Signalgate lessons learned: If creating a culture of security is the goal, America is screwed Just when it seems they couldn't be that careless, US officials tasked with defending the nation go and do something else that puts American critical infrastructure, national security, and troops' lives in danger. In Signalgate part 3, or possibly 4 — we've lost track — on Thursday it came to light that US Defense Secretary …
or ... do as the Kremlin says, that's what we do!
Here in the Offal Orifice we have great respect and effusive praise for Vladimir Rectum Putin, ever since our Moscow Trump's 2013 Miss Universe pageant, and as the Iranian Students New Agency points out, Putin has always treated us with great respect, and that's a fact!
It's a great honor to be complimented by such a renowned killer and to receive the most wonderful of white trash portrait of our Exalted Fluorescence from this model quarter-century dictator.
We are proud to have dutifully followed FSB recommendations and appointed the most vacant of US madministrations ever possible in terms of cybersecurity, and beyond. We have empty-hair-extensions Kristi Noem at DHS thrusting shadow lover Corey Lewandowski to open things right up for y'all. Meanwhile, empty-suit Amy Gleason's USDS DOGE empowers wannabe lover Elon Musk' brownshirt wankers to masterfully cripple our cybersecurity infrastructure (CSRB, CISA, FedRAMP, Krebs, ...). This in turn helps our empty-soap-dispenser Defense Secretary Hegseth to not have to wash his hands of illegal security protocol-breaking conduct, while empty crossdressing kimono chihuahua Vance keeps barking out Russian propaganda, unimpeded by mother Kremlin tool kindred Director of National Intelligence Gabbard (fully vacant).
Скоро мы все будем говорить по-русски ... it's the Orange Plastic Cheese way ... What's not to like?!?!
" the Atlantic's editor-in-chief"...
Dear El Reg editors: the Atlantic is an ocean. It doesn't have an editor, in chief or otherwise, and it doesn't publish anything.
You're thinking of The Atlantic, a periodical I used to enjoy before they paywalled themselves into, as far as I'm concerned, oblivion.
> ...The Atlantic, a periodical I used to enjoy before they paywalled themselves into,...
I hope this will not derail the discussion - but I can't resist because I share both the experience and the sentiment.
If my livelihood depended on my readers paying to read what I wrote, I would be highly motivated to put in place some cents-per-page payment mechanism, instead of hoping against all hope that flogging the magazine subscription horse will somehow resurrect it.
They have a free daily newsletter: The Atlantic Free Daily which is quite good.
I agree that the paywall model is not ideal, but it's understandable with the whole "pay our people" thing and the reality that advertising revenue is fickle. I would love a "pay per article" mechnism, and even better if that was capped so that once you'd paid enough on the pay-per-article model you'd get the rest of the issue free (the thing costs $80 / year, i.e. $6.67 / month, so charge $1 per article with a cap of 7 articles before the rest of that month's issue at no additional charge).
Yours truly is at the very end of the queue of those that are motivated to defend the high-ranking members of the clown troupe currently occupying the White House and the neighbourhood. But I feel a quote might be in order:
"It is a frequently expressed view among computer security experts that cryptography must "just work", hidden from the user's view and requiring no special understanding or knowledge.
This is a fallacy: without a good understanding of the fundamentals, an end user will invariably make some seemingly trivial error that will, unknown to him, completely subvert the security of the system. Without knowledge of the fundamentals, it is difficult to differentiate between trivial and significant issues, or between minor and critical errors. Without an understanding of the functionality of the hardware devices and operating system components, and without a similar understanding of cryptography, participation in any activity that requires a high level of digital security is, at best, imprudent."
>an end user will invariably make some seemingly trivial error
Such as being the head of the largest military in the world and ordering a private internet connection into your office to avoid the highly secured military ones so you can chat to your political buddies and their friends on Signal / Telegram / some app you found on warez.ru
We've all done it. After I became Emperor of France and became overconfident following my glorious victory at Austerlitz I decided to fight a land war in Asia and invade Russia.
This is a fallacy
I beg to differ. Ideally cryptography should be transparent. Otherwise you have the problem of training the users who will in too many cases turn out to be untrainable. Examples to point -- Hillary Clinton, Donald Trump himself, and -- apparently -- Pete Hegseth.
But cryptography alone can't provide security. It's just one component. There are a bunch of other problems. For example: restricting information to those with a need to know. Or communicating secure information in a timely manner. And cryptography and similar tools are both costly to implement, and costly when, as all too frequently happens, they fail "safe" and folks who need information don't or can't get it.
I think you have misunderstood what they are saying and misapplied that to this situation. This situation is not about cryptography, and the ease of cryptography has nothing to do with the problems involved.
Cryptography itself has to be simple to use or people won't use it. I'm all for teaching everyone in the world about cryptography so they can use better systems, but that wouldn't be feasible and many of the people you could get into your educational centers are going to ignore you because they are the type who don't understand why they have to care about security and intend to ignore this whenever it conflicts with convenience. For people who know and care, there are many systems where the cryptographic mechanisms are conveniently configurable and can be used to create communication channels that have the amount of security they're looking for. For those who care but don't know, there are a lot of resources online to teach them how this stuff works, though some of that might benefit by having less technical versions. For those who don't care and don't know, that's why cryptography has to be built in with little or no user interaction required, because they will not try to do anything about it.
And all of this is completely irrelevant to this situation. Nothing here became possible due to a problem with cryptography. The cryptography in Signal, as far as we know, did exactly what it was intended to do: it encrypted the traffic between participants so that only those invited to the calls could read what was being sent. That's what cryptography is for, and had we made it more manual, they would have either done the same thing manually or they would have sent the same traffic unencrypted which would have been even worse. What is happening here is not a technological problem at all. The two problems involved are:
1. Sending data to the wrong person because they manually mislabeled that person.
2. Sending data to the right person, as in the person they intended to send it to, but someone they really shouldn't have informed.
Technology could try to fix problem 1, but it would have nothing to do with cryptography and might have more downsides than benefits. Technology cannot fix problem 2. Existing human systems can try to fix problem 2, and they did. The person trying to inform people who didn't need to know about military actions was aware that they didn't need to know. He was aware that the systems in use were intended to prevent that data being shared. And that is why he bypassed them. He intended this outcome, and cryptography could not have changed his mind or prevented him from doing what he did.
@doublelayer
OK......but some aspects of technology are obviously problematic.
For example, Signal users (both senders and recipients) HAVE TO HAVE PLAIN TEXT on their end point!!
And when that end point is compromised by MORE TECHNOLOGY (NSO/Pegasus malware), then the whole point of Signal is made useless.
Ask Angela Merkel!!!!!!
You say "Cryptography itself has to be simple to use or people won't use it".
So....to your point......users of technology who would like privacy and security ARE FORCED to be more skilled with technology.
...or else they cannot have privacy or security.
Maybe there will be some future "simple to use" software to solve this problem......but in the mean time users need to understand that a "simple" solution is not available in 2025!
Unless that technology is provided for them.
You have a government provided secure device, configured with the approved messaging systems, pre-configured internal contacts for other staff members' approved devices, and you don't let other apps be installed on them.
The only thing your users need to do is to not use personal devices. Considering how much noise was made about emails a few years back, I would say that they're all quite up to speed with what's a government system and what's a personal system...
"For example, Signal users (both senders and recipients) HAVE TO HAVE PLAIN TEXT on their end point!!
And when that end point is compromised by MORE TECHNOLOGY (NSO/Pegasus malware), then the whole point of Signal is made useless."
And the alternative is? If I control your endpoint, then I have your communications. It doesn't matter if it's encrypted at rest or not (it is for Signal, incidentally, so your plaintext argument is not entirely correct), I can know what it is because it has to be decrypted to appear on the screen and I can grab it then. No cryptography can prevent that from happening. We have lots and lots of writing explaining how to try to prevent your endpoint being compromised in the first place, not that there's a simple, foolproof method of doing that.
"So....to your point......users of technology who would like privacy and security ARE FORCED to be more skilled with technology."
The point of making it simple when possible is to provide those who aren't skilled with technology with some level of protection. As with anything, those who are skilled with technology will get better results out of their technology. This is why, when an option arises to make something more user-friendly, I try to choose it so that more people can benefit from it. Once again, there is no way to simplify everything so that people who don't want to spend ten seconds can use it, but we can make incremental improvements and I suggest we do so.
@doublelayer
Quote: "...No cryptography can prevent that from happening...."
You have missed the point. If users were to do these things:
(1) Set up their own private cryptography protocol
(2) Ensure that ALL encrypt/decrypt processes are done on separate OFFLINE machines
(3) Use any transport they choose ( email, Signal, Telegram.....)
.......then all that turns up on a compromised ONLINE end point......will be private encryption!
Correct, and in that case, you've moved the endpoint. That can be helpful. If, however, someone got malware onto that endpoint, malware which either takes it online without you knowing or uses one of those ways Mordechai Guri is always making for getting data out of a computer that has no standard connections, then you have the same problem. Which is not relevant to the completely unrelated issue of adding a recipient who shouldn't be on the conversation, because whether they used one terminal or two, airgapped or not, is not anything we're talking about in this article or the comment thread you've replied to.
This post has been deleted by its author
This post has been deleted by its author
> Cryptography itself has to be simple to use or people won't use it.
This, I humbly propose, is exactly where we took a wrong turn. Long time ago; shortly after PGP appeared on the scene.
Little Jenny has nothing to hide. Prodding her to encrypt her e-mails only so that those of us who have good reasons to encrypt would not attract the attention of the Chief Magistrate was (a) not entirely ethical and (b) most certainly counterproductive.
A high-level military commander in any normal army does not protect his communications because it is simple to do so, he does it because if he does not, or of he fumbles doing it, he is taken in front of a pockmarked wall and offered his last cigarette.
If there was any way to ascertain the facts, I would offer a reasonable bet to any present that none in the clown troupe under examination could explain the difference between symmetrical and asymmetrical encryption, and outline the challenges of public key verification. If they did, they would not include new members to a communication cluster without performing (in this case not particularly well designed, but serviceable) public key verification by Signal "Safety Number" exchange via a personal telephone call... (Hello, may I speak to the editor-in-chief of The American East Ocean..?)
This, I believe, is the essence of the claim of fallacy in that quote.
"Little Jenny has nothing to hide. Prodding her to encrypt her e-mails only so that those of us who have good reasons to encrypt would not attract the attention of the Chief Magistrate was (a) not entirely ethical and (b) most certainly counterproductive."
I disagree on both points. In most cases, we did no prodding at all. Jenny who chose to use normal email doesn't have encryption in transit, but if Jenny decided to use iMessage because she has an iPhone and so does the person she's talking to, then she gets encryption anyway. She had to do no more work. Many nontechnical people want security and, when it's easy enough like downloading a certain app and remembering to use it, they use it. So I'm not sure there was as much prodding as you're suggesting.
As for its ethics, when we did make encryption and enforce it on people, it is in things like requiring HTTPS to access websites. In which case, enforcing security is ethical because it defends people whether they would have chosen it or not. Bob logs into his online bank account on a public WiFi network, and he doesn't understand or care why there's encryption on that connection? If that WiFi network is logging things, then that encryption prevents him from losing his money. He probably cares about this. Not only would he care if someone explained it and he listened, but since he would complain to his bank and expect them to make up the shortfall if someone did steal it, the techs working for the bank have enough personal interest in preventing it to justify requiring encryption. Once again, the heavy lifting is done by the browser writers and the server admins, not the user, so simplicity made it easy. We did make it a little too easy by advising users to look for the lock icon, meaning they sometimes trust websites as long as they have an HTTPS connection at all, but that wasn't worse than what we had before.
As for counterproductive, I don't see where you get that. Not totally effective is not the same thing. The increasingly common use of cryptography has brought significant improvements. It hasn't prevented people from unintentionally disabling it or doing something it didn't cover (most of which are reasons to increase how many things use it). Nor has it prevented people from doing stupid things they fully understood, which it never will be able to fix. I don't see what negative things it has done and so far, you haven't named a single one. Your arguments have been blaming cryptography for things it has nothing to do with and a user choice argument which, while an interesting philosophical argument, isn't very relevant to cryptography's failures.
For government use - NSA or military staffer, to new president, government officials, etc.: "I have your new secure communications device. If you'll hand me your old phone, I'll transfer your contacts, appointments, alarms, and cough! data files."
(Staffer takes new gov't official's smartphone, hooks it and secure comms device to data exchange box, transfers data, hands over secure comns device, confiscates old smartphone for the duration of the gov't official's term of office.)
"You must use this device for all government communications. This is a condition of you keeping your security clearance."
(Staffer leaves)
New government official pokes at new device. "What is this crap?! There's no app store, no Weatherbug, no stock tracker, no NudiezWallpaper, no OnlineGambling, ... nothing!!"
(Official yells for his/her secretary. "Go buy me a smartphone, model YYYYY." Official then uses newly-bought, insecure smartphone for everything.
You can't fix stupidity or arrogance.
'Must "just work"' is probably wrong in the language of requirements. "SHOULD just work" is better, but when I'm "designing in" security I assume both that the operator knows the reason for the hoops I'm asking them to jump through, but also if they don't, the security maybe lessened but it's not entirely eliminated! In other words, assume the user will make mistakes and you won't go too far wrong!
Mind you, there are mistakes and there's installing a separate network interface....
P.s. I was amused to discover today that Hegseth's efforts to axe large parts of the DoD is his second attempt: back in 2015 he tried to axe part of the US Military Academy ("West Point"). Literally. With an axe. By throwing it. At a cadet. Who he hit.
"Just when it seems they couldn't be that careless, US officials tasked with defending the nation go and do something else that puts American critical infrastructure, national security, and troops' lives in danger."
Maybe, they are careless about the lives and wellbeing of Americans because they genuinely don't care whether Americans live or die?
All security starts with caring about protecting people and institutions.
The disdain of the Orange utan in charge regarding the Americans that risk their lives for their country are well documented. His underlings are no better.
During the pandemic the Orange One was careless about half a million preventable deaths because he didn't care.
Now they are careless about hundreds of thousands of people in jeopardy of dying due to unannounced ending of international medical aid. They are careless with the health of Americans by ending preventive health and ending vaccination and infectious disease programs and R&D.
And they are careless with an economic depression and the hardship it will cause Americans playing with the world economy for some short time kicks.
All this carelessness is because they really, really don't care whether people die in agony or not.
So why would they care about the security of the military? For all they care they enlisted to die anyway.
Or the security of anyone else, but themselves, for that matter.
As far as carting about people being killed, you need only look at the report in the Atlantic of the group chat about the attack on the Houthi's. They were joyous that the 'missile' guy had been seen entering his girlfriend's apartment building and that the building was then completely destroyed. No concern at all for the innocent people killed in it. Yes, I know that there are those who comment on this web site who will complain that I am not showing concern for the people the Houthi's attacked with their missiles in and around the Red Sea. The point is this - Hegseth, Trump, Vance, Waltz et al are doing nothing at all to solve the causes of the problem, they just like killing people in support of Israel, without even once considering that the Palestinians (whose heritage in Palestine is far longer than any white man's in the USA), might also have a just grievance,
(Oh, and before you accuse me of anti-semitism, in the Jewish Cemetery in Prague, in the list of those Jews murdered by the NAZIS written on the walls, my family name occurs 64 times, I counted them myself.)
"Yes, I know that there are those who comment on this web site who will complain that I am not showing concern for the people the Houthi's attacked with their missiles in and around the Red Sea."
Killing random people to placate a "just cause" is nothing but human sacrifices.
Irrespective whether the random people are Houthies, Palestinians, Israeli, Venezuelans, or Salvadorians.
This is a US administration sacrificing humans for fun and profit.
I believe the traditional solution is to simply define those peoples as non-, or sub-human.
Then there is no problem bombing them, except possibly protests from PETA
(It might not work in Britain where defining Palestinians as animals would result in massive popular support.)
This is ludicrously improbable on two counts - firstly the idea of "missile guy" - second the idea of "missile guy's girlfriend".
They simply bombed a random civilian building, there is a degree of information sharing between Yemen and Iran, but also they are using Hypersonic missiles of their own design, they are a technically very advanced society - that's not new https://www.csis.org/analysis/missile-war-yemen
The girlfriend part is simply unlikely in that culture - it gives the immediate stink of bullshit.
Sure buddy - let's double down on bullshit. How's your Arabic - I'm willing to bet it's only one of the four languages I speak more proficiently than you.
Read 1000 and 1 Nights, why don't you recommend Hertzl for some "Orientalism", https://www.theguardian.com/lifeandstyle/2008/may/11/women.humanrights
It's flagged up all over the place by everyone who's got any understanding of Yemen. - e.g..
https://x.com/MaxBlumenthal/status/1905270571090268511This is an important point
A top Ansarallah operative casually entering the home of an unmarried woman living alone is wildly out of place in Yemeni society
Mike Waltz’s claim to have “positive ID” is almost certainly a lie to justify bombing a civilian apartment building
Or
As a woman, it was not considered acceptable for Salwa to live alone, so she moved in with her brother. He quickly arranged for her to marry another man – a stranger who also abused her.https://arabstates.unfpa.org/en/news/child-bride-fearless-face-mask-maker-yemens-safe-spaces-help-women-reclaim-their-lives-0
Or https://www.hrw.org/news/2024/03/04/yemen-warring-parties-restrict-womens-movement
Yemenites are very strict in guarding women for a reason.
prostitution does exist in Yemen as everywhere else.
"Girlfriend" might be an euphemism here
Right so now she's a prostitute, so that's much more likely than the Genocidal racists bombing a random building.
According to you, She's a prostitute in Yemen, so literally the most marginalised person possible without any involvement whatsoever desperately trying to survive in a country where Women have a pretty shitty deal.
I'm unsurprised that you think this would support your position.
The genocidal racists in the US murdered random civilians because they are unable to pressure the Government of Yemen to cease respecting International Law and defending Palestine.
The idea is simply to harm the population to attempt to turn them against the Government, it's a favoured tactic the colonial empires, because willing excuses are always made for White State Terrorism.
The fact that she was murdered by Americans together with many other Yemenites is not made any less repulsive and criminal by who she was or how she lived her life.
Whether she was his girlfriend, his mistress, a relative, his fiance, a prostitute or his wife is irrelevant for the war crime committed.
It is just that women and men in Yemen are not different from women and men everywhere else. And claiming the story isn't true because Yemenites would never do such things is ridiculous.
These things happen in Yemen as everywhere else.
Meanwhile, American and assorted ME armies are committing war crimes and atrocities in Yemen all the same.
It's utter bullshit from start to finish.
It's clear on the face of it, that a country with a deeply evidenced heritage in weapons design doesn't have "A Missile guy" https://www.twz.com/news-features/what-air-defenses-do-the-houthis-in-yemen-actually-have
It therefore follows that it is exceedingly unlikely that the person murdered had any military role whatsoever, or that the people murdered alongside him had any connection to him, or the military.
This leads the entire premise of the information thus far offered as entirely lacking in credibility. If you want to try to deflect from that to suggest a large country has yet to discover sexual behaviour, that's as credible as the US's line of argument.
Again the entire premise is demonstrably bunk, based on the naked racism and butt hurt that people who wear sandals are spanking the US MiC.
It's not in dispute that people in Yemen are people like everywhere else. That's got little to do with the credibility of the situation being posited as how the best bacon is on offer at your local vegan cafe.
Yes people eat Bacon in cafes, but most Vegan cafes don't serve it, so it would seem at the very least to cast doubt on your version of events.
Such as, are you sure it was a vegan cafe? Was it really a "missile guy", or some random civilian, because it's not like the US gives a shit, and what evidence to the contrary can you offer.
Yemen is a large country - missiles are quite complicated things with complex production lines, "what Guy" do you imagine is critical enough to all of that to be worth dropping a building over, and yet have zero effect.
Let's try this idea, if you dropped a random building in Yemen, that would have zero effect on their capabilities, so zero evidence for "Missile Guy" and strong circumstantial evidence for it being complete tosh.
"Let's try this idea, if you dropped a random building in Yemen, that would have zero effect on their capabilities, so zero evidence for "Missile Guy" and strong circumstantial evidence for it being complete tosh."
As written before, it was just a human sacrifice.
In other words, terrorism.
I would agree it's terrorism. I'm not sure about the sacrifice part, but let's allow you poetic license. My point was more it's credulous in the extreme to take the statements coming out of the Trump white house, on military matters as being more well informed than the economic policy.
bombing poor people to support a Genocide https://mondoweiss.net/2025/04/yemen-is-acting-responsibly-to-stop-genocide-and-the-u-s-is-bombing-them-for-it/
The recent list of Targets bombed by the US in Yemen:
1. A cancer hospital in Saada
2. A cemetery in Sana'a
3. A prison in Saada
4. A landfill in Sana'a
5. An oil port in Hodeidah
6. Hodeidah airport
7. A factory in Sana'a
8. The governorate building in Al-Jawf
9. The governorate building in Shabwa
10. The Galaxy Leader ship
11. A popular market in Sana'a
12. An ancient fort in Sana'a
13. Citizen homes across Yemen
Oh and then https://english.almayadeen.net/news/politics/us-military-to-limit-disclosing-details-on-strikes-in-yemen
But, but, her emails....
Fucking hypocritical shitheads.
Not sure about the part where the author says Hegseth's personal computer was attached to unclassified network. Other outlets reported he asked to have Signal installed on his unclassified system. This would be okay, if it weren't for Hegseth's propensity to use it for communication he shouldn't. Really, the asshole shouldn't have a clearance. It goes without saying he's unqualified for SecDef.
Pete Hegseth had an insecure internet connection set up in his office so that he could use Signal on a personal computer
As I wrote to one of the Editors of this august, if not exactly venerable, web site last night*, if I had allowed that sort of thing when I was doing Government IT security, I would have been sacked.
Firstly, the office of the Defense Secretary in the Pentagon will hold information classified TOP SECRET with all the caveats of INTEL, NUCLEAR, SIGINT, etc. Nobody is allowed to enter that room carrying personal IT equipment (mobile phones, smart watches, laptops, tablets, or, I suspect noise-cancelling headphones). There are many articles on the Register and other tech sites and in publications showing how easy it is for an FIS (Foreign Intelligence Service) to hack into unprotected equipment, turn on cameras and microphones and eavesdrop on highly sensitive conversations.
Even assuming that the PC was networked with fibre-optics (to avoid crosstalk with copper cabling), there mere fact that there is a cable (of some sort) that far into the heart of the US Military establishment. This is the most appalling example of arrogance and ignorance where there is a multitude of solid scientific and technical evidence that it is an unacceptable risk outside of climate change denial.
Former Trump associate John Barron reckons that 'August is when you take out the trash' and that Hegseth will be 'let go' then, to avoid suggestions that Trump has caved in to pressure from critics and Democrats. But that must be based only on the assumption that no more egregious errors like this come to light.
*I am not claiming that this story would not have appeared here had I not sent Mr K an email, but merely hoping to encourage others to let the editorial staff know when there is something that is clearly relevant, but which has not appeared yet in their stories.
The Trump administration is a circus show , complete with clowns and their kiddie land !
There's nothing he does or say that can be taken at face value , it's all about more circus , more distractions while he screws the USA for the benefit of his boss Putin. May he and all his " team " rot in hell.
He deserves his place in hell
Any active duty personnel who did what Hegseth has done once would lose their clearance instantly and be facing a court-martial, never mind that Trump's entire 2016 campaign was "lock her up".
It would be funny if people's lives weren't at stake, this drunken clown who only has a job because of fealty to Trump is supposed to be in control of the world's biggest military.
Because the fact US systems are so hopelessly compromised is public knowledge, it follows that Uncle Vlad and the gang can't trust anything they read on it without additional verification.
It's a rather bizarre example of that adage "someone with 2 clocks never knows the time".
If we are incredibly lucky, the Russians will be using "AI" to sift through the petabytes of data they are exfiltrating. Which means they are pretty much handicapped from the off.
(1) Use a privately developed encryption protocol
(2) Make sure ALL encryption/decryption is done on an air-gapped computer
(3) Use any transport available (email, Signal, Telegram......)
So......the snoops get to see encryption (and in the case of Signal and Telegram, they get to see TWO layers of encryption).
NOTES
=====
(a) Also remember that most messages have a value which declines SHARPLY with time
(b) ........which is why the snoops are so INSISTENT on backdoors
(c) Bruce Schneier has published much detail about the engineering of encryption (and sample code)
(d) Daniel Bernstein has published much code (samba20, chacha20, curve25519.......)
Citizens have plenty of help and unlimited opportunities to TAKE PERSONAL RESPONSIBILITY for their own privacy and security............
...............rather than subcontract their responsibilities to Signal or Meta...........
...............just saying!
I'd be a service man of the US Army, I'd be dead furious about this whole signal shamble. Only the personal address of the involved pilots was apparently not leaked in this, all other details were there, including the bloody target ! The top Houti missile guy ! Think about the intel source on the ground who designated the target ! They're already dead or on the run ...
I highly doubt anyone in the army takes the explanation in a relaxed way.
They are the ones risking their lives and they surely understand OPSEC better than the clowns at the Pentagon.
Even the journalists understand Hedsgeth violated every single law/protocol vaguely about military secrets ...
There are other possible explanations; such as it was a planned leak backfiring or that the blob arranged it. For fairly obvious reasons I can imagine the Trumpites thinking the official comms systems are being monitored. Frankly, I would not be surprised if Signal was compromised too, we only have their word it's end to end secure. A lot of social apps have intelligence agency links or funding at some point in their history.
@ChodeMonkey
"Is one defending Ol' WhiskeyLeaks again, Madam? Exactly what qualities of this low-rank, alcoholic adulterer do you find endearing in a senior cabinet role? "Ability" seems to be something he does not have a good supply of, it would appear."
I know you are doing your usual trolling nonsense but I have no idea what you are rambling about this time.
@ChodeMonkey
"Your infatuation with a drunk who was assigned a position"
You seem to have a very low bar for 'infatuation' when I barely talk about the guy.
"without any merit on his part"
Not a perfumed prince but actual soldier. Go on.
"flies in the face of your apparent musings in people being appointed based on merit."
DEI gone and so recruitment massively increased! So seems you are very wrong.
No. You're not getting a one up for 'calling out' what is obviously a hyperbolic comment poking fun at the rate at which you post replies a website you happen to loiter on.
I don't know if you have the time to spend on it because you're signed off work or just languishing in a job where you're not actually useful enough to be needed, but we get that you've picked a side to be angry at and that you relate to anyone that can appeal to that massive chip you have on your shoulder. If only the world full of sheeple were as smart as you, things would've been different. It's not you, it's them.
And you can prove how right you are by googling whatever you like the sound of and then regurgitating it here.
Let's not just ignore the fact that Ameriduh has been compromised from the top to the bottom because of it's addiction and subjugation to social media and the internet. Ameriduh is not only exposing themselves non stop on the internet, but also through business and applications they use daily. Every enemy on earth has complete access to everything at this point. Russia, the middle east, nkorea, now china. All collecting, databasing, manipulating, and what should be a declaration of war type spyops. Ameriduhs are completely out of their ever loving minds right now. They can't tell you what's real and what's not anymore. They are getting investment advice and having vein pumping arguments with AI, and foreign agents. The kids are learning how to cook and drive from the ticky tockys and it shows. There is NO more security. The people who said they could provide it turned out to be the enemy.
Sure, Signal may be pretty secure in its transport, and it is usually easier to compromise one of the endpoints than to attack Signal itself. That is why security-conscious people would at least use a locked-down, dedicated device for such adventures.
However, seeing this whole dumpster fire of security blunders, do you really believe that the "personal device" Hegseth is using on that unsecured line is really protected? To me he seems like the guy who would double-click any attachment named "cute_kitten_videos" and disables the AV because it interferes with his ability to install cracked games.
He probably airdropped a .txt file containing the sensitive info onto his laptop so that he could copy and paste whatever he wanted to brag about to his wife and his hairdresser. And since Hegseth didn't make the one mistake yet that could endanger his job – making Trump look bad in such a way that even Trump notices – this will likely not be the last of these blunders. Only now just about every bad guy on the planet is trying to find out the IP address of his private insecure line or his iCloud username.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
