Days before a significant security breach, a Pentagon memo warned against using the messaging app Signal. This advisory, dated March 18, highlighted vulnerabilities in the app, particularly concerning its use for unclassified information. The warning came just as top national security officials accidentally included a journalist in a confidential chat about military operations in Yemen.
The memo stated that Russian hacking groups are targeting Signal to spy on sensitive conversations. It emphasized that while third-party messaging apps like Signal can be used for unclassified discussions, they are not approved for handling non-public information. Despite this warning, Defense Secretary Pete Hegseth and other officials used Signal to discuss bombing Houthi sites in Yemen. In a surprising turn of events, Jeffrey Goldberg, an editor at The Atlantic, was mistakenly added to this chat, gaining access to sensitive discussions.
In response to the memo, a Signal spokesperson stated that the company is not aware of any vulnerabilities that haven’t been addressed. The Pentagon memo also mentioned that using insecure channels for classified data, even if deemed minor, could end a military officer’s career.
This incident raises serious questions about the security practices of high-level officials. It’s unusual for leaders in Defense, State, Intelligence, and National Security to share such sensitive information in a known unsecured environment. Previous Department of Defense memos have prohibited mobile apps from being used for controlled unclassified information, which is less sensitive than ongoing military operations.
The implications of this breach are significant. It highlights the risks of using unsecured messaging platforms for discussions that could impact national security. As the situation develops, it will be crucial to see how the Pentagon addresses these vulnerabilities and what measures will be taken to prevent similar incidents in the future.