The title really lacks context. The “person in Russia in the group chat” is Witkoff, the US official in charge of the situation in Ukraine and the Middle East
That is definitely the context needed. Not sure though if he needed to know the exact details of the battle plans whilst in Russia. Still feels like a slight lack of control of sensitive information. Albeit it’s not as bad as forgetting you had a journalist in the same chat.
Hillary was crucified over emails on her own server. What these guys are doing is way worse by using a commercial platform to transmit sensitive information.
Even without going to this signal usage as a comparison. Musk’s DOGE department is literally doing the exact same thing that Hillary did, but with more security holes.
Conservatives have no real principles. They happily engage in behavior they criticize - it’s all just about political attacks, its never about substance.
I keep seeing Hillary’s server brought up to highlight the red team’s hypocrisy, but there’s some introspection to be had for us as well on that topic.
Hillary’s email server was one of many stepping stones on the path of increasingly fucked infosec. Now, the vast majority of neanderthals foaming at the mouth over her emails only gave a damn about it because of the (D) next to her name, but those idiots getting angry at it for the wrong reasons doesn’t mean it wasn’t a big deal.
My perspective on all that when the story was first breaking: I was fairly new e-nothing junior enlisted medic in the USAF. The closest thing to classified info I ever dealt with was ‘confidential’ medical shit covered by HIPAA, and like people’s social security numbers. That’s it. But even with zero-access to military secrets, at the absolute rock-bottom of the chain of command, I still had to take lengthy infosec courses every year (or every quarter? idr) to ensure I knew how to identify and properly handle classified information. Fuckups in infosec are NOT tolerated: like if I took a single page of classified info home without authorization, that’d be a court martial / potential jail time / stripped of rank / dishonorable discharge level offense. Then we have a fucking Secretary of State - someone who handles classified info all the time and should be a subject matter expert on the do’s and don’ts of it - running her own shady-ass server away from the prying eyes of FOIA, claiming to not recognize classified indicators?? Then before anything could be done about it, we got the whole bleach-bit and hammer-to-harddrives scene, so some nice destruction of evidence as the cherry on top.
100% we should have crucified her.
Just like we should have crucified the dipshits before her using private email platforms like gmail or some shit to send or receive official / classified communication. Every one of those fuckers knew better.
Then Trump happens and makes everything prior, Hillary and all, look like fucking j-walking compared to the scale and blatancy of his crimes. ‘Crucified’ doesn’t even begin to describe what needs to happen to that fucking traitor.
…but the dismissiveness regarding the email server does kinda strike a nerve for me - she fucked up BAD, and we dropped the ball by not holding her accountable, as that left the door open for dipshits like Trump to continue the trend of worse and worse infosec.
Again, it’s peanuts compared to Trump - I hate writing shit like this for even the flicker of a possibility of drawing a false equivalence. There is no equivalence here. But I really wish we’d collectively change our tone about handwaving the ‘buttery males!’ shit because it is hypocritical to do that and then get pissy about the red team’s conceptually-similar-albeit-orders-of-magnitude-more-severe fuckups.
At the end of the day, we should expect our leaders to do their job and do it correctly. If they don’t, then get angry - it’s your security they’re playing with. None of them get the benefit of the doubt, regardless of which color their campaign stickers are.
Very well articulated response. I fully agree with you. My original comment does imply that what Hillary did was not as bad as Trump. However, such comparison should not be used to downplay what she did.
While what they did is really really stupid, and funny given how much of a stink was made over Hillary’s emails. On a technology level, I would trust Signals encryption way more than I would whatever random email server software was running that server that Hillary had. If they were going to do something as stupid as they did, they picked about the best tool to do that stupid thing with that you could choose.
Not sure though if he needed to know the exact details of the battle plans whilst in Russia.
Through an unsecure platform, no less.
There really is no excuse for any of this. And they are denying that a chat existed, or that any classified information was posted, or that there were even plans to attack anyone… imbeciles. Every single one.
Unsecure, meaning not an authorized channel for this type of classified discussion to have even be taken place.
Signal is still “secure” in the sense that it uses encryption, etc.
But as with personal emails, which may also use encryption, is it NOT a secure way (i.e. not the proper method of communication) for sharing highly classified war plans.
Republicans railed on Hillary for the whole server fiasco, but this is magnitudes more damaging to the competency of the administration, and for national security.
Or said differently: signal will probably resist attempts to hack the chat, but it won’t resist the “beat him with a wrench til he unlocks his phone” strategy. That’s why secure comms for governments are usually done in a secure room in an embassy, on hardwired devices.
It’s a complete lack of control of sensitive information. Signal should never be used for this. No phone app can make the security guarantees necessary for this level of detail.
Possibly, but by private company owned chat? Also while in a foreign country known to be hostile to the US. If you apply this logic it smacks of lack of thought towards control of sensitive information which is pretty much the incompetence this administration has shown since well a long time.
Also, they’re using Signal to dodge FOIA requests, as well as subpoenas, which was recommended by the project 2025 leader Vought last year to hide their illegal activity
To be clear, the Signal protocol has not been cracked. Russia has been using phishing attacks to get victims to link their signal account to a device Russia controls.
Please don’t spread FUD. That memo does NOT claim Signal has been compromised by Russia.
The actual claim is that Russia has used deceptive e-mail style tactics to trick people into authorizing a malicious “linked devices” request. This is a social engineering vulnerability, not a technical one.
No doubt on a personal device, surrounded by hostile cell towers and WiFi hotspots and being bombarded with who knows what kind of state-level malware.
It’s not like they need to break signal; if they can clandestinely screencap, keysniff etc then this chat was completely pwned regardless of how secure it was between TCP endpoints
This is not even a conversation that should be happening on a government issued smartphone in a hostile foreign country.
The title really lacks context. The “person in Russia in the group chat” is Witkoff, the US official in charge of the situation in Ukraine and the Middle East
That is definitely the context needed. Not sure though if he needed to know the exact details of the battle plans whilst in Russia. Still feels like a slight lack of control of sensitive information. Albeit it’s not as bad as forgetting you had a journalist in the same chat.
Hillary was crucified over emails on her own server. What these guys are doing is way worse by using a commercial platform to transmit sensitive information.
Even without going to this signal usage as a comparison. Musk’s DOGE department is literally doing the exact same thing that Hillary did, but with more security holes.
Conservatives have no real principles. They happily engage in behavior they criticize - it’s all just about political attacks, its never about substance.
It’s about making the rich richer
I keep seeing Hillary’s server brought up to highlight the red team’s hypocrisy, but there’s some introspection to be had for us as well on that topic.
Hillary’s email server was one of many stepping stones on the path of increasingly fucked infosec. Now, the vast majority of neanderthals foaming at the mouth over her emails only gave a damn about it because of the (D) next to her name, but those idiots getting angry at it for the wrong reasons doesn’t mean it wasn’t a big deal.
My perspective on all that when the story was first breaking: I was fairly new e-nothing junior enlisted medic in the USAF. The closest thing to classified info I ever dealt with was ‘confidential’ medical shit covered by HIPAA, and like people’s social security numbers. That’s it. But even with zero-access to military secrets, at the absolute rock-bottom of the chain of command, I still had to take lengthy infosec courses every year (or every quarter? idr) to ensure I knew how to identify and properly handle classified information. Fuckups in infosec are NOT tolerated: like if I took a single page of classified info home without authorization, that’d be a court martial / potential jail time / stripped of rank / dishonorable discharge level offense. Then we have a fucking Secretary of State - someone who handles classified info all the time and should be a subject matter expert on the do’s and don’ts of it - running her own shady-ass server away from the prying eyes of FOIA, claiming to not recognize classified indicators?? Then before anything could be done about it, we got the whole bleach-bit and hammer-to-harddrives scene, so some nice destruction of evidence as the cherry on top.
100% we should have crucified her.
Just like we should have crucified the dipshits before her using private email platforms like gmail or some shit to send or receive official / classified communication. Every one of those fuckers knew better.
Then Trump happens and makes everything prior, Hillary and all, look like fucking j-walking compared to the scale and blatancy of his crimes. ‘Crucified’ doesn’t even begin to describe what needs to happen to that fucking traitor.
…but the dismissiveness regarding the email server does kinda strike a nerve for me - she fucked up BAD, and we dropped the ball by not holding her accountable, as that left the door open for dipshits like Trump to continue the trend of worse and worse infosec.
Again, it’s peanuts compared to Trump - I hate writing shit like this for even the flicker of a possibility of drawing a false equivalence. There is no equivalence here. But I really wish we’d collectively change our tone about handwaving the ‘buttery males!’ shit because it is hypocritical to do that and then get pissy about the red team’s conceptually-similar-albeit-orders-of-magnitude-more-severe fuckups.
At the end of the day, we should expect our leaders to do their job and do it correctly. If they don’t, then get angry - it’s your security they’re playing with. None of them get the benefit of the doubt, regardless of which color their campaign stickers are.
[/rant]
Very well articulated response. I fully agree with you. My original comment does imply that what Hillary did was not as bad as Trump. However, such comparison should not be used to downplay what she did.
I won’t argue against that either, the whole administration is just pure incompetence.
While what they did is really really stupid, and funny given how much of a stink was made over Hillary’s emails. On a technology level, I would trust Signals encryption way more than I would whatever random email server software was running that server that Hillary had. If they were going to do something as stupid as they did, they picked about the best tool to do that stupid thing with that you could choose.
I think you’re forgetting the part where they added random people to the group chat.
Through an unsecure platform, no less.
There really is no excuse for any of this. And they are denying that a chat existed, or that any classified information was posted, or that there were even plans to attack anyone… imbeciles. Every single one.
How is Signal unsecure?
Unsecure, meaning not an authorized channel for this type of classified discussion to have even be taken place.
Signal is still “secure” in the sense that it uses encryption, etc.
But as with personal emails, which may also use encryption, is it NOT a secure way (i.e. not the proper method of communication) for sharing highly classified war plans.
Republicans railed on Hillary for the whole server fiasco, but this is magnitudes more damaging to the competency of the administration, and for national security.
Unsecure ≠ Insecure
Unsecure in this context generally means not in compliance with military and classified security practices and procedures for “securing” information.
Signal is secure in the sense of being strong end-to-end cryptography.
Or said differently: signal will probably resist attempts to hack the chat, but it won’t resist the “beat him with a wrench til he unlocks his phone” strategy. That’s why secure comms for governments are usually done in a secure room in an embassy, on hardwired devices.
It’s a complete lack of control of sensitive information. Signal should never be used for this. No phone app can make the security guarantees necessary for this level of detail.
Well I mean, if anyone needs to know, it’s him, right?
Possibly, but by private company owned chat? Also while in a foreign country known to be hostile to the US. If you apply this logic it smacks of lack of thought towards control of sensitive information which is pretty much the incompetence this administration has shown since well a long time.
No, it’s much worse than that. The Pentagon announced not long ago that Signal has been compromised by Russia.
Hate to link reddit here, but this comment does a good job of explaining how damaging this really is:
https://redlib.freedit.eu/r/politics/comments/1jjn8qk/atlantic_editor_suggests_hes_open_to_sharing/mjoedt4/#mjoedt4
Also, they’re using Signal to dodge FOIA requests, as well as subpoenas, which was recommended by the project 2025 leader Vought last year to hide their illegal activity
To be clear, the Signal protocol has not been cracked. Russia has been using phishing attacks to get victims to link their signal account to a device Russia controls.
Please don’t spread FUD. That memo does NOT claim Signal has been compromised by Russia.
The actual claim is that Russia has used deceptive e-mail style tactics to trick people into authorizing a malicious “linked devices” request. This is a social engineering vulnerability, not a technical one.
No doubt on a personal device, surrounded by hostile cell towers and WiFi hotspots and being bombarded with who knows what kind of state-level malware.
It’s not like they need to break signal; if they can clandestinely screencap, keysniff etc then this chat was completely pwned regardless of how secure it was between TCP endpoints
This is not even a conversation that should be happening on a government issued smartphone in a hostile foreign country.