25-03-2025
The Wiretap: A Signal Of The Trump Administration's Security Vulnerabilities
The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here.
After a leak of a Signal chat to a reporter, there have been calls for defense secretary Pete Hegseth to be fired. (Photo by)
Getty Images
The accidental inclusion of The Atlantic's editor-in-chief Jeffrey Goldberg in a Signal chat detailing where bombs were going to fall in Yemen has managed to elicit bipartisan astonishment and criticism.
This was undoubtedly one of the most bizarre intelligence-related snafus in recent memory, not to mention careless and potentially illegal. It's also a sign of what to expect from a government led by a president whose operational security has long been a concern, from his use of a personal device to do government business, to his hoarding of classified files at Mar-a-Lago.
A more immediate intelligence concern, though, is that former news anchor and now defense department chief Pete Hegseth seemed happy to disclose airstrike information in a Signal chat outside of official government channels. Then there's national security advisor Michael Waltz, the one who set up the chat and added Goldberg to it in the first place. Lawmakers are, understandably, calling for Hegseth and Waltz to go.
'It does not take much imagination to consider the likely ramifications if this information had been made public prior to the strike – or worse, if it had been shared with or visible to an adversary rather than a reporter who seems to have a better grasp of how to handle classified information than your national security Advisor,' a group of Senators, including Tim Kaine, D-Va., and Elizabeth Warren, D-Mass., wrote to President Trump on Monday.
Another concern is that other officials - including Vice President J.D. Vance and White House Chief of Staff Susie Wiles - were also on the chat but didn't appear to push back against this information being shared on it. Typically, these types of conversations are either conducted in person or using a Sensitive Compartmented Information Facility (or 'SCIF'), not staffers' personal devices
If anything, the leak is encouragement for the likes of China, Russia, North Korea and Iran, all of whom have been building substantial cyber espionage operations in recent years. All will now be emboldened by the Trump crew's inability to use Signal securely. It was only last month that Google researchers warned about Russia targeting Signal accounts of Ukrainian military chiefs. If America's adversaries ever break into the phones of Trump officials, they could well land on a goldmine of U.S. intel and military secrets.
Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964.
(Photo by)
2017 Getty Images
Google has been trying to use AI to process law enforcement requests for user information, but the tech isn't working as well as hoped. Unable to parse cops' data demands and retrieve the right data, it's often made the work of Google staff more onerous than it already was.
With the number of backlogged requests now in the thousands, staff say they'd like some better automation tools, but now sources tell Forbes that 10 of those who were developing the AI have been fired and the future of the software is in doubt.
Researchers at the University of Toronto's Citizen Lab claim to have found more examples of spyware made by Israeli-founded Paragon. The software is being deployed across Australia, Canada, Cyprus, Denmark, Israel, and Singapore. Previously, a number of Italian journalists said they'd been targeted. The researchers also detailed cases where Paragon's Graphite spyware had been used to monitor victims' WhatsApp.
23andMe filed for Chapter 11 bankruptcy this weekend and users' DNA data is now up for grabs. Hackers had stolen information on 7 million users in 2023, leading to a slew of civil cases filed by victims. The company fears it won't be able to afford payouts from those class actions and can avoid that via bankruptcy and a potential buyout.
Tornado Cash got a huge boost this week as the Trump administration removed economic sanctions against the cryptocurrency firm. It had previously been sanctioned after North Korean hackers and other cybercriminals were seen laundering stolen crypto using Tornado Cash's platform, which allows users to 'tumble' their digital currency together and across different accounts . While the Trump administration said it recognized that digital thieves had used Tornado, the potential for cryptocurrency to foster innovation trumped the risk of allowing the platform to remain open to Americans.
Gotbit, a consulting company accused of artificially inflating trading volume in cryptocurrencies for clients, has agreed to forfeit $23 million in seized crypto and immediately cease operations. Its founder Aleksei Andriunin also pleaded guilty to charges of wire fraud and conspiracy to commit market manipulation and wire fraud, the Justice Department announced.
