EDIT: Since I’ve posted this, an English language version of the article has been published. Here is the link. @Mods: please let me know if I should replace it in the in the URL field as well, I’m going to leave it as is for know,
Article both in German and behind a paywall. I’ve translated the most relevant parts:
Donald Trump’s most important security advisors discussed a military strike via signal chat. Research by [the German magazine] SPIEGEL now shows that the problem is even bigger. […] Private contact details of US President Donald Trump’s most important security advisors are available on the internet. Research by SPIEGEL revealed mobile numbers, email addresses and, in some cases, passwords.
For the research, information from commercial personal search engines and customer data published online was used. National Security Advisor Mike Waltz, US Intelligence Coordinator Tulsi Gabbard and Secretary of Defense Pete Hegseth are demonstrably affected by the leaks.
Most of the publicly accessible numbers and email addresses are probably still being used by those affected. Some of them are linked to profiles on Instagram and LinkedIn, among others. They were used to create Dropbox accounts and profiles in apps that track running data. There are WhatsApp profiles for the respective phone numbers, and in some cases even Signal accounts. […] It is therefore conceivable that foreign agents were reading along when Gabbard, Waltz and Hegseth discussed a military strike in a signals chat with others.
Original German text
Donald Trumps wichtigste Sicherheitsberater diskutierten einen Militärschlag per Signal-Chat. SPIEGEL-Recherchen zeigen nun: Das Problem ist noch größer. Private Kontaktdaten der wichtigsten Sicherheitsberater von US-Präsident Donald Trump sind im Internet einsehbar. Recherchen des SPIEGEL förderten Mobilnummern, Mail-Adressen und teilweise Passwörter zutage.
Für die Recherche wurden Informationen aus kommerziellen Personen-Suchmaschinen sowie im Netz veröffentlichte Kundendaten genutzt. Betroffen von den Leaks sind nachweislich der Nationale Sicherheitsberater Mike Waltz, US-Geheimdienstkoordinatorin Tulsi Gabbard und Verteidigungsminister Pete Hegseth.
Die meisten der öffentlich abrufbaren Nummern und Mail-Adressen werden von den Betroffenen wohl immer noch genutzt. Sie sind teilweise mit Profilen unter anderem bei Instagram und LinkedIn verbunden. Mit ihnen wurden Dropbox-Accounts und Profile in Apps angelegt, die Laufdaten tracken. Es finden sich zu den jeweiligen Telefonnummern WhatsApp-Profile, teilweise sogar Signal-Accounts. […] Es ist daher denkbar, dass ausländische Agenten mitlasen, als Gabbard, Waltz und Hegseth in einem Signal-Chat mit anderen einen Militärschlag besprachen.
So…not to be dramatic or anything, but this sounds really fucking bad.
They’re human. All sorts of people have personal accounts compromised, they don’t need flak for that.
What’s bonkers is that they are using at least some of it, casually, for sensitive professional talk. If you are anyone close to this position, you do whatever the heck security tells you without question, and it’s not over public signal or Dropbox accounts.
An analogy is trying not to get sick. Sure, people try their best in their personal lives. No one is perfect. But you would act very different in, say, a CDC lab working on Ebola. This would be like someone walking out with a Petri dish splattered all over their suit, and shrugging when someone with an accent scrapes it off your suit. It just screams “I have no regard for this institution’s protocol or the consequences.”
…But it’s worse than that. Like, I cannot describe the billions spent on even slightly influencing or penetrating these people’s spaces, and it turns out they are operating like your boomer grandparents, apparently ignoring the direct instructions of the largest security institution on the planet like they know better.
Maybe i am naive, but i would think that looking for compromises on personal accounts would be part of a security on-boarding process. Even if they don’t discuss sensitive information on their personal accounts. If for instance a foreign agent gets to read them sexting their affairs that creates quite some blackmail material.
I assure you you’re not naive. They didnt do background checks or security onboarding for the cabinet “because it would take too long”.
This kind of thing used to be a big deal. There were some kind of exotic custom-hardened Blackberries that the top people got as their personal devices, specifically so the national security apparatus could have some kind of a prayer of keeping them secure against this stuff.
Being in an office like the US president is weird. You’re kind of the boss, but you’re also kind of an employee. Your employer gives you tons of restrictions some of which really are pretty irritating or restrictive, but it’s for a good reason. It’s a big deal. The kind of responsibility you carry is so globe-spanning that some of your personal preferences go straight to the back of the line. Of course, that was all when the system is functioning properly and keeping us safe from violent adversaries. Now the people in charge are violent, corrupt morons who are openly in league with our adversaries. Why would they be trying to keep us safe from them, even if they even could grasp the issues involved? Where that all might lead is pretty hard to say but it’s for fucking sure not good.
I think it’s about respect as much as convenience.
If security guys told Biden, or Bush, or maybe even 2016 Trump he had so do something, he’d nod his head and do it.
Now? They don’t trust them. They actively rejected protocols and norms when transitioning because they didn’t trust the Biden government. They very explicitly don’t trust the US Intelligence community. They don’t trust scientific institutions or other parties in their own government.
That’s different than being corrupt. That’s drinking the kool aid of a very toxic information environment, and I think that’s even more dangerous, as it compromises their own incentives for survival.
This is just a small example of that.
Yeah. When you’ve been handed free wins all your life, it’s genuinely confusing to you when someone talks about it being important to play smart. “No, we just do whatever we want and win anyway. That’s how it works.” Until it doesn’t…
Yes of course. Trying to dig up people’s skeletons before spies do has been happening way before the internet, and I would have assumed the government would have tried to “sweep” their personal accounts for vulnerabilities.
But… well, there were some warning signs of resistance to this just after the election:
https://www.axios.com/2024/11/26/trump-transition-white-house
They don’t trust the institutions they run.
I think your Ebola analogy is apt. These are the people who killed USAID and foreign medical aid during the start of an Ebola outbreak, ignoring the pleas of the CDC. These are the people that appointed RFK Jr.
In other words, they put just as much care into not getting sick.
Not to sound alarmist or anything, but this is quite possibly the worst thing in history for US intelligence, so far.
Just think, how many accounts do you reuse your password for? How many of those are 2fa? Now take all that, wrap it up in an alcoholic, and now you’ve got the opsec of a toddler.
toddlers actually have weirdly good opsec. they couldn’t tell you their passwords if they tried.
what if the password is “dadabladababada”?
what do you think the odds of them accurately saying that whole thing on purpose are? I think they are not.
and I think no matter what language, they’re bound to just be missing entire phonemes.
I would be very surprised if any of these idiots even know what 2FA is, let alone use it.
Pretty much everyone has compromised accounts/passwords because websites keep getting hacked. You can go to haveibeenpwned.com and look up your own.
That said, it’s also why you shouldn’t be using the public Internet for classified information.
also why you should use good passwords and not reuse them
SIPRnet
An absolute gong show
I’m hoping they can dig up more dirt on the Russian sympathy.
When you decide to start buying fertilizer from an enemy of the United States over a longtime ally and partner, this is all the red flags you need.
At what stage should we be at in terms of beginning to think about maybe starting to worry?
November 6th 2024
You misspelled 2016.
You’re a little late for that
no. I really wish journalists would stop whistleblowing this shit, and start handing this off to people who could get these bastards in line or handling these bastards themselves.
It’s public, it’s handed off to everyone :)
bystander effect, coventry problem.
once it’s exposed and they know everyone knows, it becomes a lot less useful. can’t be used for blackmail (it wouldn’t have worked to release it, but they didn’t know that before it dropped), can’t be used covertly to undercut the actions. that’s kind of the coventry problem.
Who would that be in this case?
i have no fucking clue. like, irish or french intelligence, depending on your sympathies? so they could be brought back roughly in line? or someone could use it covertly? maybe cuban or mexican if you want to go chaos mode? I figure those’re all closer to the interests of the people who live here than… this.
OPSEC 100% clean!
👊🇺🇸🔥
Powerful start!
The only thing cleaner is his conscience /s
It is therefore conceivable that foreign agents were reading along when Gabbard, Waltz and Hegseth discussed a military strike in a signals chat with others.
It is guaranteed that foreign agents were reading along. 1,000% guaranteed. Probably most if not all of their personal devices are compromised, the E2EE aspect doesn’t even matter.
Infosec in the modern computing ecosystem against skilled and well-resourced adversaries is very very hard, even when you’re trying, and this bunch isn’t trying and wouldn’t be good at it if they were.
One of the participants was IN FUCKING MOSCOW AT THE TIME! It is a guarantee that Russia, at the bare minimum, was reading it first hand holding the phone of a participant.
Maybe we can subpoena chinese intelligence officials to get some straight answers on this.
Thank you, I’ve added it to my post
What a bunch of fucking vulnerable idiots. No big deal, just nuclear arms in the hands of the types who don’t know how to turn on their computers.
Guys, I’m starting to wonder if trump and his cabinet are, y’know, outrageously fucking stupid.
This level of stupid can only be intentional, tho right? Need to come up with some type of unprecedentedly stupid award before more new records are set quick!
Hegseth would never let someone else hold his beer.
Another day, another woopsie doopsie.
Write with large letters in the White House. New slogan. “Stultitia et imperitia”. Sounds good.
Stultitia et imperitivae = stupidity and ignorance. Couldn’t agree more with the spirit of this post.
Imperitia is correct in this context.
Sorry, I wasn’t trying to correct anyone, I had to look this up and that’s what my translator returned. I’m agreeing that this should be the de facto slogan for the White House (and most of Congress).
Yeah, Latin translators can be quite bad, be very careful with them.
imperitivae is not even a valid word form. It seems to be a mix-up of imperitia (female noun, meaning ignorance) and imperitiva (female adjective meaning commanding) which would not make sense since the sentence requires two nouns. You could say something like stultitia imperitiva which would translate to something like “the commanding stupidity”, but idk how much sense that would really make. It just sounds strange. A better phrase for that would be something like stultitia regentium (the stupidity of the rulers), as in stultitia regentium patriam perdidit (the stupidity of the rulers has destroyed the country).
Imagine the new fascist American regime not even getting off the ground because the fascists are so incredibly incompetent
Sweet lawd let it be so. 🙏
Mr bean does fascism
Unfortunately, fascists don’t need to be competent to be effective. In fact, ignorance plus incompetence can be very dangerous.
Hitler Was Incompetent and Lazy—and His Nazi Government Was an Absolute Clown Show
They are some of the dumbest people imaginable. So there is hope.
We need to bring Rudy Giuliani back as cybersecurity adviser.
Is he still alive?
Doesn’t he work at the Four Seasons garden shop now?
Merit based hires
Great job Senate. They knew they shouldn’t have appointed these complete amateurs, but they were too afraid of being primaried by Trump lackeys.
I’d love an anonymised list of the passwords used, out of sheer curiosity. Just how safe/smart are these people, that are entrusted with running the world’s (currently) most powerful nation?
How many “password1234” or “asdfghjkl” would we find?
Buttery males is why we are here. Donald love buttery males!
Republicans are just fucking morons. Jesus.
