Just days after senior Trump administration officials — including Secretary of Defense Pete Hegseth — included a journalist in a Signal group chat discussing secret military plans, the Pentagon issued a warning that Russian hackers had cracked the app.
According to the Pentagon advisory, officials should stop using the app, even for sending unclassified information, citing a “vulnerability.”
“A vulnerability has been identified in the Signal messenger application,” the advisory, which was sent out on March 18, said, according to NPR.
The advisory states that “Russian professional hacking groups are employing the ‘linked devices’ feature to spy on encrypted conversations.” It goes on to note that Google has also identified Russian hackers who are targeting “Signal Messenger to spy on persons of interest.”
Signal’s benefit vs other messaging apps is that it is encrypted, and, in theory, should protect its users’ messages from being intercepted by unwanted viewers.
A spokesperson for Signal told the Pentagon that its security has not been broken, but warned that users falling victim to basic phishing attacks could still put their message privacy at risk.
“Once we learned that Signal users were being targeted, and how they were being targeted, we introduced additional safeguards and in-app warnings to help protect people from falling victim to phishing attacks. This work was completed months ago,” Signal spokesman Jun Harada told the Pentagon.
The Pentagon memo included a note that “third-party messaging apps (e.g. Signal) are permitted by policy for unclassified accountability/recall exercises but are not approved to process or store non-public unclassified information.”
Hegseth and other Trump administration officials used the app while planning the bombing of Houthi sites earlier in March. Even if Signal’s security is top-notch, it doesn’t stop people included in the group chat who shouldn’t be there from viewing the information — people like the Atlantic’s Jeffrey Goldberg.
In a wild story published earlier this week, Goldberg explained how he was included in the sensitive group chat and watched in real time as the Houthi bombing was planned.
Hegseth denied the incident happened and called Goldberg’s character into question, but the Pentagon confirmed its veracity.
Goldberg told CNN that Hegseth was lying, and said he has not published what he saw because he considered it “too confidential” and “too technical” to be made public, fearing that doing so would put US servicemembers at risk.
Despite the unprecedented breach, Donald Trump insisted that no classified information had been shared in the group chat, and downplayed the incident before revealing that “a lot of the military” uses the app, which is known to be targeted by Russian hackers.
“It’s just something that can happen. You can even prepare for it, and it can happen.” Trump said. “It’s used by a lot of the military, and I think, successfully. But sometimes somebody can get onto those things. That’s one of the prices you pay when you’re not sitting in the Situation Room with no phones on, which is always the best, frankly.”
The president said his administration will “look into it.”