Signalgate is far from over

Remember last week? When The Gang That Can't Chat Straight (TGTCCS) accidentally included The Atlantic's Jeffrey Goldberg in their 'Let's bomb the shit out of the Houthis' emoji fest?

This already feels like it happened a long time ago, in the condensed soup version of dystopia through which we now slog, where every day brings forth an absurd new horror. Let's annex the North Pole! Place a tariff on oxygen! Declare Trump's desiccated corpse president for life!

The Ruling Junta would very much you to forget this scandal ever happened. But it won't, and the reason is simple. This wasn't a one-time oopsie. These guys (and Tulsi) are natural-born fuck-ups. It's going to happen again, and again, and again. In fact, it already has.

About 24 hours after this scandal broke, Der Speigel reported that personal contact information and passwords for key members of TGTCCS was found flapping in the breeze on the Interwebs.

Most of these numbers and email addresses are apparently still in use, with some of them linked to profiles on social media platforms like Instagram and LinkedIn. They were used to create Dropbox accounts and profiles in apps that track running data. There are also WhatsApp profiles for the respective phone numbers and even Signal accounts in some cases.... Hostile intelligence services could use this publicly available data to hack the communications of those affected by installing spyware on their devices. It is thus conceivable that foreign agents were privy to the Signal chat group in which Gabbard, Waltz and Hegseth discussed a military strike.

Or they could just read The Atlantic. Pretty sure Iran's Ministry of Intelligence can afford a subscription.

Then it turns out that National Security Advisor Mike Waltz is a big fan of Venmo, but doesn't know how to set his transactions or friends list to 'private'. Per Wired:

A WIRED analysis shows that the account revealed the names of hundreds of Waltz’s personal and professional associates, including journalists, military officers, lobbyists, and others—information a foreign intelligence service or other actors could exploit for any number of ends, experts say.... The Venmo account under Waltz’s name includes a 328-person friend list. Among them are accounts sharing the names of people closely associated with Waltz, such as [Walker] Barrett, formerly Waltz’s deputy chief of staff when Waltz was a member of the House of Representatives, and Micah Thomas Ketchel, former chief of staff to Waltz and currently a senior adviser to Waltz and President Donald Trump.

'Yo, great party last week, bro. Really appreciate you laying out for the beers. Remember those nuclear secrets you were talking about? I have some followups.'

Wait, we're not done yet. Per yesterday's Washington Post:

Members of President Donald Trump’s National Security Council, including White House national security adviser Michael Waltz, have conducted government business over personal Gmail accounts, according to documents reviewed by The Washington Post and interviews with three U.S. officials. ... A senior Waltz aide used the commercial email service for highly technical conversations with colleagues at other government agencies involving sensitive military positions and powerful weapons systems relating to an ongoing conflict, according to emails reviewed by The Post. While the NSC official used his Gmail account, his interagency colleagues used government-issued accounts, headers from the email correspondence show.

Unencrypted email services such as Gmail are often compared to post cards, in that anyone who intercepts these messages can read them before they reach their final destination. [1] Or, in the words of Pete 'Just one more for me, bartender, I'm driving' Hegseth: "We are currently clean on OPSEC."

UPDATE #1: I am informed by fellow tech journo Rob P., who is clearly smarter than I am, that Gmail messages are indeed encrypted in transit. It’s still a really stupid and highly insecure way to communicate classified (or ‘sensitive’) information.

I'm willing to bet folding money Waltz's password is "password" and that it's written on a Post-It note stuck to his screen, just in case he forgets.

A dozen years ago, Israeli security firm the NSO Group released a sophisticated piece of spyware named Pegasus that could compromise your smartphone simply by sending it a text message. Opening that message allowed an attacker to see everything you did on that device, without you ever suspecting. Over the years it's been used to target activists, journalists, and diplomats as well as alleged bad guys.

Want to spy on conversations happening today at the highest levels of US national security? You don't need Pegasus. All you need is Google.

The spies who logged me

There is no universe in which Waltz, Hegseth & Co. have not already been compromised by at least one foreign intelligence service, and probably all of them. By now, the FSB, RGB, ISS, and every other hostile spy agency know the amount of Pete Hegseth's bar tab and the cup size of Waltz's mistress. [2]

The knock-on effects of this are both easy to anticipate and sobering to contemplate. If you worked for a friendly intelligence agency — say, the UK's MI-6 or Australia's SIS — would you be willing to share sensitive information with these clowns? The Five Eyes Alliance is basically dead. We're on our own here, which just exponentially increased the risk of another major attack on our country, as well as exposing our nation's intelligence and military personnel to even greater harm.

I'm under no illusion the Republican eunuchs in Congress will do anything about this, while the Democrats drink Bloody Marys and discuss cures for electoral dysfunction.

So it's been up to journalists -- and, I might add, mostly technology journalists -- to keep the fires under this administration's feet toasty. As Techdirt's Mike Masnick points out, there are a lot of questions we still need answers to.

To these I would add some questions of my own. Did we really bomb an apartment building full of innocent people just to kill one guy? Who was this 'high value target'? (If they named him, I missed it.) [3] And, aside from inspiring a lot of 🔥 emojis, what did this "successful operation" really achieve? [4]

Masnick concludes:

If the White House (and Congress) won’t investigate, then the media must. The administration clearly doesn’t care if we know they’re wielding national security laws as political weapons while ignoring actual security breaches. But the public should care deeply about this cynical abuse of power. When national security becomes just another partisan cudgel, we’re not just undermining the rule of law — we’re creating a system where real threats to national security go uninvestigated while manufactured scandals consume years of attention and resources.

He’s not wrong.

UPDATE #2: Politico is reporting that that our crack NatSec team conducted at least 20 extremely sensitive conversations on Signal, despite being specifically warned against using the app by the Pentagon. No word yet whether editors from Weekly World News, The Onion, or Mad Magazine were accidentally added.

The shitshow that never ends

I get it. There's so much shit flying in every direction these days it's all one can do just to duck. It's really hard to decide where to focus one's rage. But if there are any issues that could possibly bridge the divide between the Red Hats and the those of us who live on Planet Reality, it's the attempts to shred the social safety net (as I detailed in last week's screed) and threats to national security.

After all of this, anyone who still believes the political appointees cosplaying as national security leaders can be trusted with our most dangerous secrets (or pretends to believe that for ass-covering purposes) is someone you probably can't have a rational conversation with. But there has to be a lot more people who don't, and some might even be willing to change their minds about how things are going so far. That's why we all need to keep turning up the heat.

Is it hot in here, or is it just gross incompetence at the highest levels of government? Share your thoughts in the comments or email me: [email protected].

[1] Yet another excellent reason to ditch Gmail and adopt an encrypted email system, like the one I just switched to: Proton Mail.

[2] My money is on Laura Ingraham, and C.

[3] Per MSN: "National Security Advisor Mike Waltz, in public remarks to CBS News the weekend after the March 15 strikes, said the first wave killed 'their head missileer'." Is that like a Mouseketeer, only for rockets?

[4] The most recent victim count is 61 dead, 139 injured from this and subsequent attacks on the Houthis. Wasn't Trump supposed to be the 'peace' candidate? Or did that get tossed into the dumpster along with his cure for inflation?