If you can get away with it, why wouldn't you set things up this way? Rules for thee, not for me. You can't try to view power plays like this through the lenses of ethics or morality. The point is to use rules to bind and punish your enemies and to make sure that only your friends can get away with breaking them. You do this with media capture and twisted narratives, taking advantage of the erosion of rule of law as a respected concept among the public.
> If you can get away with it, why wouldn't you set things up this way?
Ethics and morality.
> You can't try to view power plays like this through the lenses of ethics or morality.
Yes, you can, that's the entire point of ethics and morality.
> The point is to use rules to bind and punish your enemies and to make sure that only your friends can get away with breaking them.
Well, yes, that's the point of the specific actions being discussed; that doesn't make it impossible to look at them through a lens of ethics and morality, it just makes them look bad through such a lens.
Culture transmission is more effective when followers can emulate leaders — so you’ll have an easier time getting people to obey when your goal is to get them to act the way you do. In this case, you’ll expend less political capital on enforcing your policy regarding code reviews and testing if you adhere to the same policy. (And accordingly, have an easier time avoiding disgrace like public failures if your service.)
If you want to view it purely through the lens of power politics, saving your political capital on issues like this preserves it for things with better rewards — eg, you’ll have an easier time getting your projects approved if your manager isn’t constantly having to deal with the fallout of your policy double standards impacting morale. Or for setting a standard that working fewer hours is acceptable if you’re meeting your quotas — which nobody can dispute you’re doing, as the whole teams is validating that you are.
This kind of petty power game is rarely an optimal exercise of power.
I think it's more likely a trust issue. He didn't trust the other devs to push things directly, but ofc he trusts himself. I do this with somethings myself. But I also do the inverse, where I don't want to trust myself so I setup a bunch of checks and tests to save my future self from my present self
I think when you're the 'architect' or know the full stack very well, to where you fully repl/grok it and occasionally need to do hot patch type work, the former approach is nice. But, my brain has limited memory and time erodes quickly, so I also know when to rely on the latter approach and I try to do it as much as possible
Apples and Oranges? If he is the person responsible should a system break then it's totally up to him. In that case, he made sure you did not break his system (because he'd be responsible). And if he broke his system himself then it's on him.
I don't see a problem with it (as long as he can't transfer the blame somewhere else).
That’s one of the reasons I always worry about high level employees who “still write code”. It’s just too much opportunity for them to make bad choices and many ICs are afraid to speak up to avoid it.
Same goes for some “10x developers” who are fast because the rules don’t apply to them. Meanwhile the rules slow everyone else down (yea big surprise he is faster). And everyone else has to clean up after these guys when they get sloppy.
My personal pet peeve is network admins that have unfettered Internet access from their workstation IP, but everyone else has to traverse half a dozen “security” appliances that break developer CLI tools and slow down everything else.
But for me the foundational issue is that my coworkers aren't holding up the bar when reviewing contractor code. And reviewing all the code isn't my job description.
Meanwhile my job description does include maintaining a system my coworkers don't really know anything about, and so I mostly make sure it's tests pass and let me manager know about anything I need to do to it.
Another interpretation of this is that the lead developer adequately mitigated the risk of errors while also managing the risk of not shipping fast enough. It's very easy to criticise when you're not the one answering for both, especially the latter.
As one such developer, it is a powerful ability to be able to bypass restrictions meant to be used sparingly for a good reason
I rarely commit the same kind of code the full time professional developer do(when bypassing policies).
Typically it is stuff like urgent patch in prod that may not have coverage , or partial long running refactor which breaks existing tests but better to be able merge quickly than keep the branch constantly free of merge conflicts , or experimental exploratory new type of code(new lang , stack whatever )for which we have to yet evolve processes, part of what the lead is supposed to be exploring and so on.
Although In my experience junior leads more often than not abuse their privileges than use it well.
Trump went on about Hillary’s mail and made it a big thing for political points, not because he was particularly caring or didn’t have infamously bad opsec when he got in.
You lead dev trusted himself more than the team. He was probably right.
The parallel is senior leaders ignoring secure communication rules that their rank-and-file must follow. Hillary's email server did not immediately spring to my mind.
Edit: Its safe to say that this story involves multiple levels of hypocrisy by the current administration.
You're correct that Trump's entire cabinet are hypocrites and they deserve to be raked over the coals for this and have their past statements thrown back in their faces. At this point there's no reason to believe Trump or anyone in his circle ever saw the email scandal as anything but a cudgel with which to rhetorically bash their opponents.
But the problem with them being hypocrites in this regard is that it follows from them doing the same thing Hillary did, and in that case the "fair" way to punish them would be the same way she was punished, which is not at all. So I don't see any real accountability ever coming from this beyond maybe trump firing a couple of sacrificial lambs from his administration.
In my opinion there are at least two ways to interpret this:
a) It's an unintentional opsec failure. Perhaps there was an address book collision with another intended user. Perhaps it was fat-fingered. This seems likely.
b) It was an intentional leak. Perhaps overtly, perhaps covertly, by one or more of the channel members for unknown purposes. This seems less likely as there are better ways to leak with less blowback risk.
Regarding using Signal in the first place. Yes, this seems like bad opsec, but it's possible that the current admin working groups don't trust the official secure channels and assume they are compromised and they are being spied upon by their own or foreign agencies. That seems very likely, given the circumstances. In which case, it is still a possible opsec failure, but perhaps a less bad risk than trusting operational security to known adverse agencies. This is the more interesting case, imho, since the assumption on here is largely that these types of coordination should be happening on official government channels. But "government" is not necessarily a unified collective working towards the same goals. If you have a strong suspicion that agents within your own team are acting against your goals, then of course, you have to consider communicating on alternative channels. Whether that's to evade legal restrictions or transparency, like with the Clinton email servers, or to evade sabotage, I'm not judging the ethics, just considering the necessity of truly secure communication.
Is that trust in Signal justified? It suggests members at the highest security clearances believe Signal is not compromised. Are they correct? In any case, clearly there are more ways to fail opsec than backdoors.
Using Signal in this case is wrong and foolish full stop, and the extremely likely reason they did so is so they could escape standard government record keeping compliance (NARA).
To start with, classified information is ONLY supposed to viewed in a SCIF. Secondly, it should never be loaded onto private devices. The private phones of national security leadership would be prime targets for every hostile intelligence agency in the world. It matters little if the information was encrypted in transit if the host device is compromised.
One would have to be a fool to not trust all of the classified tools and safeguards the US government uses only to then use a commercial app on commercial phones to communicate classified data in public while stateside and abroad. Just the fact that someone could accidentally add an unauthorized person to the chat is but one reason it was crazy for them to do this.
"classified information is ONLY supposed to viewed in a SCIF"
No.
No, no, no.
Most classified information is NOT designated SCI. When classified info was mostly paper, it was placed in GSA approved safes in regular 'ole office buildings. You'd get to work, open your safe, and do your work. Most SIPRNet computers are not in SCIFs.
Heck, you can even mail classified documents via USPS. Confidential and secret documents can be sent registered mail.
Sure, those are the reasons for, but would be interesting for you to address the salient point of not trusting those government systems. I'm sure you can make the counterargument.
For a tech forum, this take is pretty darn close to once again giving bad/dumb actors benefit of the doubt backed up by zero.zero% technical logic by claiming they’re actually playing 4D OPSEC chess.
They replace “ideologically compromised SCIFs” with…… 18 separate iOS devices that I’m sure are on 18 separate OS/app versions and device postures and…
Got news for you - want to compromise e2e encryption and Signal? You do it via what they did. So no, they are not correct.
Yeah Signal isn't the issue - it's the phones. In the end Signal was probably easier and faster to use while a bit more secure than WhatsApp but one has to presume that a chunk of those phones have been compromised for months.
They can bake any Tom Clancy style excuse they want. They broke the law and they're incompetent. Even if you want to ignore one, they still need to go. Making mistakes like this anywhere else would cost you your job.
It may or may not be bad security (I lean toward a rather than b), but it definitely violates record-keeping requirements. Deliberations of public officials might need to be classified, but they should definitely be recorded. If you're using disappearing messages to auto-erase records of conversations, it's a kind of fraud upon the public.
"abysmal mistake" makes it sound like this wasn't a considered action and willful disregard for both op-sec and the law. There is zero chance these guys didn't know what they were doing...
At minimum, Mike Waltz is retired special ops, Rubio has had high-level clearance for ages from his time in the Senate, same for Gabbard in the House. None of them responded "Hey, this is poor op-sec and illegal, perhaps take this to an approved messaging service?"
Basically a journalist was added to a discussion group of high ranking politicians.
This journalist is well known within those circles and has plenty of access to those people regardless.
The conversation may have been war plans, but the action is pretty uncontroversial across both parties, and went off without a problem so the impact of the leak was nil.
Seems like a great topic for making political hay, but twins that a mistake that can be easily corrected.
> Is that trust in Signal justified? It suggests members at the highest security clearances believe Signal is not compromised. Are they correct? In any case, clearly there are more ways to fail opsec than backdoors.
If you new that Signal was secretly a front by the CIA/NSA then you'd feel pretty comfortable using it.
Secretly? Surely you're not suggesting people on Signal Foundation's board are intelligence assets? Surely, you're joking. That could never, ever, ever be the case. Why would you say such things.
FWIW, Signal has been the de facto semi-informal chat app throughout the US intelligence community for many years. I first started using Signal several years ago because I needed it to chat with people in DC.
European governments do the same but with WhatsApp.
Lincoln famously suspended the law of habeas corpus (due process) for the purposes of preserving the Union and his ability to govern, and many consider him to be one of our greatest statesmen. There is no government on earth that can function "in the open". Secrecy is a requirement. Go ahead and try to plan an office party without some "need to know" organizers and see what kind of trouble and interference you stir up.
"it's possible that the current admin working groups don't trust the official secure channels and assume they are compromised and they are being spied upon by their own or foreign agencies"
Jesus Christ, this is dumb. Using a civilian app with civilian phones is literally the best way to get spied on, by either "your own" or foreign agencies. These people are going to get us all killed in a nuclear first strike.
> These people are going to get us all killed in a nuclear first strike.
Not sure how leaking state secrets is risking nuclear annihilation - unless they invite Putin or Xi mistakenly in their Signal Group and plan to bomb Moscow or Beijing but the coziness of the current administration with these 2 countries is certainly not making this scenario realistic at all.
Instead the reality is likely more boring: they just accelerate American decline
I don't see how this would work. If you're the leaker, do you just add the journalist to the group yourself? How are you going to explain that? I think there are more anonymous ways to leak stuff than adding someone else to the group chat. Or does signal not show who added someone?
"So, is Signal App owned by China? The answer is no... Signal is run by the Signal Foundation, a non-profit based in San Francisco... Amidst this controversy, it's crucial to remember that Signal's roots are firmly planted on American soil, dispelling any notion of Chinese ownership."
This leak proves that the trust in Signal is not justified. Yes, their crypto didn’t fail, but the system did. If you’re having a classified conversation electronically, you really want the system to check that the participants are supposed to be privy to this information. If some rando is in the chat, there should be a big, loud “some rando is in the chat, don’t share any secrets” alert.
Obviously, Signal is not meant for this sort of thing, so it has no reason for such a feature. It’s not a failing of Signal, but it’s not fit for this purpose.
There are other ways to "fake leak" information than having to look like an incompetent idiot at the end. Plus, what they said on Europe is not breaking news, they say pretty much the same on open channels - even when they face directly Europeans (e.g. last Munich conference)
I don't think using Signal is the biggest problem in terms of security, though it's against the rules to use something not explicitly approved.
The bigger security problem is that it was being run on devices that evidently weren't limited to secure communication tasks (such devices wouldn't have a journalist in their contacts). That suggests at least some people were using personal phones, which seems like a terrible idea.
if you think the national security infrastructure is untrustworthy, you need to fix the national security infrastructure. getting elected doesn't mean you get to create your own private government - we call that a revolution, not an election.
but of course, this lot thinks the existing government is all corrupt / deepstate.
>It was an intentional leak. Perhaps overtly, perhaps covertly, by one or more of the channel members for unknown purposes.
It was Mike Waltz who invited Jeff Goldberg to connect on Signal. It seems inordinately unlikely that he would have been uninvolved if it was an intentional leak.
None of your conjecture matters: it is blatantly illegal to use commercial apps to discuss classified information.
You can debate the seriousness of this sometimes. When it comes to impending military action though, revealing when and where US personnel will be conducting an operation in the future, there really is no debate. This is gravely serious.
> Is that trust in Signal justified? It suggests members at the highest security clearances believe Signal is not compromised. Are they correct? In any case, clearly there are more ways to fail opsec than backdoors.
Once upon a time, I was visited very forcefully by the FBI at 0600. They used a battering ram to gain access to my domicile.
During the "interview" that took place later that morning, they requested some information from me. I told them that the information was contained in Signal conversations between two recipients, and the messages in question have "disappearing messages" turned on. tldr; the messages are no longer available.
Relevant parts of conversation that followed:
me: "Do you have signal?"
agent: "I have it on my phone if that's what you mean."
me: "No, do you HAVE it - as in, do you have access to messages sent between other parties?"
agent: "If we do, I am unaware of it, and we certainly don't 'have it' with regard to this matter."
Take that for what it's worth.... my takeaway was that they(the FBI at least) have not compromised Signal. This was late in 2019 for context.
The other takeaway...be careful who you trust. That all happened because I trusted someone I shouldn't have.
I think there is likely a difference between what the FBI does to someone they want info pretty badly from vs what <insert state actor> does to someone that they have determined is a keystone to one of their national adversaries.
If they did have some kind of collection capability around Signal, they likely would not have risked burning it on you.
I'd go with b: They've been talking for a while about finding information leaks, and the messages themselves seem a bit staged. They probably did it intentionally with different people, with slightly different wording, and because of which version got published they just identified a leak.
A barium meal is for finding leakers within an organization. IF you send material to a journalist, unsolicited, and they report on it, what exactly have you established?
Like, do you think they did the same thing with multiple journalists in an attempt to see who would publish and who would keep their mouths shut?
Bear in mind, when you join a Signal group you don't see the conversation history from before you arrived, only the live updates that take place during the time you're a member. Also, anyone in the group can view the list of group members and receives notifications about people being added to/removed from/leaving the group.
This doesn't make any sense. They were the ones who added the journalist to the chat. The chat wasn't covertly relayed to a journalist by one of the members.
„Among the topics the officials discussed in their conversation, conducted using standard commercial Cisco Webex video conferencing software, were the presence of UK and US military personnel in Ukraine and the potential use of Taurus missiles to blow up the Crimean Bridge.“
Here's how Eisenhower dealt with a similar leak.[1]
General Henry Miller made public comments about the secret date of the Allied invasion of Normandy in May 1944. He was a personal friend of Eisenhower. Eisenhower demoted him and sent him back to the US in disgrace. He wasn't court-martialed.
Today's bombing of Yemen is tomorrow's landing of Marines on Taiwan, or I guess these days marching into Montreal and landing in Greenland. All of these require complete OPSEC from the entire chain of command.
People could, obviously, die from leaking a military operation. You're right that more people would die in a larger operation, but I'd assume most of us are okay with firing or prosecuting people for risking lives for not following basic policies.
Without commenting on the (important) political or reputational considerations here, I want to talk a bit about the operational risk presented by this practice. There is a somewhat sizable "So what? Signal is e2e encrypted. Nothing bad happened and you're all overreacting." narrative floating around. (not so much in this thread, but in the general discourse)
If this operation was planned in Signal, then so were countless others (and presumably so would countless others be in the future).
If not for this journalist, this would likely have continued indefinitely. We have high confidence that at least some of the officials were doing this on their personal phones. (Gabbard refused to deny this in the congressional hearing -- it does not stand to reason that she'd do that unless she was, in fact using her personal phone).
At some point in the administration, it's likely that at least one of their personal phones will be compromised (Pegasus, etc). E2E encryption isn't much use if the phone itself is compromised. This is why we have SCIFs.
There was no operational fallout of this particular screwup, but if this practice were to continue, it's likely certain that an adversary would, at some point, compromise these communications. Not through being accidentally invited to the chat rooms, but through compromise of the participants' hardware. An APT could have advance notice of all manner of confidential and natsec-critical plans.
In all likelihood this would lead to failed operations and casualties. The criticism/pushback on this is absolutely justified.
Or not even the device: The other reason we have SCIFs is they provide a secure location. These personal devices could have been in use anywhere, including places where they were subject to observation. Including but not limited to Moscow. :)
Something I havnt seen discussed is that you can get the information from signal without compromising the phone or person. Just reading the texts "over the shoulder" would be enough of a leak. Being in Moscow is bad, but even a Starbucks has security cameras good enough to read text on a phone. A SCIF would fix that
I agree with all of this, my only quibble is that I would bet there have already been costs associated with this idiocy. Hostile powers knew going in that this would be an incompetently run administration and I'm sure were looking at gaining access to personal devices out of the gate. It's possible that a great many highly sensitive conversations have already been read by adversaries. I also expect that similar sloppiness like adding the wrong person to a Signal chat has already happened without being reported on.
Yes, this was one of the main points on infosec Mastodon today. While everyone is aware enough to be concerned with encryption over the wire, it's the endpoints that matter. Personal Android devices capable of running Signal are going to be some of the easiest to compromise for a sufficiently motivated attacker. I've seen n00b cops do it for drug gangs here. There's no question that Russia, China, et al. can do it just as well and we have as good as much as confirmation that that's what's going on in at least Tulsi Gabbard's case.
I suspect we won't know the true damage until all these people are gone, kind of like how Apollo 13 didn't know the true damage to the service module until they jettisoned it.
My prediction is, given the way the narrative is shifting to digging in their heels and insisting they did nothing wrong, the lesson they are learning from all this is that they should have hid their activity better. Nothing will happen to them, they will continue with impunity, and they'll just be more careful about not inviting outsiders. I suspect this isn't the last leaked top-secret group chat we'll see.
Encryption doesn't really help when you add "random" people to your group ..
Also, I haven't followed the email thing, but emails are by design insecure, so one should hope stuff like this was not discussed over emails (regardless server..)
Plus the stuff in those emails weren't even really dangerous to the well being of th country or military unlike if the Russians/iranians go their hand on notice of an imminent attack on the Houthis with lots of details on the attack and strikes
People are focusing too much on accountability that will likely never happen. This is Trump 2.0. People knew exactly what they were getting and they voted him back into office anyways.
Perhaps a better answer is to separate accountability from the executive branch, possibly:
* Provide journalistic publication businesses super first amendment protections that cannot be restricted by a president, but news sources that contain opinion pieces separate from witness testimony and/or third party expert analysis as entertainment, thus restricted from journalistic venues.
* Transfer the justice department to congress. The president can still appoint the attorney general. The president should have no ability to determine criteria or persons for investigation or denial thereof.
In 2023, Hegseth had his own critique of the Biden administration handling classified documents “flippantly”, remarking on Fox News that “If at the very top there’s no accountability”, then we have “two tiers of justice”.
Caring about people in a far away country is not a winning strategy. Showing that this admin is harming national security and risking American lives is what gets voter attention.
I wish to highlight the pointlessness in your timing of your leftist activism. Trump cannot run for a third term due to the 22nd amendment to the constitution.
Therefore even if you found evidence that a small subset of the members held national security worse than Hillary secured her emails, (in this case, leaking a Yemen bombing attack 2 hours before it happened), there’s nothing left for voters to vote on.
The only thing far-left activists can do to change this administration is to wait 4 years for Harris, Hillary, or Bernie to run again. But they’ll need a winning platform to run on. Maybe campaigning on making America Great Again or putting America first will work better.
All this left-leaning activism is doing is helping other liberals lose even more of their sanity than they’ve already lost. One reason the democrats lost this election because they didn’t even care about their own American people, let alone other American people.
I guess Signal is pretty safe, but the phone you are using it on is far from safe. Then there is the issue of being able to accidently add unvetted people to the chat. Is that pretty much the size of the technological issue here?
And these guys have been in power for only a few months, they're still finding out about their new tools. What will happen in the next 4 years? will they even leave power peacefully?
Trump has already been president and already demonstrated to us that he will not leave power peacefully. He's openly discussing serving a third term. I think it's highly unlikely that the transfer of power will happen peacefully unless
1) he dies in office (of natural causes)
Or
2) the republicans win in 2028 and a different republican president is sworn in.
That's a good question, for a lot of them, and especially Musk.
What's his endgame now ? If Trump is no longer in power, even if Musk doens't land directly in prison, I have a hard time imagining the new government collaborating in any way with him or his companies. And they sure behave like this is not an issue.
What are the odds that Goldberg was included in the Signal chat intentionally by a whistleblower? I.e., someone who had reservations about what was about to take place (either the bombing action itself, or the intentional avoidance of government recordkeeping) and so included him as a witness?
“Signal is attractive not because it is secure with respect to foreign adversaries, which it is not, but because it is secure with respect to American citizens and American judges.”
The whole thread is WILD, and the fact that it was verified is crazy. But the actual text of the thread is horrifying:
On one hand, they say they complain about "bailing out Europe". But on the other hand, they explicitly moved up the timeline so they could move before other actors and take credit.
> "If the US successfully restores freedom of navigation at great cost there needs to be some further economic gain extracted in return."
So to be clear, when presented with the option to wait a month, they instead explicitly choose to act decisively for political reasons. And then they want to turn around and extort European allies over it.
The US is primarily attacking Houthis to support Israel and not Europe. Vance knows that.
J.D. Vance comes of as a rabid anti-Europeanist in his speeches, tweets, and apparently also his private messages. Here in Denmark the authorities reported that his wife, Usha Vance, is tied to an unusual money transfer and upcoming meeting with Greenlandic separatists.
> So to be clear, when presented with the option to wait a month, they instead explicitly choose to act decisively for political reasons.
This feels like a pretty reasonable thing for a nation-state actor to take into consideration, no? Is there any country on earth where the government altering timing of something for political convenience would be surprising?
The rest of this story is hilariously egregious. The part about the government discussing its own best interests and acting in them is the least abnormal thing here.
It's been acknowledged by the government that this happened. They aren't denying anything, and are saying it was just a mistake. From WSJ:
> House Speaker Mike Johnson (R., La.) dismissed questions about whether Waltz should face consequences for discussing the Yemen operation on an unclassified chat group that included a journalist. “Clearly I think the administration has acknowledged it was a mistake and they’ll tighten up and make sure it doesn’t happen again.”
> [National Security Council] statement: "At this time, the message thread that was reported appears to be authentic, and we are reviewing how an inadvertent number was added to the chain. The thread is a demonstration of the deep and thoughtful policy coordination between senior officials. The ongoing success of the Houthi operation demonstrates that there were no threats to our servicemembers or our national security." - NSC Spokesman Brian Hughes
And from the article, practical verification:
> According to the lengthy Hegseth text, the first detonations in Yemen would be felt two hours hence, at 1:45 p.m. eastern time. So I waited in my car in a supermarket parking lot. If this Signal chat was real, I reasoned, Houthi targets would soon be bombed. At about 1:55, I checked X and searched Yemen. Explosions were then being heard across Sanaa, the capital city.
> "Michael Waltz has learned a lesson, and he’s a good man," Trump said Tuesday in a phone interview with NBC News.
> When asked what he was told about how Goldberg came to be added to the Signal chat, Trump said, “It was one of Michael’s people on the phone. A staffer had his number on there.”
Question: how many people here who are concerned about this behavior have actually contacted their senators or representatives to voice an opinion on this?
I wonder whether the phones and software used were certified for discussing such sensitive issues and if there are risks of leaking the data because of this.
304 votes, 75 comments 3 hours after posting and this is already being thrown all the way back to 134 rank on the front page with some 2-3 day old posts. This is very clearly hacker news: a case of opsec slipup in easily the worst fashion coming straight from the SecDef (or one representing the SecDef). A shame it is probably getting flamed and downvoted over partisan reasons, although I know there are many conservatives here who probably don't enjoy these constant leopards eating face moments they've unleashed and am not surprised they'd be acting out and flagging embarrassing posts.
People often flag politics-related posts because the comments are invariably of low quality. The interesting discussion is generally about technical issues, but that is usually overwhelmed by political opinions. This happens on both sides of the spectrum.
There are lots of other places to discuss politics.
this site has some governors in place to prevent a flood of low quality engagement. If things rise too fast, they get pushed down a little and cool off and rise back up. No great conspiracy as I found this thread at the top of HN a day later.
On-Topic: Anything that good hackers would find interesting. That includes more than hacking and startups. If you had to reduce it to a sentence, the answer might be: anything that gratifies one's intellectual curiosity.
Off-Topic: Most stories about politics, or crime, or sports, or celebrities, unless they're evidence of some interesting new phenomenon. Videos of pratfalls or disasters, or cute animal pictures. If they'd cover it on TV news, it's probably off-topic.
I mean im not shocked by neither the fact this happend nor the content. it portraits the staff exactly as i would imagine them.
Tho i still find it kinda amusing that this is the finally proofs that the average security invested joe has a better opsec than the highest ranking us gov officials.
How exactly do you accidentally add a reporter to a signal group chat ...? That's a pretty bizarre sequence of events if it's actually what happened isn't it?
>"The Houthi-run Yemeni health ministry reported that at least 53 people were killed in the strikes, a number that has not been independently verified."
weird chat, surprised Waltz was active in planning strikes. 18 confidantes - closer knit cabinet from internal coms. was under the impression that signal log was leaked to emulate Spinoza's excommunication decree.
Relatively minor side point, but still: for people who chastise "European freeloading", it's interesting to note that none of Signal group's members' usernames have the badge Signal gives users who pay for the service. Users like me, from Europe. Sure, they might all be paying but have opted out, but let's be honest that's unlikely.
> Waltz set some of the messages in the Signal group to disappear after one week, and some after four. That raises questions about whether the officials may have violated federal records law: Text messages about official acts are considered records that should be preserved.
I suspect that this was the point of their using Signal, to avoid preservation of records.
The DoD or Pentagon don’t have their own messaging apps? Maybe our government doesn’t spend enough on tech. To me this is the same as if this were happening on Zoom or Discord, since these are not exactly world war level apps.
Finally, the echoes of Dr Strangelove are strong with this one. A veritable board room of talking heads that don’t ever really talk about life or death, but just the material numbers of raw commerce or messaging (deterrence) .
> When mission needs or the effective conduct of DoD business cannot be adequately supported by Microsoft Teams Chat, SMS texting may be used in accordance with DoDI 8170.01. In such cases, a complete copy of the record must be forwarded to an official DoD electronic messaging account of the user within 20 days of the record's original creation or transmission in accordance with Section 2911 of Title 44 U.S.C, and Component processes. The complete copy of the record includes the content of the message and required metadata, and the record must be retrievable and usable in compliance with the applicable retention schedule approved by the Archivist of the United States. DoD Component heads shall ensure that DoD users are provided guidance on their Component's processes for forwarding complete copies of records originating in SMS texts.
SO much for 'the most transparent administration in history', not that I bought into that claim in the first place. Seems like a violation of multiple public record-keeping laws.
> It’s best to understand that fascists see hypocrisy as a virtue. It’s how they signal that the things they are doing to people were never meant to be equally applied.
> It’s not an inconsistency. It’s very consistent to the only true fascist value, which is domination.
> It’s very important to understand, fascists don’t just see hypocrisy as a necessary evil or an unintended side-effect.
> It’s the purpose. The ability to enjoy yourself the thing you’re able to deny others, because you dominate, is the whole point.
> For fascists, hypocrisy is a great virtue — the greatest.
But they are extremely transparent. All of their actions are clearly in furtherance of corruption, stealing, and helping Russia (and China) destroy the United States.
Unfortunately we also live in the time with the largest mass media consumption (social media), all but guaranteeing their followers keep rationalizing their actions with a litany of talking points rather than understanding straightforward criticism said by someone on the "other" team.
The obvious follow up is what else do they illegally delete?
If they’re doing it so blatantly to plan for attacks that will eventually be public, contain no conspiracies or illegal activity, and will be used to dunk on Biden, then what else are they automatically deleting?
Plus, if China/Russia/Iran/NK weren’t targeting US officials phones and Signal, now they certainly are.
The funny thing is I heard the head of the CIA testify today and say they use Signal because it is E2E encrypted. Are they that confident that no other country like China can crack those? I sure hope our intelligence officers are using better systems than effing Signal
I have never seen a breach quite like this. It is not uncommon for national-security officials to communicate on Signal. But the app is used primarily for meeting planning and other logistical matters—not for detailed and highly confidential discussions of a pending military action. And, of course, I’ve never heard of an instance in which a journalist has been invited to such a discussion.
Conceivably, Waltz, by coordinating a national-security-related action over Signal, may have violated several provisions of the Espionage Act, which governs the handling of “national defense” information, according to several national-security lawyers interviewed by my colleague Shane Harris for this story. Harris asked them to consider a hypothetical scenario in which a senior U.S. official creates a Signal thread for the express purpose of sharing information with Cabinet officials about an active military operation. He did not show them the actual Signal messages or tell them specifically what had occurred.
All of these lawyers said that a U.S. official should not establish a Signal thread in the first place. Information about an active operation would presumably fit the law’s definition of “national defense” information. The Signal app is not approved by the government for sharing classified information.
If you want to put a tinfoil hat on, one could argue external state actors could have convinced the Trump admin their provided forms of communication are tapped, so they should consider alternatives. Such a state actor would know the alternatives are compromised well in advance by them.
Yes, it is illegal (because of the auto-deleting messages) and explicitly against the rules that every one of these people mandates for their own employees. All of them know that federal records must be preserved, and you have to manually turn on Signal's auto-deletion feature, so this is obviously intentional criminal activity.
When you get a clearance, it is inculcated upon you that you absolutely do not leak cleared information. If you THINK something cleared, it's best to treat it like it is.
It's possible that there is some 10D chess happening here, but I wouldn't expect details like this to be approved for apps like Signal.
Can we stop with the nth-D chess nonsense? This administration proves day by day that no advanced tactics are going on, it’s literally just clueless idiots improvising because they’re way out of their league but are too self-absorbed to step back.
No worries. DNI was in the chat room. Also we have no idea nor can we know if this is the first use of Signal by this or other administrations. We only know because someone goofed up.
So, let me say the quiet part aloud, the presence of DNI & NSC heavies indicates to me that Signal is possibly not really a "3rd party".
Isn't there some new agency offering tech support? Can't they focus on helping the Pentagon to sort out some internal secure messaging with strict ACL?
Why don't we see appropriate questions? Like how was the number added accidentally? It would have had to be in the contacts already? Was it? That seems highly unlikely. It's the ATLANTIC! Why would they have the Atlantic in their contacts.
And Signal is not an approved app afaik.
The whole thing just seems like it is highly likely it is fake/engineered.
> The Signal chat group, I concluded, was almost certainly real. Having come to this realization, one that seemed nearly impossible only hours before, I removed myself from the Signal group
Why? Why not stay in the group indefinitely (or until found) and write stories sourced from a mysterious individual deep in the entrails of the Trump administration? That would have been absolutely specacular and could have resulted in a hilarious purge while the culprits searched in vain for a traitor in their ranks.
Are you suggesting he knowlingly convert into a hacker and get prosecuted as a traitor?
He exited and correctly disclosed himself as a victim of being unknowingly added. This is exactly what anyone who values the rest of their life should do.
Having people preaching the glorious benefits of a meritocracy and how this white house is gonna spear head it all while these geniuses break the law and operational security the dumbest way possible is simply amazing.
This story lacks substance and is a perfect of example of medias complacency to the state in the name of “national security”… total BS. Ken Klippenstein has a great take on this reporting.
After reflecting on this for a day, it seems the best case scenario is Waltz decided to blow the whistle on a bunch of useful idiots.
Most likely scenario he decided to blow the whistle on a bunch of traitors.
It seems least likely that the journalist was accidentally included. The question is why? Seems like our defense personnel are now foreign agents acting against the US.
<tangent opening line of my comment> From people on Reddit: Something that blows my mind- but is fully true
"Hell, I've been in fucking EVE Online alliances that had better opsec than this."
"I'll raise you one: I've never been in any EVE alliance that didn't have better opsec than this."
..I noted Board Games(Secret Hitler, for example) require better opsec. So do card games- it's mindblowing to note this too...
[Main comment by me - technical outlook]
This is not a surprise at all- there were reports that the first Trump administration was using Signal to communicate, and that it was a a risk as messages can be totally wiped and not kept for records keeping.
-From an infosec standpoint- this is more notable than I think people are giving it credit- the fact that the Vice President(Well, maybe not him, he notably admittted in interviews during the presidential campaign, that he'd been briefed by three letter agencies on Salt Typhoon tageting him, but that he was secure because he used Signal) - the director of national intelligence- and several others- use Signal.
it's one thing for Congress, Sweden's Military, and apparently our own military branches to push Signal heavily for non-sensitive stuff-
But when those around three letter agencies -and the groups that would be interested in finding compromises- are using it, that screams to me that it's considered not that easy to attack- which is a point towards Signal
So then the final thing to secure are the endpoints- and of course the risk is a zero day exploit targeting someone. As for subtle push app updates by Signal themselves being a vector- i'd think the Open Source nature of the app prevent that - if the infrastructure for pushing updates is open source as well especially.
Again though- if the White House is using Signal- they likely KNOW most of what their own Three Letter agencies can and can't do(to a point)- so when people in the know are using it- that is telling.
A lot of it may be for the auto disappearing messages, admittedly- but that's notable. And yes, I'm aware Mark Zuckerberg has been known to move conversations off of WhatsApp, to Signal - again, maybe for the disappearing messages(and lack of a report function which would send part of a convo to FB/Meta to my understanding)- but possibly, for the security and lack of meta data being better from a attack surface standpoint
Even if we are generous and assume Signal's protocols and entire communication infrastructure are 100% safe and cannot be compromised, any one single person in the group chat using Signal on a compromised device invalidates all of that.
The fact that Signal was used is less concerning to me personally than the fact that they had this group chat outside of the overall safety umbrella of fully end-to-end vetted systems.
Though the use of Signal is still concerning in that any official system they would otherwise use would have (one would hope) made it far harder if not impossible to accidentally leak the conversation to a random third party.
There's another observation though- Salt Typhoon compromised wiretap infrastructure - before Signal, there's no doub't some stuff like this occured over text messages-
Because of everyone's efforts to go to Signal- even if it's for the message disappearing- with this, with military branches pushing it hard- with Sweden's Miltary pushing it, etc(for non sensitive stuff)- there's so much of that , that the attack surface overall is massively reduced. In short, if there's going to be stuff outside of vetted systems- running that sort of stuff Signal- likely still helps.
(I'm reminded again, of the JD Vance interviews where he let slip that he'd been targeted ,and was informed about it by agencies- but that he was good because of his Signal usage. Now, I don't know what measures he takes to avoid zero day exploits and whatnot- the TLAs would inform him of that- but from what he was saying, it sounds like they were sure he wasn't compromised by that.)
(I'm aware a serious targeted effort would be more intricate than Salt Typhoon/ Trying to use the country's own general Wire tapping capability to target the VP)
Edit: Also, this reveals a bit about psyche- J.D.Vance somewhat ribbed the president- there is probably pressure TO use Signal, so a record of him criticizing the President can't be found out by the President or those more allied with the President who could then start retribution- I imagine dynamics like that, which are human behavior- -ultimately are what absolutely drive all of this.
It's not that secure. If someone has a desktop signal client it has been possible to just access attachments via the file system; they were stored with obfuscated names but no encryption. They may have fixed this since I tested it ~6 months ago.
><tangent opening line of my comment> From people on Reddit: Something that blows my mind- but is fully true "Hell, I've been in fucking EVE Online alliances that had better opsec than this." "I'll raise you one: I've never been in any EVE alliance that didn't have better opsec than this."
Staggering display of incompetence and carelessness. And unfortunately, one that we’re unlikely to get much transparency about, in terms of how such an operational screwup was allowed to happen.
> At 11:44 a.m., the account labeled “Pete Hegseth” posted in Signal a “TEAM UPDATE.” I will not quote from this update, or from certain other subsequent texts. The information contained in them, if they had been read by an adversary of the United States, could conceivably have been used to harm American military and intelligence personnel, particularly in the broader Middle East, Central Command’s area of responsibility. What I will say, in order to illustrate the shocking recklessness of this Signal conversation, is that the Hegseth post contained operational details of forthcoming strikes on Yemen, including information about targets, weapons the U.S. would be deploying, and attack sequencing.
> …The Signal chat group, I concluded, was almost certainly real. Having come to this realization, one that seemed nearly impossible only hours before, I removed myself from the Signal group, understanding that this would trigger an automatic notification to the group’s creator, “Michael Waltz,” that I had left. No one in the chat had seemed to notice that I was there. And I received no subsequent questions about why I left—or, more to the point, who I was
Don’t worry - this massive fuckup will surely spark numerous congressional investigations, resignations, and trigger serious reflection by the administration on their security protocols so they will comply with the necessary recordkeeping laws, confidentiality and proper handling of classified information in the future.
Despite the fact that the NSC already said it appears to be legitimate, Hegseth is going into full attack mode against the "discredited, so-called journalist".
Sadly, were this a different administration, they would have already declared an investigation with a goal to impeach a president. Such a ridiculous double-standard with clear partisanship on display. “Both sides”…
I've already seen at least two posts on X with claims that this was actually all intentional and that "Trump is playing 5D chess"... and I think they were serious.
> Staggering display of incompetence and carelessness. And unfortunately, one that we’re unlikely to get much transparency about, in terms of how such an operational screwup was allowed to happen.
I have a theory that's well backed by history: when your sole qualification for applicants for important positions in any organization is how well they fondle your balls, you often miss other important data points: for example, if they can use messaging apps correctly.
I never realized before with this photo, but space was actually made to still use the toilet sitting in that room with the tower of boxes 6 inches from your face. Straight out of a comedy sketch, almost too perfectly staged with the gaudy lights, stool colored formica, and $2 walmart shower curtain with the pressure fit rod right into the plaster. A shame for all of us that the photo came out of real life and not satire.
“People have gone to jail for 1/100th of what – even 1/1,000th of what Hillary Clinton did.” -Hegseth
“How is it Hillary Clinton can delete 33,000 government emails on a private server yet President Trump gets indicted for having documents he could declassify?” - Waltz
“Nobody is above the law. Not even Hillary Clinton – even though she thinks she is,” -Rubio
> In his text detailing aspects of the forthcoming attack on Houthi targets, Hegseth wrote to the group—which, at the time, included me—“We are currently clean on OPSEC.”
This is bad news for entire genres of books, TV shows and movies that are based on the supreme competence, sophistication and wealth of the Pentagon, NSA and CIA.
Turns out US military strategy is the same as me and my mates setting up a bar date.
It's a disturbing leak in itself but i take issue with the journalist obsessing over the tool of choice whilst ignoring the actual strategizing.
The casual way in which a mass murder is planned. The emphasis on "messaging" and how to spin this on Biden and Europe. The teenage-like emojis to celebrate acts of war.
This administration looks bad from the outside but through this leak we can see that their shocking press moments are still the polished and spun versions of a reality that is far more sick.
Film and tv are safe, this was done by political appointees. The civil servants (you know, the "deep state") are much better about it because it's their job.
The most excellent steak can be ruined by an amateur chef easily.
I agree with your point on the spin, although I wonder if the Signal angle is the only thing even republicans can agree with to be kinda bad, given that even the most egregious reports on the current administration don’t really cause as much as a raised brow there. So to make it a story that doesn’t just resonate in the liberal echo chamber, include something despicable to both camps.
> on the supreme competence, sophistication and wealth of the Pentagon, NSA and CIA.
Agencies with no oversight are seen as competent? That's news to me. There's a definite waste of taxpayer dollars on propaganda to try to make this point publicly but I didn't think anyone was poorly educated enough to actually believe it.
Yeah, the next time I have to submit a SAAR form for military network access, and they request my Information Awareness Annual Training certification as an attachment, it's going to be hard to not laugh in their face. We were getting scolded about "not even searching the 'Net for the content of the Teixeira leaks because possessing classified info could be prosecuted" and these guys are discussing upcoming strike packages in their Signal chat? Un-fucking-real.
Basically confirming what we knew all along that it is security theater. IMO we should keep the nukes & drone force to secure the borders and make sure that these are competent to maintain security.
But the rest of the military/DOD/ABCD/USAID is legacy bloat left over from the cold war and should be cut. Then we can finally get rid of the income tax for most if not all of the country.
Edit: I say this as an independent who does not support either "side".
[Edit: I interpreted "curated manually" to mean that dang picks each story that is on the front page. tptacek interpreted it to mean that, since users upvote and comment on stories, that's "manual curation". I interpret that as being "automatic curation", that is, an algorithm picks the front page stories, even though it's based on users' upvotes and comments. I cannot prove which of these two forms belter meant. Naturally, I prefer to think that it was the one I read it as, but I can squint hard enough to see tptacek's version.]
This would be unbelievable in a normal administration. The combination of flagrant lawbreaking and incompetence is just so characteristic of these clowns.
No, nothing in the Clinton email scandal comes close to cabinet secretaries accidentally real-time texting imminent war plans to journalists using a non-governmental system with auto-deleting messages.
This is an insane story demonstrating extraordinary incompetence, not to mention revealing some rather comical beliefs about American exceptionalism.
It's on the bottom of the third page, pushed down by flags. During any other administration, such a disastrously, criminally incompetent use of technology would have been top of the front page for days, but this administration is so cosmically incompetent that pointing it out is "partisan" now. Everyone is just tired of people commenting on the fact that this criminal bunch of Fox News host miscreants clearly have zero idea what they're doing.
Also...but her emails!
Who do you think will sponsor the Egg roll? They just need to move the Tesla infomercial out of the way, and maybe Trump can feature some of his garbage shitcoin crypto.
The top story on Fox News right now is "Trump allies move to prevent 'activist judges' from overstepping presidential authority." This story isn't even on the front page.
To be fair, it broke as an exclusive to the Atlantic about 180 minutes ago. The NYT now has it "above the fold" on their front page. Unlike a story coming directly from a public source, it sometimes takes a bit longer to spin up re-reporting on another outlet's scoop like this.
They use signal. They added the wrong person to the chat. Oh well. There’s no real disaster here. No real operational details exposed. Just some politicking that surprises no one.
Did you read TFA? Operational details were shared on the chat but the journalist, out of concern for exactly what you describe, redacted those details from his report.
In the banking world, employees have been fined significant sums, or even forced from their jobs [0], for unauthorized use of messaging platforms. And here, it's barely a shrug. Unbelievable.
This is why you have a constitution, codified laws, judicial system, separation of powers, etc. We're just learning now none of these things are worth the paper they're written on.
"Government officials have used Signal for organizational correspondence, such as scheduling sensitive meetings, but in the Biden administration, people who had permission to download it on their White House-issued phones were instructed to use the app sparingly, according to a former national security official who served in the administration."
Let's assume for the moment that the discussion of military plans on Signal was covered by this policy. That's debatable as others have said. Other parts of that policy would seem to suggest this kind of conversation is expressly forbidden on Signal and similar unofficial chat apps, while other less sensitive conversations are permitted.
How does that excuse the lack of attention and validation that resulted in an unintended party being added to the chat?
Regardless of Signal usage policy, that is a massive fuck up.
Did you read the article? Signal is not approved for this kind of communication and has long been advised against. They also had messages set to autodelete which violates the records act. It's blatantly illegal
It's too bad that this is being downvoted - swiftymon is trying to provide some context. It's useful to the discussion and well sourced. I'd love to read counterarguments rather than have this fade away :)
It’s actually kind of a relief to at least confirm that these cronies would work like this. I.e. whatever they have in store they will probably end up shooting themselves in the foot.
Well, themselves and the 53 humans who were blown up in a distant country by Star War technology.
Actually, now that I think about it, no - this is terrifying and awful and just so so so stupid.
Even worse, Trump wasn't aware of this leak (or denies knowledge of it) until questioned at a press conference earlier today. And instead of promising an investigation, the best he can do is throw some weak insults at The Atlantic.
> Trump wasn't aware of this leak (or denies knowledge of it) until questioned at a press conference earlier today.
Trump routinely denies knowledge of things he doesn't want to talk about, even things that he has previously demonstrated knowledge about. It's a standard deflection that he never gets called out on or significant pushback on the implications of his claimed lack of knowledge, so he keeps doing it.
Well I think it's very common for representatives to not directly reply after a certain incident, because they don't have all the details yet and they want to take time to form a proper response. Don't see how this is specific to Trump.
To circumlocute his habitual evasion, try offering an active phrasing: “Do you have a replacement in mind for Secretary Hegseth?” would be one way to prevent the passive-aggressive “I don’t really know Peter B. Hegseth”. When Trump “doesn’t know” someone, it’s a very final thing.
By the revealed content of the chat, Trump wasn't aware of the decision his subordinates made. They just intuited Trump's wishes and dropped bombs based on that.
They have a tendency to simply just ignore things that challenge or are not aligned with their worldview so I expect you'll be waiting for quite some time unfortunately.
I feel it's a stretch to say 'he lied us into the Iraq war' as if everyone based their decisions on that. There's an very unfortunate tendency in political discussions to rely on fallacies of composition, where an instance of some phenomenon is taken as equivalent to a whole. Throwing that out with no further context or discussion looks like a genetic fallacy as well. The White House has already acknowledged the reported conversation appears to be authentic.
the person that i was in 2002 did not—and would not—spin a story out of whole cloth into the national press—especially one that would contribute to the deaths of over 100k innocent people
There were many people on the rowing team, but as someone who lived through it, Goldberg was one of its most vigorous members. One expects that there is a special place in hell for all of them.
UI could be considered failure if we were talking about casual gossip. Particular UI shouldn't be the issue because the App was not supposed to be used for this.
These should be professionals. Issue was between keyboard and chair.
This Yemen situation is quite interesting. In 1948 nobody could have conceived a situation in which white people wouldn't be running the world, Dutch people were still religious and public opinion was pro Israel.
Hopefully when the last boomers die we can finally extricate ourselves from this self imposed fuck up.
It would be interesting and valuable to have additional security controls in Signal group chats. It's frustrating that the platform is so feature limited.
Some layer of ACL and better controls over group membership and message visibility. In this case, if it were an inadvertent added member, then there could be a group/role level restrictions on channels that restrict members from a pool of approved members depending on the security context. Classic security stuff, really. I'm sure others could think of more interesting use cases, but preventing mistaken group adds feels like low-hanging fruit.
But the backfire is catastrophic: every leaker in DoD can now claim as a defense that their leak must be a political appointee up there attaching docs to now-expunged Signal chats. That is now both Occam and Bayes rational.
I don't think you deserve the downvotes considering that would be very in character for this administration. That said, it does not seem plausible considering the number of officials they'd have to incriminate to burn Goldberg, not to mention the airing of so much dirty laundry. Seems like a better plan would be to go to him directly with a phony leaker.
HN has no "doctrinaire" rule about exact original titles. The rule is this: "Please use the original title, unless it is misleading or linkbait; don't editorialize." - https://news.ycombinator.com/newsguidelines.html. Note that word "unless". Since the original title was linkbaity, I replaced it in accordance with the rule.
That's not editorializing, because it's using the article's own language and is a more accurate and neutral description of the article. Editorializing is when a submitter takes advantage of the title field to convey their own view of an article.
Remember: every comment on here is implicitly directed to dang, and every link is implicitly approved of by dang.
This is really his website at this point. The rules are mainly just his tools for shaping the content of discussions and submissions to his liking.
A decade ago it was different. I mean, he was still way overbearing and biased, but I don’t think it really had the same power-steering effect on the shapes of discussions as it does today. Over time, this is where we’ve come to.
I happen to know first hand that the thread is not going quite to dang's liking at the moment. I'm hoping it improves, but people are having a hard time sticking to the technical and security aspects.
But, it's a flagrant leak of classified info. Using a medium explicitly prohibited by policy. And likely now lost to time (Signal messages can be configured to auto-delete on a timer), when all of this sort of correspondence is legally required to be retained.
The basic Signal vulnerability even if the protocol is perfectly sound is that they can push effectively silent automatic app updates to do whatever. Presumably they didn't want to signup for this but that's how app distribution works nowadays, and it's certainly not fit for classified information.
How can we know this group chat was really comprised of government officials and not some bored teenagers? Signal allows you to set your profile name to anything you like.
> Brian Hughes, the spokesman for the National Security Council, responded two hours later, confirming the veracity of the Signal group. “This appears to be an authentic message chain, and we are reviewing how an inadvertent number was added to the chain,”
Watch the Senate Intelligence Committee hearing from earlier today. You can hear one of the participants in that chat acknowledge that he's in it and it's real in response to the questions of committee members.
The natural and insider language of the chat, and (especially) the perfect timing of the strikes with the planning in the tread, also make it extremely unlikely this was anything but a genuine conversation, even without confirmation. The alternative is a combination of a very-prepared fraudster with either their own source of privileged information (to get the timing right) or else an incredible coincidence such that their entirely fake and uninformed planning matched the timing set out in the real planning. That it was genuine is far, far more likely than either of those (one of which raises its own, different security concerns, anyway)
Excuse me folks but is there any evidence that he was really in the group?
Going through the reporting a couple of times it could very well be that he was never part of the group. Screenshots of the group members including him or a screen recording nowhere to see. He didn’t write anything in the group but immediately wrote each individual after he left the group.
If he never was in the group and only received intel about it, the people which provided him with the intel would be able to tell him that critical information was posted in the group, which was accurate, but he wouldn’t have seen it.
One of my takeaways is that "national security secrets" really aren't that important. The Secretary of Defense was in on this. Whatever was in that chat just doesn't matter, except to manage the reporting on it.
I call on Bart Gellman to dump the Snowden document repository he's got. Clearly nothing in it matters, if this was so casually compromised.
It only "didn't matter" because the journalist had the good sense to keep quiet until after the operation was complete. And continues to keep some of the conversation secret. Imagine if Hegseth had accidentally CC'ed somebody aligned with Iran?
https://web.archive.org/web/20250324194236/https://www.theat...
https://archive.ph/AP0H4
I'm an external individual to the US, but I must admit that some of the sentiments being expressed here in this thread and elsewhere about the lack of accountability deeply concern me, it reminds me of many things I saw growing up and still see today in south asia.
Independent of anything else, I do see the overton window shifting in the US, the most subtle of which are norms and expectations around acts of corruption.
Every nation has it's minor acts of corruption, small favours between friends, which I've always thought of as being functionally impossible to remove as they also allow for a flexible environment which allows things to get done.
However the norms seem to be shifting more towards the idea that those in power can act as they will, and in fact the expected thing is they will act to enrich themselves. I hope this does not happen, because this is death to entrepreneurship, this is one of those things that will poison the economy, when people no longer trust that what they make can be theirs, that others can look on in envy at the work they have built on their blood and sweat and can take it as their due because they have power.
That will create a chilling effect for anyone who wishes to create and will make them wonder as myself and many others have considered, whether it's better to create their life's work elsewhere.
I sincerely hope this doesn't happen here, once this mindset becomes a norm, it's incredibly hard thing to stamp out.
It's so much worse than that already. If corruption was the only problem we face in the US then there might be some real hope to reverse course.
The corruption is caused by their short sightedness, a total lack of critical analysis capacity to see past the surface assessment of pretty much everything. The problem in the United States is that adults are no longer adults, we manufacture immature people with simplistic world views that seriously know no better, and they have the entire Republican Party hostage, a material percentage of the Democratic Party, and in general the USA is awash in a state of noncommunication because such people cannot see past their immediate assessments to find any common ground. Sure, we have real adults, but not enough to make a critical difference in the quality of our public discourse, to reverse this nose dive.
11 replies →
The full text now:
"The statements by Hegseth, Gabbard, Ratcliffe, and Trump—combined with the assertions made by numerous administration officials that we are lying about the content of the Signal texts—have led us to believe that people should see the texts in order to reach their own conclusions. There is a clear public interest in disclosing the sort of information that Trump advisers included in nonsecure communications channels, especially because senior administration figures are attempting to downplay the significance of the messages that were shared..."
https://www.theatlantic.com/politics/archive/2025/03/signal-...
"Here are the Attack Plans That Trump's Advisers Shared on Signal" - https://news.ycombinator.com/item?id=43481521
I'd recommend for Entrepreneurs, just like Scientists now do, to consider Europe as a safe-haven. In the EU the rule of law still matters.
The grass isn't always greener. I think the core underlying issue at all of this is social divides within countries. When groups of people become sufficiently antagonistic towards one another, it really enables widespread corruption because people will actively blind themselves (or handwave away) to the wrongs of "their side" and magnify the wrongs of "the other side" with no limits to the hyperbole.
And Europe is most certainly not an exception to this, especially in current times. For instance 65% of EU citizens do not believe that high level corruption is sufficiently pursued. [1] And basically every EU country (outside of Scandiland) has a majority to vast majority who believe that corruption is widespread in their country.
[1] - https://europa.eu/eurobarometer/surveys/detail/3217
6 replies →
Sure, that's why von der Leyen run the huge Pfizer deals then conveniently "lost" the SMS about them, hired her pals as defense consultants hiding €100+ million of the costs and the decisions which favored the companies supporting her (e.g. lucrative contracts were awarded to the global consulting giant McKinsey & Company, where von der Leyen's son works as an associate, and several other cases.
And she is just the tip of the iceberg of EU corruption. In general such politicians only get repercusions selectively, and usually only when the political direction changes and they're no longer useful to the establishment.
https://en.wikipedia.org/wiki/Pfizergate
https://www.politico.eu/article/5-things-to-know-about-ursul...
I love how this subthread devolved into arguing about Europe's attached bottlecap regulations and that the GDPR has resulted in lots of very annoying cookie banners.
So in the US you have a corrupt, authoritarian takeover of a society – and in Europe you have well-meaning, but somewhat annoying, regulations that still need some work to function perfectly.
5 replies →
Not sure how you could possibly come up with this idea — but I’d recommend not consuming hysterical media narratives and instead looking at actual data. This is a chart of globally relevant companies founded in Europe in the last 50 years:
https://www.reddit.com/r/neoliberal/s/1Fn23uYVxK
The data depicts the exact opposite of what you are saying. As an entrepreneur, you can be “safe” knowing you will have far less chance to succeed in the EU.
40 replies →
Europe suffers from another kind of "corruption", more akin to a corrupted file system: absurd, rigid and unpredictable regulation makes life very hard for businesses, which drives large private capital away.
I am European, and every time I open one of those stupid locked-on bottle caps, I feel pain for my country, for Europe (and for my face).
39 replies →
The ends justify the means is now openly accepted, even celebrated.
And conflicts of interest don’t exist.
Yes, unfortunately we’re already at that point. Republicans and their base close ranks so effectively that it’s essentially a safe haven for all sorts of corruption and serious crime. The voters won’t punish them at the ballot and they’ve essentially captured all sources of checks and balances.
It's Republicans and Democrats. You're in this position in the first place because you have no real political diversity. It's not gonna change in that two party system either.
2 replies →
I mean this with all due respect. Anyone who talks about Democrats and Republicans like they’re on one of the teams has totally missed the political charade being orchestrated in DC. These parties do not represent you.
6 replies →
[flagged]
1 reply →
I'm already feeling like entrepreneurship is out the window.
It's a combination of AI being owned from these mega corporations and corruption at the highest level that I'm losing sight of what is the purpose building my startup business in an authoritarian landscape.
Trump illegally promoting Elon's corporation with a yard sale, kissing his feet for donating millions to his campaign thanks to citizens united, allowing him to ransack the federal government as an unelected official, to making vandalism a domestic terrorist act for people fed up when him,and now putting Elon in charge of investigating Signalgate.
People need to stand up now before they cannot.
>when people no longer trust that what they make can be theirs, that others can look on in envy at the work they have built on their blood and sweat and can take it as their due because they have power.
We just need liberals to embrace the 2nd with as much fervor as the right.
[dead]
[flagged]
if you don't think the current executive branch is corrupt......good luck in life!
[flagged]
36 replies →
> because this is death to entrepreneurship
This does not follow. Even in highly corrupt authoritarian countries entrepreneurship can flourish. Just consider Turkey or Russia. In such places one quickly learn whom to pay with corruption payouts becoming business expenses.
Does entrepreneurship flourish in Russia? This would surprise me just because its GDP is smaller than Italy's, and around 17% of it is oil and gas. CAGR for past 10 years in Russia is ~1.5% (compared with ~2.3% for the US).
Just seems logical to me that if entrepreneurship was flourishing, we would see more economic growth as a result.
8 replies →
Please feel free to correct me if I'm wrong, but I get the feeling that this is purely a theoretical exercise for you, life under those conditions is chaotic and complex, at the bare minimum, it limits the complexity of the kind of business you can run.
And that's ignoring other externalities.
2 replies →
I don't think entrepreneurs enjoy paying for "protection" when mafia knocks on the door or companies being taken over entirely when somebody in power decides that they like this one.
Can you mention some Russian success stories to back that up?
1 reply →
> one quickly learn whom to pay with corruption payouts becoming business expenses
Exactly also already happening in the US and with Law Firms.
"Trump rescinds executive order after law firm agrees to provide $40m in free services" - https://www.theguardian.com/us-news/2025/mar/20/trump-rescin...
I began my career in a classified environment working on government satellite programs.
In my first week on the job, I was told, explicitly, that if I shared Classified or Controlled Unclassified information over unapproved channels, I would be reprimanded—likely fired, or less likely, prosecuted.
It was also made clear that safeguarding the nation's secrets from the carelessness of others was my responsibility, too.
It is mind-boggling that 18 people were on this thread, and none of them ever suggested that this discussion would be better served in a SCIF. To say nothing of SecDef starting the thread on Signal in the first place.
How many other such threads are active at the highest levels of government right now?
Does Chinese intelligence know?
I'm not suggesting punishment, or even prosecution, for the people involved. But the idea that this breach can occur with no accountability, consequences, or operational changes is unacceptable.
Why shouldn't punishment or prosecution be suggested. I've worked with classified information, and I would have been held accountable for my actions, why shouldn't they? I'm tired of this Too Important To Have Consequences business. It defeats the whole purpose of having qualifications, and security, and rules of any kind.
> I'm tired of this Too Important To Have Consequences business
Sure, but short of something similar to the UH CEO, do you think anything will actually happen to them?
If they’re doing this then the president presumably knows and does too. Even if they get prosecuted and convicted (after years of legal nonsense) they’d just get pardoned.
2 replies →
Anything less than criminal prosecution would be an abomination of justice.
10 replies →
Honestly, I'm giving up hoping for even a fraction of deserved punishment too. It's hard to handle the emotional dissonance I feel repeatedly when I see injustice, so I've adjusted myself to expect minimal or no punishment and just hope things improve a little. I know this is exactly what those people who repeatedly do malicious things want to happen, and I'm not suggesting we give up seeking social justice. I just can't handle the rage I feel every time or I'll suffer from severe depression again. I need to save my willpower to still hope for a better world and to encourage or support people who are actually working to improve society.
12 replies →
Do you honestly think that (a) Trump's Justice Department would prosecute any of these offenses, and (b) even if so, that Trump wouldn't just pardon anyone involved?
12 replies →
Do you think they’ll get prosecuted? I am willing to bet money that congress won’t even have hearings on it.
19 replies →
But have you considered that they are Billionaires and therefore can do whatever they want?
4 replies →
The problem is that most of those 18 people are just random folks picked on the premise of just one qualification: THey'd be Yes Man/Woman!! They aren't career professionals. I believe that explains the mess they've created and their incompetent approach to their duties.
It's still not too late to impeach that entire shack of clowns.
These are the same folks who scrubbed the Navajo Code Talkers from the DoD web site for being "DEI" or some such.
9 replies →
> It's still not too late to impeach that entire shack of clowns.
The problem is that the people in control of the power to impeach are also picked for being yes men/women. It's yes-men all the way down by design.
29 replies →
>U.S. national-security leaders
Those aren't leaders, quite the opposite, nothing but typical Trump-like non-leaders disgracing leadership positions.
>those 18 people are just random folks
OTOH if you picked 18 random patriotic Americans, odds are none would be that far below average at defending what normal Americans have always held dear.
On the subject of a 'shack of clowns,' now do the Afganistan withdrawal.
1 reply →
[dead]
[flagged]
18 replies →
Heck, one of my co-workers at a FAANG freaked out when he realized that he had used his personal phone to take a picture of a meeting blackboard instead of his corp phone. He spent the afternoon trying to figure out how to scrub the photo.
There is a great thread on r/army where people are listing out all the Military careers destroyed by minor mistakes that pale in comparison to this.
2 replies →
I had that problem, but the FAANG I was at was also the same company as the one running my phone's OS, so it wasn't as bad.
> Does Chinese intelligence know?
How likely is it that all 18 of those people were accessing from mobile operating systems with no known working exploit chain? I would say pretty unlikely.
If they're "just" using Signal, they're likely "just" using stock Android if there isn't a policy requiring iPhones in lockdown mode. It's a very good question as to whether such a policy exists.
5 replies →
Also, Steve Witkoff was in Moscow during the Signal text chain.
[flagged]
1 reply →
At least here in the UK our politicians delete all their messages on WhatsApp https://www.politico.eu/article/the-british-governments-disa...
More seriously, having worked in an undisclosed defence company, we were told that we would be prosecuted if we did this. There were many many security controls in place that prevented this from happening on top of the threat.
Are you able to share any of those security controls? How do you stop presumably well-intended Signal app users from conferencing? Are you talking about cellular signal blocking, or are you talking about avoiding public networks entirely in favor of Sensitive Compartmented Information Facilities (SCIFs)?
5 replies →
Why are you specifically calling out you are not suggesting punishment nor prosecution?
Because I don't know whether either of those are appropriate.
There aren't many comparable breaches to this one. The closest in modern times may be Hillary Clinton's email server being used for government business. In that case, the FBI investigated and declined to bring charges, under the expectation that a jury would be unlikely to render a guilty verdict.
Okay, fine. But the FBI investigated and laid out the facts.
My fear is that the current administration sees this as a PR problem. No, this was an operational failure. We should feel lucky that merely an American journalist was added by mistake.
We should expect the FBI to investigate this, too. But I worry the facts are too inconvenient for even that level of accountability.
92 replies →
Yeah that should be the bare minimum
because hackernews is full of people who cultivate a specific naivety when it comes to power so they don't have to contemplate their responsibility or position therin. its endemic and I have a hobby pointing it out again, and again, and again.
Because he wants the behavior to change, as it is a risk to the country's security. Typically these types of things at this level rarely result in prosecution; the compromise typically is a change in behavior / promise to do better / etc.
A US public watchdog is now sueing for action to be taken.
The people in the chat group included Vice President JD Vance, Defense Secretary Pete Hegseth, various other Trump administration officials and aides and notably Secretary of State Marco Rubio.
~ https://www.huffpost.com/entry/pete-hegseth-sued-over-signal...
Time will tell how this buttery Signals chat plays out .. it's certainly given other many other countries more fuel to ridicule the USofA, it's hard to believe these clowns are our partners in global "intelligence".
In normal times this might even be something Congress should be interested in. But instead I wouldn't be surprised if the journalist will get prosecuted on grounds that he didn't leave the group as soon as he noticed the mistake.
I have read that one of them (thanks to sibling commenter, yes, Witkoff) was traveling in Russia while on this group chat, and that the chat disclosed the identity of an intelligence officer.
When you get to a certain level, you believe the rules don't apply to you. There are many examples of this, but I won't list any for fear of promoting false equivalencies.
In the Trump Whitehouse, not only do you believe the rules don't apply to you, but actually the rules don't apply to you.
6 replies →
I actually think the major powers mostly know what the others are doing.
And should! That's how we remain, figuratively, minutes to midnight for generations, and not closer.
> information over unapproved channels, I would be reprimanded—likely fired, or less likely, prosecuted.
Potential penalty of death as well.
Also lets not forget those messages had a 4w expiary date.
All the President's Men:
https://youtu.be/ihHU3IVVrfM?t=477
https://youtu.be/isNlC0RYOyE?t=565
> But the idea that this breach can occur with no accountability, consequences, or operational changes is unacceptable.
There will be no accountability, consequences, or operational changes because the American people (a plurality of them anyway) voted for this. I like how people are even bothering to bring up the risk of prosecution, as if Trump wouldn't just pardon the people involved anyway.
Look, I am as disgusted as you are, but I continue to be impressed/disgusted by the neverending levels of shamelessness shown by Trump and his cronies:
1. Trump is now somehow blaming the reporter for this, calling him a "sleazebag".
2. Probably doesn't need repeating, but all the chants about "lock her up" against Hillary Clinton were due to her supposed mishandling of classified information. Yeah, waiting to hear all the outrage from the right over this 10x more egregious example.
3. I still continue to be awed by Hegseth railing against DEI because it's "anti-merit", as I can't think of an ass clown less qualified to be Sec of Defense.
Nothing will change unless the American people, at large, decide to punish those at the ballot box who exhibit these behaviors, and so far they have not been willing to do that.
I'm concerned that what brings change won't be a smarter electorate, but instead losing a war or having another civil war.
I'm somewhat politically conservative, and I still cannot make any sense of the plurality that voted Trump into office again. I really wonder if I'm in some kind of echo chamber that prevents me from understanding their perspective.
2 replies →
>>>In my first week on the job, I was told, explicitly, that if I shared Classified or Controlled Unclassified information over unapproved channels, I would be reprimanded—likely fired, or less likely, prosecuted.
Now, I’m not replying to you about the morality of what happened or to tell my opinion of what is right and what is wrong.
But do you honestly believe the president is held to the same standard as you?
Would it shock you that they aren’t?
It's not shocking but it is unacceptable. The president should be held to a higher standard, not a lesser one.
No accountability or consequences for anyone is the motto of the Trump administration (or indeed Trump himself, who is a convicted felon).
First felon I know that has had no issues getting a job or getting a place to live. It's amazing how being a felon makes life so much more difficult for normies, yet actually improved his stature. It's embarrassing no matter which angle it is viewed.
1 reply →
The consequences will arrive by the will of the Trumpist administration.
Levied on the Undesirables only.
Trump can't fire any of them. Fox News doesn't have enough TV people to poach. Where else did he find his cabinet from?
Trump won't fire any of them, because nothing they've done displeases him, and displeasing Trump (rather than violating a law, for instance) is the only way to get fired by him.
> I'm not suggesting punishment, or even prosecution, for the people involved.
I am. Throw the book at them.
SCIF?
Sensitive Compartmented Information Facility: https://en.wikipedia.org/wiki/Sensitive_compartmented_inform...
[dead]
Was any classified information shared on Signal?
At 11:44 a.m., the account labeled “Pete Hegseth” posted in Signal a “TEAM UPDATE.” I will not quote from this update, or from certain other subsequent texts. The information contained in them, if they had been read by an adversary of the United States, could conceivably have been used to harm American military and intelligence personnel, particularly in the broader Middle East, Central Command’s area of responsibility. What I will say, in order to illustrate the shocking recklessness of this Signal conversation, is that the Hegseth post contained operational details of forthcoming strikes on Yemen, including information about targets, weapons the U.S. would be deploying, and attack sequencing.
From TFA.
The discussion itself wasn't transacting classified documents as such. But as Goldberg makes clear, information of both general sensitivity and immediate tactical significance was disclosed.
It was confirmed (under oath) that there was no classified information shared, however, the contents of the messages could not be shared with the Senate Select Committee on Intelligence as it is classified information.
3 replies →
[flagged]
Do we actually believe this was accidental? This seems like the most obvious “oops I leaked it to the press” I’ve ever seen.
Now Europe “accidentally saw” what the American powers were saying and it’s going to influence them.
I’m not at all sold that this was some ball that was dropped.
The EU knows exactly how the administration feels about them with regards to military support. The Signal thread makes all involved look extremely incompetent. I’m not seeing the advantage if this was planned.
I disagree. When you leak to the press, you often do it with a planted source who "leaks" to a journalist on condition of anonymity. Doing it with an "accidental" group chat add like this signals incompetence without any added value.
Updated Hanlon's razor: Never attribute to intelligence that which is adequately explained by stupidity
"that if I shared Classified or Controlled Unclassified information over unapproved channels"
You are confuse yourself, THEY ARE THE LAW
these are the most powerful guys in the nation, who decide to catch who and whom??? these guys who decide that not the other way around
CISA explicitly promoted Signal for use by top level government officials. The fact that an outsider was invited to a conversation they didn't belong in is troubling, but basically nothing else about this seems to be outside of recommended policy.
The administration is also claiming that there was no confidential information in the conversation, which I think is certainly debatable, but the rest of the story seems overblown to me.
You're talking about this document:
https://www.cisa.gov/sites/default/files/2024-12/guidance-mo...
Which says:
And goes on to say:
But concludes:
So they mention signal as an example of an app that they are talking about, but they explicitly state that by mentioning it they are not implying to endorse or recommend or even favor it.
Moreover, the advice doesn't apply to organizations that have their own best practices in place, which the organizations in question certainly do. So the question isn't what CISA recommends it's what the CIA, DoD, Department of State, etc. recommend.
“the rest of the story seems overblown” sounds like a thought-terminator to minimize impact.
You should read the release that CISA put out [0]. The use of Signal for classified discussions is not a suggested use. True, it's not explicitly forbidden, but people entrusted with that access should know better.
Saying that CISA approved Signal (and, in right-wing sources, saying "Biden administration CISA") is an attempt to minimize and distract.
They shouldn't have been texting classified information. Full stop.
[0] https://www.cisa.gov/sites/default/files/2024-12/guidance-mo...
3 replies →
Is this false? I see it's being downvoted, leading me to believe people question its veracity
4 replies →
Setting aside the obvious shock of the actual subject, I'm going to try the herculean task of bringing this back to being a HN-related topic...
My guess is that there is someone named Jeffrey Goldberg in the NatSec team (or high up, it seems like a common combination of first and last name at least), and likely that they meant to add him, rather than the EDITOR IN CHIEF of the Atlantic of all people. Could this be a UI/UX thing with Signal? (not differentiating between two Jeffrey Goldbergs on your contact list?).
This sounds less like a Signal problem than an information organization problem. Signal can only show what's in its datastore (your contact list).
I just checked on Android - if you try to add someone to a group chat, it shows their name and profile pic.
One potential Signal-side wrinkle is that it allows you to add people to a group chat who are in another chat you're in, but who aren't in your contacts list. There are strangers I was apparently at a dinner party with years ago who are eligible to be added to a group chat. If Jeffrey Goldberg has his Signal profile name set to JG and he wasn't in Mike Waltz's phone with a more specific name, that could lead to this mistake.
Then it's a good thing there's not an Abdul-Malik al-Houthi in the administration, as they might have included the wrong person on the private group chat.
5 replies →
> This sounds less like a Signal problem than an information organization problem. Signal can only show what's in its datastore (your contact list).
Signal's insistence on punting on the trust/identity problem is a Signal problem IMO, particularly when its advocates make such a fuss (when it suits them) about being a properly end-to-end cryptosystem and not just a toolbox of algorithms. Most of the systems it's competing with make at least some attempt at providing a chain of trust so you don't have to individually verify everyone you want to talk to.
Skype solves it with an invite link. If you want to send an account, you take its invite link and send it, thus making a manual web of trust without search.
I believe they meant to contact Jamieson Greer (JG), and maybe Waltz had both of them listed by initials? That's the leading theory.
https://en.wikipedia.org/wiki/Jamieson_Greer
US Trade Representative
i think this is likely what happened, though i also find it just as plausible that he was fat-fingered or drunk-added into the group (i’ve been added to group chats accidentally by both these “methods”)
[flagged]
Entirely possible. Which is why Government services for 'chat' explicitly don't allow contacts to appear who aren't already in the government. You've also no doubt seen email as it appears in Government inboxes with the big red banner "Came from outside, don't trust this" kinds of things will all the links disabled.
Two things that are really troublesome. The first, as Josh Marshall of TPM points out, "No one on that chat asked 'Why are we doing this on Signal?'" which suggests that it isn't the first time Signal was used for 'off books' stuff and that perhaps there are many such conversations. The second is that the conversation was set up while one of the participants was in the Kremlin waiting to talk to Putin. So either 'Kremlin Free WiFi' or the local cell tower providing connectivity?
Most pundits feel like this administration is trying to keep things out of FOIA and discoverability reach which has its own problems.
So yes, tools for Government communications don't have this problem, hell even Microsoft Teams on their US cloud get better protection than this.
> Most pundits feel like this administration is trying to keep things out of FOIA and discoverability reach which has its own problems.
I don't think we need to ponder so hard about this.
This administration is headed by a man who kept stolen TS/SCI national secrets in a bathroom at his house.
A fish rots from the head.
6 replies →
meanwhile every company and their dog do this, for 2 lines worth of text you have to go through this litter and "think of the trees" and "if this email was not intended for you we will deny ever having written it" etc...
> So either 'Kremlin Free WiFi' or the local cell tower providing connectivity
Or just let someone look over your shoulder?
> Most pundits feel like this administration is trying to keep things out of FOIA and discoverability reach which has its own problems.
Similar issues have come up in the UK about Boris Johnson et al using Whatsapp etc during Covid, and one of the things they said in their defence did have some value - at least in relation to the idea of unminuted discussions.
ie these chat's are what used to be corridor/bar/cafe conversations - ie unminuted discussions are old as government - it's just they are now happening on various messaging apps rather than in person, at much faster pace, and with more people involved.
So I think it's a mistake to think its reasonable that all discussions should be recorded - the real question here is how to get the right balance - and make sure any decision making meetings are recorded - rather than the chat around the decision.
The way it worked in the past - was to get a proper decision you needed all the people in the same room - and so it was automatically minuted as it was an official meeting ( but not the chat at coffee before the meeting ) - now it's possible to get people together virtually that distinction is blurred.
Not sure what the answer is - but just saying it's probably unreasonable to expect all communications to be recorded - people need space to float ideas, or bitch like normal people - however on the other hand it is essential key meetings are minuted - not just for transparency - but for the study of history.
I'm putting my money on somebody fat-fingering the wrong contact. Maybe it's just me but I swear every phone I've ever owned has had extremely unreliable UIs, stemming from a combination of phantom touches being detected, and the phone moving buttons around as I'm trying to interact with it, as if it's on dialup line struggling to load somebody's Sonic the Hedgehog fanpage on GeoCities one gif at a time in 1996. And it's just phones too, this never happens on my PCs.
Of course, none of this excuses the failure to verify the identities of everybody in their chat, the choice to use a (probably) unvetted app on a (probably) unvetted personal device, or any other of a number of basic opsec rules that should be obvious to anybody who is vested with the authority to order an airstrike on the other side of the planet.
Agree, though I 100% see it on PC too, when web pages try to override standard scroll behavior to do some visual trick at the expense of well tested platform and browser scrolling support.
I don't use Signal, and am unfamiliar with the UI/UX.
However, it seems more plausible to me that Jeffrey Goldberg is in someone's contact list from previous on-purpose leaks (to control narrative, etc, typical "anonymous sources say" stuff) - and was accidentally added to this group.
When adding people to a chat, it shows the contact list from the device, with avatars. It is also possible to manually enter a phone number or username.
It's very likely that senior government officials have a phone with journalists saved in the contacts. It's easy to imagine why there are rules against using the same phone for secret war stuff, yet here we are.
2 replies →
It could happen on Whatsapp. I've seen a lot of groups where everybody is an admin.
There is someone with the same initials, not with the same name. I saw someone else point out a potential candidate here but I don't recall the exact name.
I've seen Jamieson Greer as US Trade Representative (same initials) and Jeffrey Kruse of the Defense Intelligence Agency (same first name) mentioned as possibly being the intended invitee.
I mean, I expect the actual approved governmental secure messaging apps would make it much harder to accidentally add a journalist to the thread, so I don’t know if this is a Signal problem per se.
100%. Let's not blame Signal where it's on you to only invite the proper potentially anonymous contact you want to communicate with. Very different goals.
This also highlights why the conversation being held on Signal is so bad. Imagine if "J G" expressed concerns about going forward with the attack. Making actual decisionmaking on go or no go over a non-classified system is insanely stupid.
Signal could fundraise on new flair for DOGE implants, cabinet members, and folks who have side-loaded FSB certs.
> Setting aside the obvious shock of the actual subject, I'm going to try the herculean task of bringing this back to being a HN-related topic...
Is that so shocking? I watch often some forums on reddit related to combat footage, not frequently but enough to see various patterns. Before houthis started attacking shipping lanes, there were tons of videos of them kicking ass of Saudi military but way more often some subsaharan African mercenaries in their uniforms. Like, really badly kicking ass, smart ambushes, devastating results even on heavy machinery. The opposite side had almost nothing.
Then with change of this, the tone and content turned 180 degrees. Almost always absolutely precise laser guided bomb strikes even if for 1-2 guys seemingly in the middle of nowhere, and a lot of them popping up all the time (to the tune of few every single day). Always titled cca 'Saudi air force doing XYZ'. Like sure, if you are clueless and don't know state of their army, their discipline, level of training and so on you can believe that.
I didn't believe this since the switch was sharp, US is simply flying there for quite some time, together with Saudi air force. TBH I don't care, just sharing observations. No way we can know hard facts obviously, but its easy to connect those very few dots. A bit of failure from opsec point of view - if you do this stuff, at least keep it secret and not broadcasting to whole world so politicians can keep big smiles and grand statements, at least for clueless civilians who barely know where Yemen lies on the map.
What others write it matches my observation - “Houthi PC small group”, seemingly short term group about specific attack. US attacks themselves are already happening for a year and something.
I think the poster was talking about the shock of the lapse in security, not the shock of houthi air strikes
Can users in a group add/invite others in? My firth though was someone doing it on the sly, to leak deliberately.
This is what I started thinking last night. Any of the people who were added to the chat could be disgruntled and add a reporter to the chat to leak it. Is there even any log of who added who to a chat? There might not even be any way to pin it on the leaker. If the leaker had been involved in several such chats and knew the intent was to intentionally violate federal recordkeeping laws, not only would this accomplish the leak, but there might not even be any record of who caused the leak.
1 reply →
If they have admin privileges. The person who creates a group has them by default, and can grant them to anyone else, admins can add, remove, and grant or revoke admin privileges and set group name/description parameters, and disappearing message configuration. Yes, you could have a group where the founder revokes admin privileges for themselves and then nobody can make changes to the group (although individual members can leave and delete the history on their own devices). Signal users can also delete their own messages.
By default, yes. You can change the permissions so only group admins can add people.
Goldberg is not a fan of Trump
I did not believe there was any way this was done accidentally...
3 replies →
[dead]
[flagged]
If anything, I'm a bit surprised that Jeff Goldberg burned this source.
If anything, I'd suspect that he'd keep the channel open as long as he could.
Or, he's got other channels that work better.
All the same, I mean, wow. These guys are just morons here, there's really no other way around it. I'm trying to think of a charitable way to spin this and I've got nothing.
Like, very clearly, these people are going to get service-members killed due to their idiocy
As soon as he realizes (or a reasonable person would realize) that the group chat is not a hoax, and that he is getting confidential military information over that channel, his continued membership in the channel demonstrates intent to receive the information, which makes anything he writes about it in the future legally problematic. It's complicated and it's not like just receiving classified information from a source is intrinsically criminal, but it'll be the entire fact pattern he'd be confronted with by prosecutors.
The fourt cases related to Watergate established that receiving classified information is not illegal, and affirmed 1A rights. I'd argue it's a exactly the same as a journalist overhearing this motley crew discussing the war plan in the halls of the White House without being aware there's a journalist nearby. I wouldn't bank on the current supreme court to uphold precedence, or the current administration persecuting the journalist for "hacking" into a "secure" government chat group - which is what they'll allege without evidence. I suspect the journalist cares more about national security than the cowboys in the chat group, and is acutely aware that they are a target for hacking by nation-states, which would leak classified information.
20 replies →
There should be protection for people that receive information in this manner that is equivalent to whistleblower protection. No law abiding citizen should ever be prosecuted in favor of protecting a government fuck up.
1 reply →
"his continued membership in the channel demonstrates intent to receive the information"
Nope. His authority as a journalist prevails. He published the article -- so his intent was to do his job as a journalist, and the public has a right to know.
National security or institutional trust was not damaged by the journalist -- only by the ignorance of the politicians now running our military.
The information was newsworthy and in the public interest.
Publication did not cause harm (and you might argue that dropping actual bombs caused much more harm).
The information was obtained legally and without foresight.
The journalist has an obligation to report the information if it serves the public interest, especially if it reveals systemic failures, endangers democracy, or impacts public policy.
1 reply →
That's the part you're concerned with? Criminal liability of the journalist while the alcoholic was sending government secrets over a signal group chat to unverified members?
> If anything, I'm a bit surprised that Jeff Goldberg burned this source.
> If anything, I'd suspect that he'd keep the channel open as long as he could.
> Or, he's got other channels that work better.
The Signal chat group was called the “Houthi PC small group.” It appeared to be a short-term, mission-specific group rather than a long-term, open-ended group. Thus, it's unlikely that much more information would be gained in the future. Goldberg's inclusion in the chat was the main story here, not the specific details revealed to Goldberg, many of which he kept confidential.
They've been bombing the Houthis for quite a few days now
He was probably worried about the legal ramifications of not doing so, though these days he may be more likely to get sent off to some El Salvadoran prison for writing the article and exposing their staggering incompetence than he would be for continuing to knowingly listen in on the chat.
He did the right thing. He's obviously of a certain political bent, but recognized this kind of leak could lead to the loss of American service member lives. He didn't share everything from the chat. I respect him for what he did.
And I agree with your assessment. Morons...
Hard to say. Sharing it may have lead to saving of servicemen lives since it may cause an abort. Not like it is a self defense mission, attacks on Houthi is totally optional meddling that likely breeds more 'terrorists'.
3 replies →
My guess is that he was consulting their lawyers during this. IANAL but it might have been a crime if he did not leave the group as soon as he was sure it was real. He keeps mentioning that he was not certain this is real until the first attacks. After the first attack, he could not continue this argument.
Jeff Goldberg loves his country more than he cares about a "source."
He might serves his country better by waiting for them to incriminate themselves more.
1 reply →
My theory is that he had to balance the journalistic scoop of the century with the risk of being arrested for illegally accessing/storing classified information. If they had noticed before he published the story then he could have been vanned and the public told that he had infiltrated a secure channel, and who would be able to say otherwise? MAGA people would cheerfully call for his execution.
Under US federal law it is generally not a crime for a person without a security clearance to receive or store classified information. The legal problems come in when they solicit it or take some other action to obtain it.
2 replies →
"If anything, I'd suspect that he'd keep the channel open as long as he could."
The real story is that he was added to the channel, so it doesn't surprise me that he didn't try to lurk indefinitely. I'm guessing these things are also ad-hoc, so perhaps the well was already dry after the attack?
But this is some truly amateur-hour shit. I've seen better communications discipline from volunteer open source projects than this.
> I've seen better communications discipline from volunteer open source projects than this.
Because those people are likely competent. The problem with hiring mostly yes-men/women is competence is secondary.
One lawyer I follow on Bluesky mentioned the longer he stayed on more exposed he became to legal ramifications. Also, this involves national security which courts may treat differently than other issues.
I am more surprised that he did not save this incident for a future book
Might boost their subs. This legit got me to resubscribe to the Atlantic.
2 replies →
What legal ramifications?
Are you saying it's a crime for someone else to accidentally add you to their chat?
6 replies →
The Atlantic is not a typical publication. It is run by serious people.
This is the type of thing that can get you on jail or even (quietly) killed during a normal US administration. I'm not surprised Goldberg GTFO intermediately.
Dunno, I was surprised how digitally literate these old dudes are to the point of writing long autistic messages in Signal, so long that the author can quote them only as "wrote a lengthy message". Even normie programmers of all people can communicate only with meat sounds.
Who complained here that email can't be replaced by messengers, because you can't write long messages there? Here's a counterexample.
Maybe they used the desktop client?
He could have continued for weeks, imho he did the good citizen and responsible journalist thing here. Made the public aware before it really got out of hand.
I'm betting that Goldberg realized, once it was confirmed real, that his only feasible defense was exiting the chat and going public immediately. Otherwise, someone notices he's there, and he's arrested by ICE and disappeared to El Salvador, or worse.
In many ways, being a public enemy of the Trump Admin is the safest enemy to be.
Agreed.
Very similar to this case in Australia.
https://www.theguardian.com/media/2018/feb/02/abc-agrees-to-...
The ABC had a public interest duty to publicise everything, instead they left 99% unread and returned the contents to the government.
Pathetic.
Knowingly keeping sensitive US national security data on a personal phone would be a very bad idea.
So, like the other 18 people in the chat?
1 reply →
I thought that at first, but the group was clearly temporary, intended for this particular military action. There was likely little value to staying, and as other comments note, a nonzero risk of (likely unsuccessful) prosecution.
Imagine if he stays and obtains some critical information that later happens to get leaked. You're now a prime suspect for the leak, possibly facing charges of something like treason. I think leaving was the wise choice.
Sounds like he received the message purposefully and pretends it was an mistake?
2h is a lot but also not that much time, everything is prepared already it’s more a countdown I would say. What would be a usual timeframe to inform the people you want to inform about an immediate event which is going to happen?
> Sounds like he received the message purposefully and pretends it was an mistake?
Why would he have been added to the group? For what purpose would the current National Security Advisor have to bring in an outsider to discussions that ended up involving almost certainly classified data?
> 2h is a lot but not that much time
He was added to the group two days (13 March) before the strikes (15 March), not two hours.
5 replies →
Steve Witkoff was on the chat while he was in Russia.
There’s a vulnerability in Signal where you can set up linked devices that replicate your signal messages. You can do this by just scanning a QRcode. This is known to be used by Russian hackers.
What are the chances the Russians duped Witkoff into scanning a QR code while he was in Moscow?
> What are the chances the Russians duped Witkoff into scanning a QR code while he was in Moscow?
What are the chances this admin had him do it ON PURPOSE?
And why would they when they can pop Starlink and get a far bigger prize? https://www.nytimes.com/2025/03/17/us/politics/elon-musk-sta...
Why must a Signal attack take place only in Russia? If Russia intelligence operations can operate freely in the US, they can attack US Officials in the US as well.
Good point. I was just thinking Witkoff must be dealing with Russian functionaries all the time in Moscow so they have near constant direct access. There’s nothing to stop them duping one of them in the US though, and it doesn’t seem like duping these guys would be a stretch.
1 reply →
Man in the middle attacks require access to the mobile or networking infrastructure (so not necessary, but much more likely and easy)
> There’s a vulnerability in Signal where you can set up linked devices that replicate your signal messages.
You mean the desktop linking feature? If that's considered a vulnerability, then so is being able to chat with someone after getting their public key unverified from an overseas server, the primary mode in which everyone uses it (including the people in this chat, evidently, since no out-of-band key exchange was performed)...
Not to mention the "vulnerability" where you copy the phone's storage and get the key material onto another device to do with what you will, which may be harder or easier depending on the hardware but I'd trust any sufficiently funded security agency to be able to do this for common devices
If you're part of the US government, with access to the most sensitive information which will put people's lives at risk if compromised, then yes this is a vulnerability because "russian GRU agent nicks your phone and scans your signal QR code" is a real threat.
2 replies →
Totally! Probably for a restaurant menu or something. . . It also seems likely that they added Jeffrey Goldberg, (the Atlantic's editor-in-chief) to the chat as the outlet, so the whole thing would become public. . . .
How about a restaurant that doesn't have menus and requires patrons to scan a QR code?
Acrylic table menus have inserts which can be easily replaced.
7 replies →
What are the chances Trump portrait[1] has a passive microphone? [2]
[1] "Putin gave Trump portrait to envoy, Kremlin confirms" - https://thehill.com/policy/international/5212691-putin-trump...
[2] https://en.wikipedia.org/wiki/The_Thing_(listening_device)
Right. So the problem is not that everyone in the chat was using an unsanctioned app to exchange classified information, but these insidious Ruskies who tricked Witkoff and hacked his personal Signal account.
That's the White House line, apparently they did nothing wrong. It's that Journalists's fault. It can't be the Russians though, they're trusted allies now.
This hypocrisy reminds me of one of my former lead developers. He required everyone on the team to go through multi-person code reviews and pass an extensive CI suite before merging changes into our mainline.
But him? Half that time he'd approve his own changes without review, the other half he would force-push and bypass the CI system entirely.
He knew the system well and seemed to do enough local testing to avoid major breakage but still. Why have a bunch of rules and policies that you do not follow yourself?
He knew the system well and seemed to do enough local testing to avoid major breakage but still. Why have a bunch of rules and policies that you do not follow yourself?
Because these rules and policies are for people that are judged to need them by the person with the authority and responsibility for making the decision.
Policies like these always have a cost and (hopefully) a benefit. Presumably this lead dev judged that the cost vs benefit didn't make sense for themselves but did for others. It's entirely possible they were correct.
One of the main purposes of code review is to ensure that your code is understandable to other people. Good lead developers understand this. Bad ones find a way to push through their changes without review or get them rubber stamped, in my experience. Then you end up with big parts of the codebase that only the lead dev can work in productively.
6 replies →
As long as authority and responsibility land on the same person, I see no problem with it.
If, however, a junior develop is responsible for making a change, but has no authority to make the change, then there is a problem.
2 replies →
Rules are to be followed by everyone without exception, otherwise they should not be called rules.
> Why have a bunch of rules and policies that you do not follow yourself?
If you can get away with it, why wouldn't you set things up this way? Rules for thee, not for me. You can't try to view power plays like this through the lenses of ethics or morality. The point is to use rules to bind and punish your enemies and to make sure that only your friends can get away with breaking them. You do this with media capture and twisted narratives, taking advantage of the erosion of rule of law as a respected concept among the public.
> If you can get away with it, why wouldn't you set things up this way?
Ethics and morality.
> You can't try to view power plays like this through the lenses of ethics or morality.
Yes, you can, that's the entire point of ethics and morality.
> The point is to use rules to bind and punish your enemies and to make sure that only your friends can get away with breaking them.
Well, yes, that's the point of the specific actions being discussed; that doesn't make it impossible to look at them through a lens of ethics and morality, it just makes them look bad through such a lens.
2 replies →
You want a better outcome.
Culture transmission is more effective when followers can emulate leaders — so you’ll have an easier time getting people to obey when your goal is to get them to act the way you do. In this case, you’ll expend less political capital on enforcing your policy regarding code reviews and testing if you adhere to the same policy. (And accordingly, have an easier time avoiding disgrace like public failures if your service.)
If you want to view it purely through the lens of power politics, saving your political capital on issues like this preserves it for things with better rewards — eg, you’ll have an easier time getting your projects approved if your manager isn’t constantly having to deal with the fallout of your policy double standards impacting morale. Or for setting a standard that working fewer hours is acceptable if you’re meeting your quotas — which nobody can dispute you’re doing, as the whole teams is validating that you are.
This kind of petty power game is rarely an optimal exercise of power.
I think it's more likely a trust issue. He didn't trust the other devs to push things directly, but ofc he trusts himself. I do this with somethings myself. But I also do the inverse, where I don't want to trust myself so I setup a bunch of checks and tests to save my future self from my present self
I think when you're the 'architect' or know the full stack very well, to where you fully repl/grok it and occasionally need to do hot patch type work, the former approach is nice. But, my brain has limited memory and time erodes quickly, so I also know when to rely on the latter approach and I try to do it as much as possible
1 reply →
I think he could have just been a bit lazy.
That’s the definition of authoritarianism.
Apples and Oranges? If he is the person responsible should a system break then it's totally up to him. In that case, he made sure you did not break his system (because he'd be responsible). And if he broke his system himself then it's on him.
I don't see a problem with it (as long as he can't transfer the blame somewhere else).
The example you give is about control - he wanted control over everyone else's inputs but trusted himself. Not a great look as a leader.
That’s one of the reasons I always worry about high level employees who “still write code”. It’s just too much opportunity for them to make bad choices and many ICs are afraid to speak up to avoid it.
Same goes for some “10x developers” who are fast because the rules don’t apply to them. Meanwhile the rules slow everyone else down (yea big surprise he is faster). And everyone else has to clean up after these guys when they get sloppy.
My personal pet peeve is network admins that have unfettered Internet access from their workstation IP, but everyone else has to traverse half a dozen “security” appliances that break developer CLI tools and slow down everything else.
I relate to this a bit...
But for me the foundational issue is that my coworkers aren't holding up the bar when reviewing contractor code. And reviewing all the code isn't my job description.
Meanwhile my job description does include maintaining a system my coworkers don't really know anything about, and so I mostly make sure it's tests pass and let me manager know about anything I need to do to it.
>Why have a bunch of rules and policies that you do not follow yourself?
Because the goal is to keep risk to a reasonable level, not necessarily minimize it as much as possible.
Another interpretation of this is that the lead developer adequately mitigated the risk of errors while also managing the risk of not shipping fast enough. It's very easy to criticise when you're not the one answering for both, especially the latter.
As one such developer, it is a powerful ability to be able to bypass restrictions meant to be used sparingly for a good reason
I rarely commit the same kind of code the full time professional developer do(when bypassing policies).
Typically it is stuff like urgent patch in prod that may not have coverage , or partial long running refactor which breaks existing tests but better to be able merge quickly than keep the branch constantly free of merge conflicts , or experimental exploratory new type of code(new lang , stack whatever )for which we have to yet evolve processes, part of what the lead is supposed to be exploring and so on.
Although In my experience junior leads more often than not abuse their privileges than use it well.
At least he knew the system well, this is more akin to a bunch of junior devs writing an app by editing their code on a shared plain text file
I’m not seeing the parallels.
Trump went on about Hillary’s mail and made it a big thing for political points, not because he was particularly caring or didn’t have infamously bad opsec when he got in.
You lead dev trusted himself more than the team. He was probably right.
The parallel is senior leaders ignoring secure communication rules that their rank-and-file must follow. Hillary's email server did not immediately spring to my mind.
Edit: Its safe to say that this story involves multiple levels of hypocrisy by the current administration.
You're correct that Trump's entire cabinet are hypocrites and they deserve to be raked over the coals for this and have their past statements thrown back in their faces. At this point there's no reason to believe Trump or anyone in his circle ever saw the email scandal as anything but a cudgel with which to rhetorically bash their opponents.
But the problem with them being hypocrites in this regard is that it follows from them doing the same thing Hillary did, and in that case the "fair" way to punish them would be the same way she was punished, which is not at all. So I don't see any real accountability ever coming from this beyond maybe trump firing a couple of sacrificial lambs from his administration.
In my opinion there are at least two ways to interpret this:
a) It's an unintentional opsec failure. Perhaps there was an address book collision with another intended user. Perhaps it was fat-fingered. This seems likely.
b) It was an intentional leak. Perhaps overtly, perhaps covertly, by one or more of the channel members for unknown purposes. This seems less likely as there are better ways to leak with less blowback risk.
Regarding using Signal in the first place. Yes, this seems like bad opsec, but it's possible that the current admin working groups don't trust the official secure channels and assume they are compromised and they are being spied upon by their own or foreign agencies. That seems very likely, given the circumstances. In which case, it is still a possible opsec failure, but perhaps a less bad risk than trusting operational security to known adverse agencies. This is the more interesting case, imho, since the assumption on here is largely that these types of coordination should be happening on official government channels. But "government" is not necessarily a unified collective working towards the same goals. If you have a strong suspicion that agents within your own team are acting against your goals, then of course, you have to consider communicating on alternative channels. Whether that's to evade legal restrictions or transparency, like with the Clinton email servers, or to evade sabotage, I'm not judging the ethics, just considering the necessity of truly secure communication.
Is that trust in Signal justified? It suggests members at the highest security clearances believe Signal is not compromised. Are they correct? In any case, clearly there are more ways to fail opsec than backdoors.
Using Signal in this case is wrong and foolish full stop, and the extremely likely reason they did so is so they could escape standard government record keeping compliance (NARA).
To start with, classified information is ONLY supposed to viewed in a SCIF. Secondly, it should never be loaded onto private devices. The private phones of national security leadership would be prime targets for every hostile intelligence agency in the world. It matters little if the information was encrypted in transit if the host device is compromised.
One would have to be a fool to not trust all of the classified tools and safeguards the US government uses only to then use a commercial app on commercial phones to communicate classified data in public while stateside and abroad. Just the fact that someone could accidentally add an unauthorized person to the chat is but one reason it was crazy for them to do this.
The most likely reason is convenience, not escaping record keeping.
17 replies →
"classified information is ONLY supposed to viewed in a SCIF"
No.
No, no, no.
Most classified information is NOT designated SCI. When classified info was mostly paper, it was placed in GSA approved safes in regular 'ole office buildings. You'd get to work, open your safe, and do your work. Most SIPRNet computers are not in SCIFs.
Heck, you can even mail classified documents via USPS. Confidential and secret documents can be sent registered mail.
3 replies →
There are a ton of assumptions in here that have yet to be proven true.
CISA explicitly promoted the use of signal by all top government officials.
3 replies →
Sure, those are the reasons for, but would be interesting for you to address the salient point of not trusting those government systems. I'm sure you can make the counterargument.
51 replies →
For a tech forum, this take is pretty darn close to once again giving bad/dumb actors benefit of the doubt backed up by zero.zero% technical logic by claiming they’re actually playing 4D OPSEC chess.
They replace “ideologically compromised SCIFs” with…… 18 separate iOS devices that I’m sure are on 18 separate OS/app versions and device postures and…
Got news for you - want to compromise e2e encryption and Signal? You do it via what they did. So no, they are not correct.
Yeah Signal isn't the issue - it's the phones. In the end Signal was probably easier and faster to use while a bit more secure than WhatsApp but one has to presume that a chunk of those phones have been compromised for months.
They can bake any Tom Clancy style excuse they want. They broke the law and they're incompetent. Even if you want to ignore one, they still need to go. Making mistakes like this anywhere else would cost you your job.
It may or may not be bad security (I lean toward a rather than b), but it definitely violates record-keeping requirements. Deliberations of public officials might need to be classified, but they should definitely be recorded. If you're using disappearing messages to auto-erase records of conversations, it's a kind of fraud upon the public.
Using Signal is very very very intentional. They may have fat fingered an invite but that does not excuse the whole skirting-all-natsec-protocols.
Option (a) 100%.
This is an abysmal mistake on the big stage for a bunch of new people on the job. That it is the intelligence community makes it feel so much worse.
"abysmal mistake" makes it sound like this wasn't a considered action and willful disregard for both op-sec and the law. There is zero chance these guys didn't know what they were doing...
At minimum, Mike Waltz is retired special ops, Rubio has had high-level clearance for ages from his time in the Senate, same for Gabbard in the House. None of them responded "Hey, this is poor op-sec and illegal, perhaps take this to an approved messaging service?"
2 replies →
“Abysmal” mistake seems excessive.
Basically a journalist was added to a discussion group of high ranking politicians.
This journalist is well known within those circles and has plenty of access to those people regardless.
The conversation may have been war plans, but the action is pretty uncontroversial across both parties, and went off without a problem so the impact of the leak was nil.
Seems like a great topic for making political hay, but twins that a mistake that can be easily corrected.
1 reply →
> Is that trust in Signal justified? It suggests members at the highest security clearances believe Signal is not compromised. Are they correct? In any case, clearly there are more ways to fail opsec than backdoors.
If you new that Signal was secretly a front by the CIA/NSA then you'd feel pretty comfortable using it.
Secretly? Surely you're not suggesting people on Signal Foundation's board are intelligence assets? Surely, you're joking. That could never, ever, ever be the case. Why would you say such things.
FWIW, Signal has been the de facto semi-informal chat app throughout the US intelligence community for many years. I first started using Signal several years ago because I needed it to chat with people in DC.
European governments do the same but with WhatsApp.
I've had a similar experience.
stop lying
They are being spied upon, by the future, on purpose. That's why we have laws regarding records retention, open meetings, etc.
Lincoln famously suspended the law of habeas corpus (due process) for the purposes of preserving the Union and his ability to govern, and many consider him to be one of our greatest statesmen. There is no government on earth that can function "in the open". Secrecy is a requirement. Go ahead and try to plan an office party without some "need to know" organizers and see what kind of trouble and interference you stir up.
1 reply →
"it's possible that the current admin working groups don't trust the official secure channels and assume they are compromised and they are being spied upon by their own or foreign agencies"
Jesus Christ, this is dumb. Using a civilian app with civilian phones is literally the best way to get spied on, by either "your own" or foreign agencies. These people are going to get us all killed in a nuclear first strike.
> These people are going to get us all killed in a nuclear first strike.
Not sure how leaking state secrets is risking nuclear annihilation - unless they invite Putin or Xi mistakenly in their Signal Group and plan to bomb Moscow or Beijing but the coziness of the current administration with these 2 countries is certainly not making this scenario realistic at all.
Instead the reality is likely more boring: they just accelerate American decline
1 reply →
> It was an intentional leak
I don't see how this would work. If you're the leaker, do you just add the journalist to the group yourself? How are you going to explain that? I think there are more anonymous ways to leak stuff than adding someone else to the group chat. Or does signal not show who added someone?
I have not read this article, but I saw the headline this morning.
I am reading it now.
https://www.ibtimes.co.uk/signal-app-owned-china-it-safe-use...
Edit: nothing to see here.
"So, is Signal App owned by China? The answer is no... Signal is run by the Signal Foundation, a non-profit based in San Francisco... Amidst this controversy, it's crucial to remember that Signal's roots are firmly planted on American soil, dispelling any notion of Chinese ownership."
This leak proves that the trust in Signal is not justified. Yes, their crypto didn’t fail, but the system did. If you’re having a classified conversation electronically, you really want the system to check that the participants are supposed to be privy to this information. If some rando is in the chat, there should be a big, loud “some rando is in the chat, don’t share any secrets” alert.
Obviously, Signal is not meant for this sort of thing, so it has no reason for such a feature. It’s not a failing of Signal, but it’s not fit for this purpose.
With the level of disdain for Europe in the leak, it’s hard not to think b.
There are other ways to "fake leak" information than having to look like an incompetent idiot at the end. Plus, what they said on Europe is not breaking news, they say pretty much the same on open channels - even when they face directly Europeans (e.g. last Munich conference)
1 reply →
I don't think using Signal is the biggest problem in terms of security, though it's against the rules to use something not explicitly approved.
The bigger security problem is that it was being run on devices that evidently weren't limited to secure communication tasks (such devices wouldn't have a journalist in their contacts). That suggests at least some people were using personal phones, which seems like a terrible idea.
if you think the national security infrastructure is untrustworthy, you need to fix the national security infrastructure. getting elected doesn't mean you get to create your own private government - we call that a revolution, not an election.
but of course, this lot thinks the existing government is all corrupt / deepstate.
Democratic elections are always potentially mini-revolutions. That's the risk of democracy.
>It was an intentional leak. Perhaps overtly, perhaps covertly, by one or more of the channel members for unknown purposes.
It was Mike Waltz who invited Jeff Goldberg to connect on Signal. It seems inordinately unlikely that he would have been uninvolved if it was an intentional leak.
None of your conjecture matters: it is blatantly illegal to use commercial apps to discuss classified information.
You can debate the seriousness of this sometimes. When it comes to impending military action though, revealing when and where US personnel will be conducting an operation in the future, there really is no debate. This is gravely serious.
> Is that trust in Signal justified? It suggests members at the highest security clearances believe Signal is not compromised. Are they correct? In any case, clearly there are more ways to fail opsec than backdoors.
Once upon a time, I was visited very forcefully by the FBI at 0600. They used a battering ram to gain access to my domicile.
During the "interview" that took place later that morning, they requested some information from me. I told them that the information was contained in Signal conversations between two recipients, and the messages in question have "disappearing messages" turned on. tldr; the messages are no longer available.
Relevant parts of conversation that followed:
me: "Do you have signal?"
agent: "I have it on my phone if that's what you mean."
me: "No, do you HAVE it - as in, do you have access to messages sent between other parties?"
agent: "If we do, I am unaware of it, and we certainly don't 'have it' with regard to this matter."
Take that for what it's worth.... my takeaway was that they(the FBI at least) have not compromised Signal. This was late in 2019 for context.
The other takeaway...be careful who you trust. That all happened because I trusted someone I shouldn't have.
I think there is likely a difference between what the FBI does to someone they want info pretty badly from vs what <insert state actor> does to someone that they have determined is a keystone to one of their national adversaries.
If they did have some kind of collection capability around Signal, they likely would not have risked burning it on you.
3 replies →
I'd go with b: They've been talking for a while about finding information leaks, and the messages themselves seem a bit staged. They probably did it intentionally with different people, with slightly different wording, and because of which version got published they just identified a leak.
A barium meal is for finding leakers within an organization. IF you send material to a journalist, unsolicited, and they report on it, what exactly have you established?
Like, do you think they did the same thing with multiple journalists in an attempt to see who would publish and who would keep their mouths shut?
Bear in mind, when you join a Signal group you don't see the conversation history from before you arrived, only the live updates that take place during the time you're a member. Also, anyone in the group can view the list of group members and receives notifications about people being added to/removed from/leaving the group.
2 replies →
This doesn't make any sense. They were the ones who added the journalist to the chat. The chat wasn't covertly relayed to a journalist by one of the members.
That would require coordinated competence. Testing for these kind of leaks is much easier with paper than live chats too
Reminds me of https://en.wikipedia.org/wiki/German_Taurus_leak
„Among the topics the officials discussed in their conversation, conducted using standard commercial Cisco Webex video conferencing software, were the presence of UK and US military personnel in Ukraine and the potential use of Taurus missiles to blow up the Crimean Bridge.“
A thing using authorized channels that was spied on by a different state has practically nothing in common with this.
(Yes, it probably shouldn't have been an authorized channel, but it was.)
Though the channel wasn’t cleared for the level of information that was discussed.
WebEx was cleared up to the equivalent of Restricted. The conversation likely reached the level of Secret or Top Secret.
Two of the generals were disciplined. (4-figure fine)
The behavior will continue until an effective negative stimulus is introduced.
So it'll just continue ...
https://archive.is/JEYep
Here's how Eisenhower dealt with a similar leak.[1]
General Henry Miller made public comments about the secret date of the Allied invasion of Normandy in May 1944. He was a personal friend of Eisenhower. Eisenhower demoted him and sent him back to the US in disgrace. He wasn't court-martialed.
[1] https://youtu.be/fD0IlFPTopA?t=269
I'm sorry but how in the hell is that a similar leak other than they are in the same category ?
Not justifying Trump administration but just seems like a whole different level of stakes.
Today's bombing of Yemen is tomorrow's landing of Marines on Taiwan, or I guess these days marching into Montreal and landing in Greenland. All of these require complete OPSEC from the entire chain of command.
People could, obviously, die from leaking a military operation. You're right that more people would die in a larger operation, but I'd assume most of us are okay with firing or prosecuting people for risking lives for not following basic policies.
1 reply →
Without commenting on the (important) political or reputational considerations here, I want to talk a bit about the operational risk presented by this practice. There is a somewhat sizable "So what? Signal is e2e encrypted. Nothing bad happened and you're all overreacting." narrative floating around. (not so much in this thread, but in the general discourse)
If this operation was planned in Signal, then so were countless others (and presumably so would countless others be in the future).
If not for this journalist, this would likely have continued indefinitely. We have high confidence that at least some of the officials were doing this on their personal phones. (Gabbard refused to deny this in the congressional hearing -- it does not stand to reason that she'd do that unless she was, in fact using her personal phone).
At some point in the administration, it's likely that at least one of their personal phones will be compromised (Pegasus, etc). E2E encryption isn't much use if the phone itself is compromised. This is why we have SCIFs.
There was no operational fallout of this particular screwup, but if this practice were to continue, it's likely certain that an adversary would, at some point, compromise these communications. Not through being accidentally invited to the chat rooms, but through compromise of the participants' hardware. An APT could have advance notice of all manner of confidential and natsec-critical plans.
In all likelihood this would lead to failed operations and casualties. The criticism/pushback on this is absolutely justified.
Or not even the device: The other reason we have SCIFs is they provide a secure location. These personal devices could have been in use anywhere, including places where they were subject to observation. Including but not limited to Moscow. :)
Something I havnt seen discussed is that you can get the information from signal without compromising the phone or person. Just reading the texts "over the shoulder" would be enough of a leak. Being in Moscow is bad, but even a Starbucks has security cameras good enough to read text on a phone. A SCIF would fix that
Another excellent point.
I agree with all of this, my only quibble is that I would bet there have already been costs associated with this idiocy. Hostile powers knew going in that this would be an incompetently run administration and I'm sure were looking at gaining access to personal devices out of the gate. It's possible that a great many highly sensitive conversations have already been read by adversaries. I also expect that similar sloppiness like adding the wrong person to a Signal chat has already happened without being reported on.
Yes, this was one of the main points on infosec Mastodon today. While everyone is aware enough to be concerned with encryption over the wire, it's the endpoints that matter. Personal Android devices capable of running Signal are going to be some of the easiest to compromise for a sufficiently motivated attacker. I've seen n00b cops do it for drug gangs here. There's no question that Russia, China, et al. can do it just as well and we have as good as much as confirmation that that's what's going on in at least Tulsi Gabbard's case.
4 replies →
I suspect we won't know the true damage until all these people are gone, kind of like how Apollo 13 didn't know the true damage to the service module until they jettisoned it.
It seems one of the people (and thus the phone) was actually in Moscow during the chat!
That counts as a friendly country these days =(
> if this practice were to continue
My prediction is, given the way the narrative is shifting to digging in their heels and insisting they did nothing wrong, the lesson they are learning from all this is that they should have hid their activity better. Nothing will happen to them, they will continue with impunity, and they'll just be more careful about not inviting outsiders. I suspect this isn't the last leaked top-secret group chat we'll see.
How is trump staff using signal for classified military actions different from Clinton use of private email account ?
Back then he said she should be put in jail but now he is downplaying it. How can Americans take this guy seriously is beyond my mind.
I would argue that at least Signal is end-to-end encrypted. By default, email is not.
Now, how secure and backdoor-proof that encryption is, is an other story..
Encryption doesn't really help when you add "random" people to your group ..
Also, I haven't followed the email thing, but emails are by design insecure, so one should hope stuff like this was not discussed over emails (regardless server..)
Plus the stuff in those emails weren't even really dangerous to the well being of th country or military unlike if the Russians/iranians go their hand on notice of an imminent attack on the Houthis with lots of details on the attack and strikes
People are focusing too much on accountability that will likely never happen. This is Trump 2.0. People knew exactly what they were getting and they voted him back into office anyways.
Perhaps a better answer is to separate accountability from the executive branch, possibly:
* Provide journalistic publication businesses super first amendment protections that cannot be restricted by a president, but news sources that contain opinion pieces separate from witness testimony and/or third party expert analysis as entertainment, thus restricted from journalistic venues.
* Transfer the justice department to congress. The president can still appoint the attorney general. The president should have no ability to determine criteria or persons for investigation or denial thereof.
For whatever reason norms/laws just don’t apply to Trump. He’s above the law; it’s baffling.
Yes exactly. Not sure why either. But laws do not apply to him, they never have, and they never will. He knows that, too.
The reason is he’s positioned himself perfectly to have shared benefit and shared destruction in many other’s incentive structures.
It's not baffling. He just thinks that laws don't apply to him.
2 replies →
In 2023, Hegseth had his own critique of the Biden administration handling classified documents “flippantly”, remarking on Fox News that “If at the very top there’s no accountability”, then we have “two tiers of justice”.
https://x.com/MattGertz/status/1904228588414464167
https://www.theguardian.com/us-news/2025/mar/24/journalist-t...
Everyone crying about the opsec failure and not that these people were cheering murdering women and children in one of the world's poorest country.
Caring about people in a far away country is not a winning strategy. Showing that this admin is harming national security and risking American lives is what gets voter attention.
I wish to highlight the pointlessness in your timing of your leftist activism. Trump cannot run for a third term due to the 22nd amendment to the constitution.
Therefore even if you found evidence that a small subset of the members held national security worse than Hillary secured her emails, (in this case, leaking a Yemen bombing attack 2 hours before it happened), there’s nothing left for voters to vote on.
The only thing far-left activists can do to change this administration is to wait 4 years for Harris, Hillary, or Bernie to run again. But they’ll need a winning platform to run on. Maybe campaigning on making America Great Again or putting America first will work better.
All this left-leaning activism is doing is helping other liberals lose even more of their sanity than they’ve already lost. One reason the democrats lost this election because they didn’t even care about their own American people, let alone other American people.
1 reply →
JD vance saying that he was gonna pray for victory. aka pray for bombing / killing. disgraceful to what jesus taught.
I guess Signal is pretty safe, but the phone you are using it on is far from safe. Then there is the issue of being able to accidently add unvetted people to the chat. Is that pretty much the size of the technological issue here?
Yes. Then there's the fact that they do this on a daily basis to avoid accountability.
And these guys have been in power for only a few months, they're still finding out about their new tools. What will happen in the next 4 years? will they even leave power peacefully?
Trump has already been president and already demonstrated to us that he will not leave power peacefully. He's openly discussing serving a third term. I think it's highly unlikely that the transfer of power will happen peacefully unless
1) he dies in office (of natural causes)
Or
2) the republicans win in 2028 and a different republican president is sworn in.
Btw I specified natural causes because if he dies in any unusual way I'm sure his lackeys will try to use it to cling to power.
Hell even if he just chokes on a pretzel I'm sure they'll blame the radical left
There are more options than this.
2 replies →
The real test will be the midterms.
4 replies →
That's a good question, for a lot of them, and especially Musk.
What's his endgame now ? If Trump is no longer in power, even if Musk doens't land directly in prison, I have a hard time imagining the new government collaborating in any way with him or his companies. And they sure behave like this is not an issue.
What are the odds that Goldberg was included in the Signal chat intentionally by a whistleblower? I.e., someone who had reservations about what was about to take place (either the bombing action itself, or the intentional avoidance of government recordkeeping) and so included him as a witness?
Sounds like youre desperately searching for competence where none exists
I'd give it about 10%
The reason?
I would put my chips on (an attempt at) avoiding the duty to keep records.
Great take from Timothy Snyder, including…
“Signal is attractive not because it is secure with respect to foreign adversaries, which it is not, but because it is secure with respect to American citizens and American judges.”
https://open.substack.com/pub/snyder/p/signalgate-violating-...
(…maybe his article should be a top level HN post)
The whole thread is WILD, and the fact that it was verified is crazy. But the actual text of the thread is horrifying:
On one hand, they say they complain about "bailing out Europe". But on the other hand, they explicitly moved up the timeline so they could move before other actors and take credit.
> "If the US successfully restores freedom of navigation at great cost there needs to be some further economic gain extracted in return."
So to be clear, when presented with the option to wait a month, they instead explicitly choose to act decisively for political reasons. And then they want to turn around and extort European allies over it.
The US is primarily attacking Houthis to support Israel and not Europe. Vance knows that.
J.D. Vance comes of as a rabid anti-Europeanist in his speeches, tweets, and apparently also his private messages. Here in Denmark the authorities reported that his wife, Usha Vance, is tied to an unusual money transfer and upcoming meeting with Greenlandic separatists.
No, I'm pretty sure this is actually about shipping lanes and freedom of navigation. Israel doesn't need the help.
If you read the story, one of their concerns is that if they don't act, Israel was going to instead.
4 replies →
Co-incidence?
https://www.cbsnews.com/news/trump-fcpa-anti-bribery-law-exe...
J.D. Vance is less of a person and more of a living proxy for the will of Peter Theil.
> So to be clear, when presented with the option to wait a month, they instead explicitly choose to act decisively for political reasons.
This feels like a pretty reasonable thing for a nation-state actor to take into consideration, no? Is there any country on earth where the government altering timing of something for political convenience would be surprising?
The rest of this story is hilariously egregious. The part about the government discussing its own best interests and acting in them is the least abnormal thing here.
Bailing out europe when us is the cause of so many troubles in middle east (and not only that, or at least contributed to it) is deeply ironic
The US has veto'd ceasefire calls in the UN Security Council which European countries have been in favour of (or at least abstained).
Yes, Europe benefits from the strait more than the US, but it isn't Europe's mess in the first place.
3 replies →
The wilder thing is people are surprised this is happening.
rendered: https://mimoo.github.io/houthi_signal/
what I noticed is that even at the highest level people think prayers can be effective:
> JD Vance
> I will say a prayer for victory
To me what's funnier is that they believe an F/A-18F Super Hornet needs divine intervention to go up against Ansar Allah's "top missile guy".
4 replies →
How was it verified?
It's been acknowledged by the government that this happened. They aren't denying anything, and are saying it was just a mistake. From WSJ:
> House Speaker Mike Johnson (R., La.) dismissed questions about whether Waltz should face consequences for discussing the Yemen operation on an unclassified chat group that included a journalist. “Clearly I think the administration has acknowledged it was a mistake and they’ll tighten up and make sure it doesn’t happen again.”
https://www.wsj.com/politics/national-security/trump-us-war-...
1 reply →
By the bombings taking place at the time specified and the government verifying that someone was indeed added to a chat mistakenly.
https://x.com/JenGriffinFNC/status/1904221405618577650
> [National Security Council] statement: "At this time, the message thread that was reported appears to be authentic, and we are reviewing how an inadvertent number was added to the chain. The thread is a demonstration of the deep and thoughtful policy coordination between senior officials. The ongoing success of the Houthi operation demonstrates that there were no threats to our servicemembers or our national security." - NSC Spokesman Brian Hughes
And from the article, practical verification:
> According to the lengthy Hegseth text, the first detonations in Yemen would be felt two hours hence, at 1:45 p.m. eastern time. So I waited in my car in a supermarket parking lot. If this Signal chat was real, I reasoned, Houthi targets would soon be bombed. At about 1:55, I checked X and searched Yemen. Explosions were then being heard across Sanaa, the capital city.
And today, confirmation from Trump:
https://www.nbcnews.com/politics/white-house/trump-stands-na...
> "Michael Waltz has learned a lesson, and he’s a good man," Trump said Tuesday in a phone interview with NBC News.
> When asked what he was told about how Goldberg came to be added to the Signal chat, Trump said, “It was one of Michael’s people on the phone. A staffer had his number on there.”
Well, this is distressing.
Question: how many people here who are concerned about this behavior have actually contacted their senators or representatives to voice an opinion on this?
I wonder whether the phones and software used were certified for discussing such sensitive issues and if there are risks of leaking the data because of this.
Before the phrase “good with the Cyber” I believed opsec was teachable.
304 votes, 75 comments 3 hours after posting and this is already being thrown all the way back to 134 rank on the front page with some 2-3 day old posts. This is very clearly hacker news: a case of opsec slipup in easily the worst fashion coming straight from the SecDef (or one representing the SecDef). A shame it is probably getting flamed and downvoted over partisan reasons, although I know there are many conservatives here who probably don't enjoy these constant leopards eating face moments they've unleashed and am not surprised they'd be acting out and flagging embarrassing posts.
People often flag politics-related posts because the comments are invariably of low quality. The interesting discussion is generally about technical issues, but that is usually overwhelmed by political opinions. This happens on both sides of the spectrum.
There are lots of other places to discuss politics.
this site has some governors in place to prevent a flood of low quality engagement. If things rise too fast, they get pushed down a little and cool off and rise back up. No great conspiracy as I found this thread at the top of HN a day later.
Is there a place where all these rules are written? There's so much supposed meta-HN knowledge in the discussions
1 reply →
>A shame it is probably getting flamed and downvoted over partisan reasons
Is this the forum for this type of news?
https://news.ycombinator.com/newsguidelines.html...
Like the parent said, a tech-related opsec failure at this level is absolutely something a 'good hacker' would find interesting.
2 replies →
There was a post about George Foreman in the front page the other day so why not this one?
[dead]
If anything, this is a hell of a "social proof" for Signal :)
They're now the top downloaded messaging app in front of Whatsapp https://x.com/signalapp/status/1904213361241268523
easier to read as rendered here https://mimoo.github.io/houthi_signal/
It just came out one of the chat members was in Russia at the time.
I mean im not shocked by neither the fact this happend nor the content. it portraits the staff exactly as i would imagine them.
Tho i still find it kinda amusing that this is the finally proofs that the average security invested joe has a better opsec than the highest ranking us gov officials.
How exactly do you accidentally add a reporter to a signal group chat ...? That's a pretty bizarre sequence of events if it's actually what happened isn't it?
The most popular theory is that he has the same initials as someone else. Notice that most of their usernames were just their initials.
>"The Houthi-run Yemeni health ministry reported that at least 53 people were killed in the strikes, a number that has not been independently verified."
weird chat, surprised Waltz was active in planning strikes. 18 confidantes - closer knit cabinet from internal coms. was under the impression that signal log was leaked to emulate Spinoza's excommunication decree.
Relatively minor side point, but still: for people who chastise "European freeloading", it's interesting to note that none of Signal group's members' usernames have the badge Signal gives users who pay for the service. Users like me, from Europe. Sure, they might all be paying but have opted out, but let's be honest that's unlikely.
Jeffrey Goldberg mentioned in an interview with MSNBC his Signal Alias was "JG." I wonder if JD Vance goes by JD?
> Waltz set some of the messages in the Signal group to disappear after one week, and some after four. That raises questions about whether the officials may have violated federal records law: Text messages about official acts are considered records that should be preserved.
I suspect that this was the point of their using Signal, to avoid preservation of records.
The DoD or Pentagon don’t have their own messaging apps? Maybe our government doesn’t spend enough on tech. To me this is the same as if this were happening on Zoom or Discord, since these are not exactly world war level apps.
Finally, the echoes of Dr Strangelove are strong with this one. A veritable board room of talking heads that don’t ever really talk about life or death, but just the material numbers of raw commerce or messaging (deterrence) .
Of course they do, but you can't set official government apps to illegally delete messages after a week.
Edit: Seems like they are supposed to use Microsoft Teams https://dodcio.defense.gov/Portals/0/Documents/Library/Memo-.... Also -
> When mission needs or the effective conduct of DoD business cannot be adequately supported by Microsoft Teams Chat, SMS texting may be used in accordance with DoDI 8170.01. In such cases, a complete copy of the record must be forwarded to an official DoD electronic messaging account of the user within 20 days of the record's original creation or transmission in accordance with Section 2911 of Title 44 U.S.C, and Component processes. The complete copy of the record includes the content of the message and required metadata, and the record must be retrievable and usable in compliance with the applicable retention schedule approved by the Archivist of the United States. DoD Component heads shall ensure that DoD users are provided guidance on their Component's processes for forwarding complete copies of records originating in SMS texts.
2 replies →
They do, and they are certified for this kind of communication.
Is Signal even FedRAMP? I don't think it is.
> not exactly world war level apps.
And what is?
5 replies →
SO much for 'the most transparent administration in history', not that I bought into that claim in the first place. Seems like a violation of multiple public record-keeping laws.
"But her e-mails."
> It’s best to understand that fascists see hypocrisy as a virtue. It’s how they signal that the things they are doing to people were never meant to be equally applied.
> It’s not an inconsistency. It’s very consistent to the only true fascist value, which is domination.
> It’s very important to understand, fascists don’t just see hypocrisy as a necessary evil or an unintended side-effect.
> It’s the purpose. The ability to enjoy yourself the thing you’re able to deny others, because you dominate, is the whole point.
> For fascists, hypocrisy is a great virtue — the greatest.
* https://mastodon.social/@JuliusGoat/109551955251655267
64 replies →
On the other hand, directly sharing war plans with the press is about as transparent as you can get.
3 replies →
You can already guess what consequences they're going to face: none.
16 replies →
Please FOIA the administration's process for meeting records requirements while using Signal. People need to call them out on this or nothing happens.
5 replies →
Hahaha...it has always been a farce, just like Twitter and Musk are for free speech and DOGE is about transparency.
But they are extremely transparent. All of their actions are clearly in furtherance of corruption, stealing, and helping Russia (and China) destroy the United States.
Unfortunately we also live in the time with the largest mass media consumption (social media), all but guaranteeing their followers keep rationalizing their actions with a litany of talking points rather than understanding straightforward criticism said by someone on the "other" team.
5 replies →
transparent but also ephemeral
Wait, you’re saying the Trump administration might be breaking a rule? Pretty wild accusation
Trump's razor: The opposite of what he says is closer to the truth.
4 replies →
It's the whole point of using Signal and Starlink WiFi.
The obvious follow up is what else do they illegally delete?
If they’re doing it so blatantly to plan for attacks that will eventually be public, contain no conspiracies or illegal activity, and will be used to dunk on Biden, then what else are they automatically deleting?
Plus, if China/Russia/Iran/NK weren’t targeting US officials phones and Signal, now they certainly are.
> what else do they illegally delete?
Likely everything they can. Rules are for fools in this admin.
2 replies →
The funny thing is I heard the head of the CIA testify today and say they use Signal because it is E2E encrypted. Are they that confident that no other country like China can crack those? I sure hope our intelligence officers are using better systems than effing Signal
Related: https://www.politico.eu/article/russian-hackers-snoop-ukrain...
More:
https://www.theatlantic.com/newsletters/archive/2025/03/jeff...
https://archive.ph/u1H02
but her emails
The level of incompetence and lack of accountability is mind-boggling.
Seems a bit unlikely. Seems more like a deliberate "leak".
Is it wild that a 3rd party app like Signal is used for this type of communication? I feel like that's crazy.
From the story:
I have never seen a breach quite like this. It is not uncommon for national-security officials to communicate on Signal. But the app is used primarily for meeting planning and other logistical matters—not for detailed and highly confidential discussions of a pending military action. And, of course, I’ve never heard of an instance in which a journalist has been invited to such a discussion.
Conceivably, Waltz, by coordinating a national-security-related action over Signal, may have violated several provisions of the Espionage Act, which governs the handling of “national defense” information, according to several national-security lawyers interviewed by my colleague Shane Harris for this story. Harris asked them to consider a hypothetical scenario in which a senior U.S. official creates a Signal thread for the express purpose of sharing information with Cabinet officials about an active military operation. He did not show them the actual Signal messages or tell them specifically what had occurred.
All of these lawyers said that a U.S. official should not establish a Signal thread in the first place. Information about an active operation would presumably fit the law’s definition of “national defense” information. The Signal app is not approved by the government for sharing classified information.
If you want to put a tinfoil hat on, one could argue external state actors could have convinced the Trump admin their provided forms of communication are tapped, so they should consider alternatives. Such a state actor would know the alternatives are compromised well in advance by them.
2 replies →
Yes, it is illegal (because of the auto-deleting messages) and explicitly against the rules that every one of these people mandates for their own employees. All of them know that federal records must be preserved, and you have to manually turn on Signal's auto-deletion feature, so this is obviously intentional criminal activity.
Early on they fired the national archivist, and deputy archivist.
If what you're doing isn't wrong, why not record all of it for history?
Yes.
When you get a clearance, it is inculcated upon you that you absolutely do not leak cleared information. If you THINK something cleared, it's best to treat it like it is.
It's possible that there is some 10D chess happening here, but I wouldn't expect details like this to be approved for apps like Signal.
Can we stop with the nth-D chess nonsense? This administration proves day by day that no advanced tactics are going on, it’s literally just clueless idiots improvising because they’re way out of their league but are too self-absorbed to step back.
8 replies →
No worries. DNI was in the chat room. Also we have no idea nor can we know if this is the first use of Signal by this or other administrations. We only know because someone goofed up.
So, let me say the quiet part aloud, the presence of DNI & NSC heavies indicates to me that Signal is possibly not really a "3rd party".
Who really believes this isn't an intentional "leak".
To what end? To gain a casus belli for a terminal crackdown on the "woke" press?
I mean, if something is imaginable, there's a chance it is indeed so, but still - this would be on a whole other level.
Isn't there some new agency offering tech support? Can't they focus on helping the Pentagon to sort out some internal secure messaging with strict ACL?
How much of a bump is signal seeing as a result of this?
Legality is certainly not just to do with breaking rules; this is more true the further up in the hierarchy you are.
https://archive.ph/xpZHl
Why don't we see appropriate questions? Like how was the number added accidentally? It would have had to be in the contacts already? Was it? That seems highly unlikely. It's the ATLANTIC! Why would they have the Atlantic in their contacts.
And Signal is not an approved app afaik.
The whole thing just seems like it is highly likely it is fake/engineered.
You find it implausible that someone highly placed in the government would have the editor of a major news publication in their contacts?
Who is that theater for? Coulnd't he have been deliberately included in a chat?
Colossal fuckup on many levels. Heads should roll. This kind of thing puts people in our military service at undue risk.
Nothing will happen. If something does happen, it will be an attack on the author of the article.
Indirect strong hint:
Signal is uncompromised.
…at least at the moment.
Or of course, that’s what they want you to think :D
> The Signal chat group, I concluded, was almost certainly real. Having come to this realization, one that seemed nearly impossible only hours before, I removed myself from the Signal group
Why? Why not stay in the group indefinitely (or until found) and write stories sourced from a mysterious individual deep in the entrails of the Trump administration? That would have been absolutely specacular and could have resulted in a hilarious purge while the culprits searched in vain for a traitor in their ranks.
Are you suggesting he knowlingly convert into a hacker and get prosecuted as a traitor?
He exited and correctly disclosed himself as a victim of being unknowingly added. This is exactly what anyone who values the rest of their life should do.
Having people preaching the glorious benefits of a meritocracy and how this white house is gonna spear head it all while these geniuses break the law and operational security the dumbest way possible is simply amazing.
This story lacks substance and is a perfect of example of medias complacency to the state in the name of “national security”… total BS. Ken Klippenstein has a great take on this reporting.
https://open.substack.com/pub/kenklippenstein/p/trump-admin-...
This is just unreal. Ridiculous!
So can we now stop hearing "lock her up" and "what about her email server?!".
After reflecting on this for a day, it seems the best case scenario is Waltz decided to blow the whistle on a bunch of useful idiots.
Most likely scenario he decided to blow the whistle on a bunch of traitors.
It seems least likely that the journalist was accidentally included. The question is why? Seems like our defense personnel are now foreign agents acting against the US.
<tangent opening line of my comment> From people on Reddit: Something that blows my mind- but is fully true "Hell, I've been in fucking EVE Online alliances that had better opsec than this." "I'll raise you one: I've never been in any EVE alliance that didn't have better opsec than this."
..I noted Board Games(Secret Hitler, for example) require better opsec. So do card games- it's mindblowing to note this too...
[Main comment by me - technical outlook] This is not a surprise at all- there were reports that the first Trump administration was using Signal to communicate, and that it was a a risk as messages can be totally wiped and not kept for records keeping.
-From an infosec standpoint- this is more notable than I think people are giving it credit- the fact that the Vice President(Well, maybe not him, he notably admittted in interviews during the presidential campaign, that he'd been briefed by three letter agencies on Salt Typhoon tageting him, but that he was secure because he used Signal) - the director of national intelligence- and several others- use Signal.
it's one thing for Congress, Sweden's Military, and apparently our own military branches to push Signal heavily for non-sensitive stuff-
But when those around three letter agencies -and the groups that would be interested in finding compromises- are using it, that screams to me that it's considered not that easy to attack- which is a point towards Signal
So then the final thing to secure are the endpoints- and of course the risk is a zero day exploit targeting someone. As for subtle push app updates by Signal themselves being a vector- i'd think the Open Source nature of the app prevent that - if the infrastructure for pushing updates is open source as well especially.
Again though- if the White House is using Signal- they likely KNOW most of what their own Three Letter agencies can and can't do(to a point)- so when people in the know are using it- that is telling.
A lot of it may be for the auto disappearing messages, admittedly- but that's notable. And yes, I'm aware Mark Zuckerberg has been known to move conversations off of WhatsApp, to Signal - again, maybe for the disappearing messages(and lack of a report function which would send part of a convo to FB/Meta to my understanding)- but possibly, for the security and lack of meta data being better from a attack surface standpoint
Even if we are generous and assume Signal's protocols and entire communication infrastructure are 100% safe and cannot be compromised, any one single person in the group chat using Signal on a compromised device invalidates all of that.
The fact that Signal was used is less concerning to me personally than the fact that they had this group chat outside of the overall safety umbrella of fully end-to-end vetted systems.
Though the use of Signal is still concerning in that any official system they would otherwise use would have (one would hope) made it far harder if not impossible to accidentally leak the conversation to a random third party.
This is true absolutely
One would hope indeed- I do wonder on that ......
There's another observation though- Salt Typhoon compromised wiretap infrastructure - before Signal, there's no doub't some stuff like this occured over text messages- Because of everyone's efforts to go to Signal- even if it's for the message disappearing- with this, with military branches pushing it hard- with Sweden's Miltary pushing it, etc(for non sensitive stuff)- there's so much of that , that the attack surface overall is massively reduced. In short, if there's going to be stuff outside of vetted systems- running that sort of stuff Signal- likely still helps. (I'm reminded again, of the JD Vance interviews where he let slip that he'd been targeted ,and was informed about it by agencies- but that he was good because of his Signal usage. Now, I don't know what measures he takes to avoid zero day exploits and whatnot- the TLAs would inform him of that- but from what he was saying, it sounds like they were sure he wasn't compromised by that.)
(I'm aware a serious targeted effort would be more intricate than Salt Typhoon/ Trying to use the country's own general Wire tapping capability to target the VP)
Edit: Also, this reveals a bit about psyche- J.D.Vance somewhat ribbed the president- there is probably pressure TO use Signal, so a record of him criticizing the President can't be found out by the President or those more allied with the President who could then start retribution- I imagine dynamics like that, which are human behavior- -ultimately are what absolutely drive all of this.
1 reply →
> As for subtle push app updates by Signal themselves being a vector- i'd think the Open Source nature of the app prevent that
The lack of reproducible builds for Signal’s apps has been a topic of discussion for quite some time:
https://github.com/signalapp/Signal-iOS/issues/641
It's not that secure. If someone has a desktop signal client it has been possible to just access attachments via the file system; they were stored with obfuscated names but no encryption. They may have fixed this since I tested it ~6 months ago.
On desktop you can just read process memory and extract all the keys and tokens.
> A lot of it may be for the auto disappearing messages,
except that the conversation in question, and similar such conversations, are required by federal law to be archived.
So explicitly choosing a communication channel that violates federal law for conducting federal business is, umm, sketchy?
><tangent opening line of my comment> From people on Reddit: Something that blows my mind- but is fully true "Hell, I've been in fucking EVE Online alliances that had better opsec than this." "I'll raise you one: I've never been in any EVE alliance that didn't have better opsec than this."
That is some seriously selective memory
https://old.reddit.com/r/Eve/comments/4cdmmc/wtf_is_going_on...
https://old.reddit.com/r/Eve/comments/4dvoj5/sma_diplosleade...
https://old.reddit.com/r/Eve/comments/4f3epd/a_different_kin...
And here's some more recent ones
https://old.reddit.com/r/Eve/comments/1f6t1vw/your_relays_ar...
https://old.reddit.com/r/Eve/comments/1g3p232/alcoholic_sata...
Major alliance infrastructure and security is probably better than most US corporations but doesn't come close to secure government systems, obviously
AI spotted those comments on reddit- note: those were not my words about Eve(which i'm unfamiliar with!)
Point taken though , the commenters who said that were ...obviously..anecdotal, -though possibly still more the norm...)
Normalizing war. With emojis and all. Cool.
Staggering display of incompetence and carelessness. And unfortunately, one that we’re unlikely to get much transparency about, in terms of how such an operational screwup was allowed to happen.
> At 11:44 a.m., the account labeled “Pete Hegseth” posted in Signal a “TEAM UPDATE.” I will not quote from this update, or from certain other subsequent texts. The information contained in them, if they had been read by an adversary of the United States, could conceivably have been used to harm American military and intelligence personnel, particularly in the broader Middle East, Central Command’s area of responsibility. What I will say, in order to illustrate the shocking recklessness of this Signal conversation, is that the Hegseth post contained operational details of forthcoming strikes on Yemen, including information about targets, weapons the U.S. would be deploying, and attack sequencing.
> …The Signal chat group, I concluded, was almost certainly real. Having come to this realization, one that seemed nearly impossible only hours before, I removed myself from the Signal group, understanding that this would trigger an automatic notification to the group’s creator, “Michael Waltz,” that I had left. No one in the chat had seemed to notice that I was there. And I received no subsequent questions about why I left—or, more to the point, who I was
Don’t worry - this massive fuckup will surely spark numerous congressional investigations, resignations, and trigger serious reflection by the administration on their security protocols so they will comply with the necessary recordkeeping laws, confidentiality and proper handling of classified information in the future.
Oh who am I kidding.
Less than 8h later: “it’s just an oopsie right? No harm no foul- nothing to see here folks” https://www.politico.com/live-updates/2025/03/24/congress/mi...
>Less than 8h later: “it’s just an oopsie right? No harm no foul- nothing to see here folks” https://www.politico.com/live-updates/2025/03/24/congress/mi...
Oh, much worse than that. https://x.com/Acyn/status/1904309995019411933
Despite the fact that the NSC already said it appears to be legitimate, Hegseth is going into full attack mode against the "discredited, so-called journalist".
2 replies →
Sadly, were this a different administration, they would have already declared an investigation with a goal to impeach a president. Such a ridiculous double-standard with clear partisanship on display. “Both sides”…
I've already seen at least two posts on X with claims that this was actually all intentional and that "Trump is playing 5D chess"... and I think they were serious.
Move fast and break things bro
2 replies →
> Staggering display of incompetence and carelessness. And unfortunately, one that we’re unlikely to get much transparency about, in terms of how such an operational screwup was allowed to happen.
I have a theory that's well backed by history: when your sole qualification for applicants for important positions in any organization is how well they fondle your balls, you often miss other important data points: for example, if they can use messaging apps correctly.
Is this worst than using Top Secret documents as toilet paper?
https://d3i6fh83elv35t.cloudfront.net/static/2023/06/FyM1h-C...
Possibly, yes, as these messages leaked details of ongoing military operations.
I never realized before with this photo, but space was actually made to still use the toilet sitting in that room with the tower of boxes 6 inches from your face. Straight out of a comedy sketch, almost too perfectly staged with the gaudy lights, stool colored formica, and $2 walmart shower curtain with the pressure fit rod right into the plaster. A shame for all of us that the photo came out of real life and not satire.
Pardon my ignorance but what’s the context of this picture? I don’t watch the news fwiw.
5 replies →
There's a lot of useless junk that's cleared by association
3 replies →
Almost as bad as a private email server being used for governmental business.
Oh this administration does that, too.
“People have gone to jail for 1/100th of what – even 1/1,000th of what Hillary Clinton did.” -Hegseth
“How is it Hillary Clinton can delete 33,000 government emails on a private server yet President Trump gets indicted for having documents he could declassify?” - Waltz
“Nobody is above the law. Not even Hillary Clinton – even though she thinks she is,” -Rubio
2 replies →
No, that was intentional.
This incident was an accident.
1 reply →
But her emails!
No consequences: "Trump stands by national security adviser Mike Waltz despite disclosing military plans" - https://www.nbcnews.com/politics/white-house/trump-stands-na...
> In his text detailing aspects of the forthcoming attack on Houthi targets, Hegseth wrote to the group—which, at the time, included me—“We are currently clean on OPSEC.”
Simply incredible. This is wild.
he said similar thing on his confirmation hearing
"My commitment is to not touch alcohol while I have this position"
Lol the most liar-y way to phrase it.
This is bad news for entire genres of books, TV shows and movies that are based on the supreme competence, sophistication and wealth of the Pentagon, NSA and CIA.
Turns out US military strategy is the same as me and my mates setting up a bar date.
It's a disturbing leak in itself but i take issue with the journalist obsessing over the tool of choice whilst ignoring the actual strategizing.
The casual way in which a mass murder is planned. The emphasis on "messaging" and how to spin this on Biden and Europe. The teenage-like emojis to celebrate acts of war.
This administration looks bad from the outside but through this leak we can see that their shocking press moments are still the polished and spun versions of a reality that is far more sick.
Film and tv are safe, this was done by political appointees. The civil servants (you know, the "deep state") are much better about it because it's their job.
> Turns out US military strategy is the same as me and my mates setting up a bar date.
Typically these positions are filled by highly qualified people with decades of experience.
This administration is not typical. They deliberately chose inexperienced people who would be loyal above all else.
Selecting for incompetence was part of the plan, and it’s been obvious from the start.
Hegseth was a Fox News host, not someone qualified for this position.
This story is stranger than fiction.
The most excellent steak can be ruined by an amateur chef easily.
I agree with your point on the spin, although I wonder if the Signal angle is the only thing even republicans can agree with to be kinda bad, given that even the most egregious reports on the current administration don’t really cause as much as a raised brow there. So to make it a story that doesn’t just resonate in the liberal echo chamber, include something despicable to both camps.
> on the supreme competence, sophistication and wealth of the Pentagon, NSA and CIA.
Agencies with no oversight are seen as competent? That's news to me. There's a definite waste of taxpayer dollars on propaganda to try to make this point publicly but I didn't think anyone was poorly educated enough to actually believe it.
Sorry are you claiming that the United States intelligence community is incompetent and that anyone who things otherwise is poorly educated?
What are you basing this on?
4 replies →
A normal govvie sending cleared materials to unapproved recipients over unapproved channels? 20 years in federal prison.
A govvie with status doing the same? A slap on the wrist.
Embarrassing.
Yeah, the next time I have to submit a SAAR form for military network access, and they request my Information Awareness Annual Training certification as an attachment, it's going to be hard to not laugh in their face. We were getting scolded about "not even searching the 'Net for the content of the Teixeira leaks because possessing classified info could be prosecuted" and these guys are discussing upcoming strike packages in their Signal chat? Un-fucking-real.
A Trump cabinet member doing the same? Not even a slap on the wrist.
Basically confirming what we knew all along that it is security theater. IMO we should keep the nukes & drone force to secure the borders and make sure that these are competent to maintain security.
But the rest of the military/DOD/ABCD/USAID is legacy bloat left over from the cold war and should be cut. Then we can finally get rid of the income tax for most if not all of the country.
Edit: I say this as an independent who does not support either "side".
That is absolutely wild. How is this not on the front page?
To what end? How is this newsworthy any more? It has the President's blessing - that's all you need now.
If literally storming your government building, threating your representatives and injuring police officers isn't punishable any more what is?
It does really feel like we are men watching our women and children accosted. We feel impotent as the public currently.
[flagged]
8 replies →
As far as I know, if submissions get flagged they get downranked. Not sure about the details.
It's not currently flagged, though. (Or at least, it's not currently marked [flagged].)
3 replies →
HN front page is curated manually.
I don't believe your statement is accurate.
[Edit: I interpreted "curated manually" to mean that dang picks each story that is on the front page. tptacek interpreted it to mean that, since users upvote and comment on stories, that's "manual curation". I interpret that as being "automatic curation", that is, an algorithm picks the front page stories, even though it's based on users' upvotes and comments. I cannot prove which of these two forms belter meant. Naturally, I prefer to think that it was the one I read it as, but I can squint hard enough to see tptacek's version.]
47 replies →
Omerta.
The nickname Stupid Watergate will never die
This would be unbelievable in a normal administration. The combination of flagrant lawbreaking and incompetence is just so characteristic of these clowns.
No, nothing in the Clinton email scandal comes close to cabinet secretaries accidentally real-time texting imminent war plans to journalists using a non-governmental system with auto-deleting messages.
Could you please stop using HN primarily for political battle? That's not allowed here, regardless of what politics you're for or against.
https://hn.algolia.com/?sort=byDate&dateRange=all&type=comme...
https://news.ycombinator.com/newsguidelines.html
(This is not a comment on the current story, or any story.)
¯\(ツ)/¯ Plenty of people in Trump's own cabinet used private email servers too, but no one cared.
As always, it's only a problem when a Democrat does it.
I’m sort of surprised Democrats haven’t snapped yet.
29 replies →
This is an insane story demonstrating extraordinary incompetence, not to mention revealing some rather comical beliefs about American exceptionalism.
It's on the bottom of the third page, pushed down by flags. During any other administration, such a disastrously, criminally incompetent use of technology would have been top of the front page for days, but this administration is so cosmically incompetent that pointing it out is "partisan" now. Everyone is just tired of people commenting on the fact that this criminal bunch of Fox News host miscreants clearly have zero idea what they're doing.
Also...but her emails!
Who do you think will sponsor the Egg roll? They just need to move the Tesla infomercial out of the way, and maybe Trump can feature some of his garbage shitcoin crypto.
Jesus Christ. What a fallen idiocracy.
Not just days - months.
We saw A1 headlines for months about Clinton's emails. Often daily.
[flagged]
11 replies →
Use https://news.ycombinator.com/active as your starting point. It's not linked from the front page.
Thanks, and also thanks to moderators for offering it
The top story on Fox News right now is "Trump allies move to prevent 'activist judges' from overstepping presidential authority." This story isn't even on the front page.
To be fair, it broke as an exclusive to the Atlantic about 180 minutes ago. The NYT now has it "above the fold" on their front page. Unlike a story coming directly from a public source, it sometimes takes a bit longer to spin up re-reporting on another outlet's scoop like this.
2 replies →
It was a couple hours later (on Fox).
They use signal. They added the wrong person to the chat. Oh well. There’s no real disaster here. No real operational details exposed. Just some politicking that surprises no one.
Did you read TFA? Operational details were shared on the chat but the journalist, out of concern for exactly what you describe, redacted those details from his report.
In the banking world, employees have been fined significant sums, or even forced from their jobs [0], for unauthorized use of messaging platforms. And here, it's barely a shrug. Unbelievable.
[0] https://www.reuters.com/business/finance/morgan-stanley-hit-...
In the government world, people have been jailed for it. Not people so directly connected to a president, though.
Laws no longer apply to them - laws bound people below. If you're interested what will follow, look into Russia or Hungary.
Heh. Like when they arrested someone for running their own mail server and sending classified information through it? Oh wait...
1 reply →
Who's going to arrest them?
Fun fact, initially when places were setting up police forces, people railed that it was an infringement on their right to do a Citizen's Arrest.
This is why you have a constitution, codified laws, judicial system, separation of powers, etc. We're just learning now none of these things are worth the paper they're written on.
10 replies →
Rules for thee but not for me. Now get back to work, peasant.
it's not unauthorized use of signal;
"Government officials have used Signal for organizational correspondence, such as scheduling sensitive meetings, but in the Biden administration, people who had permission to download it on their White House-issued phones were instructed to use the app sparingly, according to a former national security official who served in the administration."
https://www.pbs.org/newshour/nation/heres-what-to-know-about...
It absolutely is an unauthorized use. Authorize use is "let's go to lunch". This was "let's bomb these people at this time".
Big difference.
Let's assume for the moment that the discussion of military plans on Signal was covered by this policy. That's debatable as others have said. Other parts of that policy would seem to suggest this kind of conversation is expressly forbidden on Signal and similar unofficial chat apps, while other less sensitive conversations are permitted.
How does that excuse the lack of attention and validation that resulted in an unintended party being added to the chat?
Regardless of Signal usage policy, that is a massive fuck up.
Did you read the article? Signal is not approved for this kind of communication and has long been advised against. They also had messages set to autodelete which violates the records act. It's blatantly illegal
Buttery Males!
It's too bad that this is being downvoted - swiftymon is trying to provide some context. It's useful to the discussion and well sourced. I'd love to read counterarguments rather than have this fade away :)
5 replies →
[dead]
It’s actually kind of a relief to at least confirm that these cronies would work like this. I.e. whatever they have in store they will probably end up shooting themselves in the foot.
Well, themselves and the 53 humans who were blown up in a distant country by Star War technology.
Actually, now that I think about it, no - this is terrifying and awful and just so so so stupid.
Is that a SCIF in your pocket or are you just displeased to see me
[dead]
[dead]
[dead]
Even worse, Trump wasn't aware of this leak (or denies knowledge of it) until questioned at a press conference earlier today. And instead of promising an investigation, the best he can do is throw some weak insults at The Atlantic.
BUTTERY MALES indeed.
> Trump wasn't aware of this leak (or denies knowledge of it) until questioned at a press conference earlier today.
Trump routinely denies knowledge of things he doesn't want to talk about, even things that he has previously demonstrated knowledge about. It's a standard deflection that he never gets called out on or significant pushback on the implications of his claimed lack of knowledge, so he keeps doing it.
Well I think it's very common for representatives to not directly reply after a certain incident, because they don't have all the details yet and they want to take time to form a proper response. Don't see how this is specific to Trump.
7 replies →
To circumlocute his habitual evasion, try offering an active phrasing: “Do you have a replacement in mind for Secretary Hegseth?” would be one way to prevent the passive-aggressive “I don’t really know Peter B. Hegseth”. When Trump “doesn’t know” someone, it’s a very final thing.
By the revealed content of the chat, Trump wasn't aware of the decision his subordinates made. They just intuited Trump's wishes and dropped bombs based on that.
When they say VP do they mean Vice President or Vladimir Putin?
[flagged]
[flagged]
Please don't do this here, regardless of how wrong someone is or you think they are.
I honestly don’t think my comment warranted your attention, let alone your feedback. Nonetheless, point taken.
1 reply →
They have a tendency to simply just ignore things that challenge or are not aligned with their worldview so I expect you'll be waiting for quite some time unfortunately.
Mr. Trump's return into White House made news about America interesting again.
[flagged]
[flagged]
[flagged]
Sounds almost too good to be true.
[flagged]
[flagged]
[flagged]
Goldberg wrote an influential-at-the-time article: https://en.wikipedia.org/wiki/Jeffrey_Goldberg#Views_on_Iraq
I feel it's a stretch to say 'he lied us into the Iraq war' as if everyone based their decisions on that. There's an very unfortunate tendency in political discussions to rely on fallacies of composition, where an instance of some phenomenon is taken as equivalent to a whole. Throwing that out with no further context or discussion looks like a genetic fallacy as well. The White House has already acknowledged the reported conversation appears to be authentic.
[flagged]
6 replies →
The person I was in 2002 is vastly different than who I am now (PS- I am not Jeff Goldberg). I would assume the same would apply to you as well.
the person that i was in 2002 did not—and would not—spin a story out of whole cloth into the national press—especially one that would contribute to the deaths of over 100k innocent people
[flagged]
What does this have to do with this story?
Yes, same Jeff who was an ex-IDF prison guard
Why do we throw pearls before these swine lemon_zest?
I could have swore that was Dick Cheney.
There were many people on the rowing team, but as someone who lived through it, Goldberg was one of its most vigorous members. One expects that there is a special place in hell for all of them.
6 replies →
[flagged]
No, this isn't just about Hegseth. Any of the people on the chat could and should have said...
* Signal isn't an approved communications method for national security information at all.
* Who is this extra person on this chat? (and Hegseth wasn't even the one who added him apparently.)
* Having the only record [1] of this be auto deleting definitively violates the Federal Records Act (even if signal were an approved platform).
This is about group malfeasance and normalization of deviance.
[1] I don't know that part for certain, but I do suspect it...
[flagged]
Paywall
https://www.theatlantic.com/politics/archive/2025/03/trump-a...
The level of incompetence in this administration is laughable — well it would be if it wasn’t so sad
seems like a UI design failure
"Don't make me think" was certainly the guiding principle at play here.
UI could be considered failure if we were talking about casual gossip. Particular UI shouldn't be the issue because the App was not supposed to be used for this. These should be professionals. Issue was between keyboard and chair.
This Yemen situation is quite interesting. In 1948 nobody could have conceived a situation in which white people wouldn't be running the world, Dutch people were still religious and public opinion was pro Israel. Hopefully when the last boomers die we can finally extricate ourselves from this self imposed fuck up.
Did only boomers vote?
He may have just received screenshots from a compromised phone and wrapped himself into the story.
False Flag, perchance?
What? What are you saying was a false flag?
It would be interesting and valuable to have additional security controls in Signal group chats. It's frustrating that the platform is so feature limited.
Can you expand on what you'd like to see?
Some layer of ACL and better controls over group membership and message visibility. In this case, if it were an inadvertent added member, then there could be a group/role level restrictions on channels that restrict members from a pool of approved members depending on the security context. Classic security stuff, really. I'm sure others could think of more interesting use cases, but preventing mistaken group adds feels like low-hanging fruit.
2 replies →
Who is surprised the US is planning on military action in Yemen?
The journalist declined to give any details after “UPDATE”, so that the story is not about Suez shipping but about opsec.
Could've been a setup to get The Atlantic to leak government secrets...
But the backfire is catastrophic: every leaker in DoD can now claim as a defense that their leak must be a political appointee up there attaching docs to now-expunged Signal chats. That is now both Occam and Bayes rational.
And then, the natural course of action is to ban them.
I don't think you deserve the downvotes considering that would be very in character for this administration. That said, it does not seem plausible considering the number of officials they'd have to incriminate to burn Goldberg, not to mention the airing of so much dirty laundry. Seems like a better plan would be to go to him directly with a phony leaker.
Amazing that with H.N.'s doctrinaire application of the exact original title rule, this is the title that the mods chose to editorialize.
HN has no "doctrinaire" rule about exact original titles. The rule is this: "Please use the original title, unless it is misleading or linkbait; don't editorialize." - https://news.ycombinator.com/newsguidelines.html. Note that word "unless". Since the original title was linkbaity, I replaced it in accordance with the rule.
That's not editorializing, because it's using the article's own language and is a more accurate and neutral description of the article. Editorializing is when a submitter takes advantage of the title field to convey their own view of an article.
Remember: every comment on here is implicitly directed to dang, and every link is implicitly approved of by dang.
This is really his website at this point. The rules are mainly just his tools for shaping the content of discussions and submissions to his liking.
A decade ago it was different. I mean, he was still way overbearing and biased, but I don’t think it really had the same power-steering effect on the shapes of discussions as it does today. Over time, this is where we’ve come to.
Oh you guys. If HN were to my liking, I promise you it would be an entirely different place.
Suppressing my own like/dislike responses is where most of my energy goes when doing this job.
1 reply →
I happen to know first hand that the thread is not going quite to dang's liking at the moment. I'm hoping it improves, but people are having a hard time sticking to the technical and security aspects.
5 replies →
Thank you for proving that other HN members can call out bad HN policies and the way its applied by its de-facto leader. N-gate died far too soon.
This was such a weird news story to read. At least they used Signal? That's gotta be a plus at some level.
Unrelated, but I wonder how the gray hat market for Signal vulns is doing now?
How is that a plus? Maybe vs plain old SMS...
But, it's a flagrant leak of classified info. Using a medium explicitly prohibited by policy. And likely now lost to time (Signal messages can be configured to auto-delete on a timer), when all of this sort of correspondence is legally required to be retained.
> How is that a plus?
They could've used Telegram /s. It's popular with the crypto crowd after all.
2 replies →
Signal is primarily for end-to-end encryption.
If a device has been compromised, the database can be extracted with all messages and contacts
The basic Signal vulnerability even if the protocol is perfectly sound is that they can push effectively silent automatic app updates to do whatever. Presumably they didn't want to signup for this but that's how app distribution works nowadays, and it's certainly not fit for classified information.
It's unlikely that there is one.
How can we know this group chat was really comprised of government officials and not some bored teenagers? Signal allows you to set your profile name to anything you like.
From the article:
> Brian Hughes, the spokesman for the National Security Council, responded two hours later, confirming the veracity of the Signal group. “This appears to be an authentic message chain, and we are reviewing how an inadvertent number was added to the chain,”
Is there an official statement of this on a government website?
1 reply →
Have you read the article? The author mentions this exact concern.
Watch the Senate Intelligence Committee hearing from earlier today. You can hear one of the participants in that chat acknowledge that he's in it and it's real in response to the questions of committee members.
This is not in question, at all.
The natural and insider language of the chat, and (especially) the perfect timing of the strikes with the planning in the tread, also make it extremely unlikely this was anything but a genuine conversation, even without confirmation. The alternative is a combination of a very-prepared fraudster with either their own source of privileged information (to get the timing right) or else an incredible coincidence such that their entirely fake and uninformed planning matched the timing set out in the real planning. That it was genuine is far, far more likely than either of those (one of which raises its own, different security concerns, anyway)
Excuse me folks but is there any evidence that he was really in the group?
Going through the reporting a couple of times it could very well be that he was never part of the group. Screenshots of the group members including him or a screen recording nowhere to see. He didn’t write anything in the group but immediately wrote each individual after he left the group.
If he never was in the group and only received intel about it, the people which provided him with the intel would be able to tell him that critical information was posted in the group, which was accurate, but he wouldn’t have seen it.
The Atlantic has published the entirety of the chat logs including the members list, so yes.
https://news.ycombinator.com/item?id=43481521
Thanks that’s what I was looking for!
One of my takeaways is that "national security secrets" really aren't that important. The Secretary of Defense was in on this. Whatever was in that chat just doesn't matter, except to manage the reporting on it.
I call on Bart Gellman to dump the Snowden document repository he's got. Clearly nothing in it matters, if this was so casually compromised.
It only "didn't matter" because the journalist had the good sense to keep quiet until after the operation was complete. And continues to keep some of the conversation secret. Imagine if Hegseth had accidentally CC'ed somebody aligned with Iran?