Signal uses HTTPS for contact discovery and account registration. Then, it switches to its own Signal protocol to provide end-to-end encryption.
There would have to be some egress rule to allow Signal access from Azure. Signal is a commercial app.
Even if access was allowed from Cloud or some other Defense network, it would still be considered “dirty” as the article says because it’s still going over the Public Internet to a commercial software provider.
Communications are encrypted barring some MiTM attack.
Not a good idea to discuss secret things on an app that isn’t approved for it but is this article reaching a bit?
I think the article is pointing out the obvious. The only way to access Signal is over the public Internet with HTTPS and end to end encryption provided by Signal.
Is it? This circumented the Pentagon's security protocols, presumably disrupting its air gap. This is a national security breach on the highest level, I'd say it's pretty serious and I don't understand why anyone is in the comment section trying to downplay or defend it.
What’s the difference between a breach, a leak, and a spill? It seems like you’re the one reaching here.
https://csrc.nist.rip/glossary/term/classified_information_s...
“ An air gap involves physically isolating a computer or network from other networks to prevent unauthorized access and data breaches. This method creates a literal "air gap" between the secured network and any other unsecured networks. Air gaps are an isolation method crucial for data integrity and security and can be deployed across various industries.”
https://www.fortinet.com/resources/cyberglossary/what-is-air...
What part of what he communicated is classified and what is everyone basing that on? What says it is ?
A breach is when security measures are bypassed and a leak is when information is given to someone who should not have it (a spill is a leak). If he was using an insecure connection for sensitive communications, then the “breach” would be his decision to do that while accidentally including the wrong people in the chat and the “leak” would be Jeffrey Goldberg receiving the messages.
(Just answering the question. They were correct in a very literal way but it seems a bit pedantic. The overall point is moot given what we know.)
Not a fan of using Signal, but we have to accurate about what happened
Hegseth was confirmed Jan 24. https://apnews.com/article/pete-hegseth-defense-secretary-tr...
The attack on Yemen and the group chat was in March. https://www.theatlantic.com/politics/archive/2025/03/signal-...
Its contents were undoubtedly classified.
Oh, a Sea Lion!
No, you're not trying to have a reasonable conversation. You're blatantly attempting a textbook case of sealioning. Everybody can see that. Give it up. You already lost the argument you picked long ago, and now you're just purposefully spamming and harassing people. Please stop it: you're humiliating yourself, and trying to derail this discussion on purpose.
https://en.wikipedia.org/wiki/Sealioning
>Sealioning (also sea-lioning and sea lioning) is a type of trolling or harassment that consists of pursuing people with relentless requests for evidence, often tangential or previously addressed, while maintaining a pretense of civility and sincerity ("I'm just trying to have a debate"), and feigning ignorance of the subject matter. It may take the form of "incessant, bad-faith invitations to engage in debate", and has been likened to a denial-of-service attack targeted at human beings. The term originated with a 2014 strip of the webcomic Wondermark by David Malki, which The Independent called "the most apt description of Twitter you'll ever see".
Also never heard of sealioning before but thanks
I don’t speak for them but one might guess that it’s because this is a public forum and they find the topic interesting. Why are you here?
'secret' means disclosure will 'damage the national security.
'top secret means disclosure will 'cause exceptionally grave damage to the national security'.
political discussions about dealing with world events is probably 'top secret', especially during the deliberation stage. operational information like 'TOT is 1pm local, 4 F18's with LGB's are inbound' is probably considered Secret until the crews return; in which case it is probably considered lower in criticality.
(* or against protocols, etc)
It doesn't matter if he happened to use something that has a solid security model. The problem isn't Signal, it's that he ignored all the rules.
And it does have an impact, as we see in other news, because one failure mode of Signal is that it's super easy to add the wrong people to a group. Which has actually happened. Twice (at least.)
Why didn’t some automated system say “installation of unsecured lines in this building is not possible” or similar
To be course : I didn’t think something so obviously wrong would have been allowed and enabled by several people who made this possible - removing absolutely no accountability from the person who asked for this to happen
Pretty "presumptuous" of you and Hegseth, to try to shift the blame from the Secretary of Defense in the leadership position to someone else.
What about the way Hegseth asked someone at the Pentagon to set up and pay for his own personal makeup studio?
Even though Trump slathers on buckets of orange makeup himself, and Vance wears enough voluptuous smokey eyeliner to give the most progressive Pope a heart attack, Hegseth is breaking the military rules about wearing makeup himself, when the only makeup he deserves to wear is CLOWN MAKEUP.
Excerpts from Army Regulation 670–1: Wear and Appearance of Army Uniforms and Insignia. Headquarters, Department of the Army, Washington, DC:
https://aele.org/law/2005FPAPR/ar-670-1.pdf
>b. Cosmetics.
>(1) General. As with hairstyles, the requirement for standards regarding cosmetics is necessary to maintain uniformity and to avoid an extreme or unmilitary appearance. Males are prohibited from wearing cosmetics, to include nail polish. Females are authorized to wear cosmetics with all uniforms, provided they are applied conservatively and in good taste and complement the uniform. Leaders at all levels must exercise good judgment in the enforcement of this policy.
U.S. Army: According to Army Regulation 670-1, male soldiers are not authorized to wear cosmetics unless medically necessary. The regulation specifies that "males may not wear cosmetics (makeup or perfume) of any kind" while in uniform . This policy is designed to ensure a consistent and professional military image.
U.S. Navy: The U.S. Navy's grooming standards emphasize a neat and professional appearance. While the regulations do not explicitly mention makeup for male sailors, they state that personal appearance should be free of distractions and that the use of cosmetics should not detract from a professional military image. This implies that makeup is generally not permitted for male service members.
U.S. Air Force and Space Force: The Air Force and Space Force have updated their grooming policies to allow more flexibility. However, these updates primarily pertain to female service members. Male airmen are still prohibited from wearing makeup while in uniform. The policies focus on maintaining a conservative and professional appearance.
U.S. Marine Corps: The Marine Corps maintains strict grooming standards, prohibiting male Marines from wearing makeup. The regulations emphasize that personal appearance must reflect the highest level of military image and professionalism.
I am also not suggesting we hold an IT person accountable-
I am only saying there should be rules/systems in place so that if someone else asks for something obviously wrong like this again, there’s a clear stop gap to say “that’s not possible”
Maybe there already is one(several) - if so, then of course the chain of accountability continues to ensnare…
It's a crazy world when the person in charge of the US military is more paranoid about their own government than random people they don't even know.
If you go back far enough in the Twitter archives, you can see where Jack Dorsey basically tells everyone to switch to Signal to communicate with him. Was that the point when they all started colluding on Signal?
Signal has countermeasures for this but no one knows how to use them - it's very much a trust on first use system.
Fine for regular people, not at all fine when you're target number one for every foreign intelligence service on the planet.
Deliberately circumventing security and policy protocols is a bad thing in itself.
https://dodcio.defense.gov/Portals/0/Documents/Library/Memo-...
https://spyscape.com/article/webex-espionage-kremlin-leaks-g...
“A threat actor compromised a mobile app that Ukrainian artillery units used to assist with targeting. The compromise of the app is believed to have allowed the threat actor to monitor the movements of Ukrainian units in order to facilitate military targeting by Russian-backed rebels in eastern Ukraine”
More details https://www.theregister.com/2016/12/22/android_malware_track...
My understanding is that Signal is pretty common in DC, and that private email servers aren't exclusively a Hilary Clinton special.
Wouldn't others have to be similarly dodging network security protocol for their own non-secure communication tools of choice?
I'm not asking because what Hegseth did is excusable, the first offence likely would have led to his termination and charges if he was enlisted.
It is still interesting, though, whether this actually is an outlier or just an article pointing out one case of an individual they want to single out.
[1] https://www.hsgac.senate.gov/wp-content/uploads/imo/media/do...
[2] https://www.cbsnews.com/news/trump-team-transition-agreement...
It would be mighty silly of them NOT to take precautions against their efforts being undermined. Of course this effort of theirs will face attempts to undermine it: it's entirely hostile effort on every level, obviously in service of a hostile foreign power.
Why would they trust they won't be resisted? Not everybody is foolish.
(Maybe the military likes being disconnected from politics, but that's not the setup that political philosophers recommend to preserve democracy.)
If the DOD managed dedicated phones with no apps except Signal, that might be better than whatever they do between SCIFs.
It is much much much more than that.
Maybe if the DoD forked signal, added a way for signal to piggyback off of an existing trust system, then sure.
But I would bet a lot of money that the folks in this signal chat never did the out of band verification.
If you do not do the verification, you’re not in fact e2ee.
There’s a lot wrong with that for discussing classified information but for normal people it’s fine because in most cases you’re going to notice when your friend doesn’t respond or shows no sign of awareness of your past conversations. “Literally useless” isn’t true in any scenario but it’s bad advice for anyone outside of such sensitive situations because it encourages use of apps which aren’t any better or are actually worse (WhatsApp, Telegram, Facebook, etc.).
When someone says e2ee in this context they two “ends” clearly matter here.
Trusting signal, without the out of band verification, does make its primary property useless yes. And for classified information that’s actually dangerous.
The reason I use strong language here is that your comment clearly demonstrates the powers of marketing. People think just because they’re using signal now, everything is a-ok.
Signal always provides E2EE and that is always useful because it reduces the problem to worrying about the other end of the conversation, not all of the intermediaries. That doesn’t mean that you can blindly trust the other end, but that’s always true to varying extent - just because they’re using Signal doesn’t mean that their device hasn’t been compromised or that they are not forwarding messages or blabbing about something you expected to be secret. Signal doesn’t promise anything other than that your messages are secure between you and the other party.
That’s the point to focus on rather than trying to redefine end-to-end encryption. It’s why you want to talk about security in the context of a threat model: Signal is designed for normal people, not high-level government officials working with classified information, where they have entire professions because the problem is fundamentally harder and mistakes can have significant consequences.
So no, forking the client would be necessary.
Trump is the Milli Vanilli of negotiations. "Russia not taking over Ukraine is a concession". He really said it. What a stupid fucking retard.
And no we don't call these a "dirty" line that's something someone made up for the purposes of the article. We call it "unattrib" and it's quite common, serving many useful legitimate purposes.
One thing that I find surprising about the Hegseth case is that most SecDef do not use the computer in their office it all. A couple recent ones still don't even have a computer in there. Normally staff handle 100% of communication and briefing outside of phone calls and video calls. He's clearly still adjusting to the reality of operating within the _confines_ of DoD headquarters.
Also the article's mention of using Wi-fi in the back of his office doesn't make sense to me, there isn't any Wi-fi available in the suite or anywhere nearby.
Great perspective and I thought your comment makes sense.
Where did you find the details on documentation and approval? Would you mind sharing this information?
Is this a euphemism for „VPN“ or is AP going to elaborate what they mean by this „industry standard“
(I’m not able to find the phrase “industry standard”. Where does the article use that?)
tweakimp•2h ago
moomin•2h ago
Tepix•2h ago
Here's a quote by Mitch McConnell (R-Ky), who voted against his nomination:
"Effective management of nearly 3 million military and civilian personnel, an annual budget of nearly $1 trillion, and alliances and partnerships around the world is a daily test with staggering consequences for the security of the American people and our global interests," the senator said. "Mr. Hegseth has failed, as yet, to demonstrate that he will pass this test. But as he assumes office, the consequences of failure are as high as they have ever been."
le-mark•2h ago
trgn•2h ago
detourdog•2h ago
zero-sharp•2h ago
petesergeant•2h ago
Cthulhu_•2h ago
bgwalter•2h ago
Spooky23•2h ago
sofixa•2h ago
What are you talking about, most EU member states have been a part of it from day 1.
Per capita and per GDP some of them have contributed more than the US.
ashoeafoot•2h ago
abm53•2h ago
bgwalter•1h ago
The fact that the figures are polarizing helps, because everyone focuses on the person and not on what is actually happening.
Note that this is speculation, because we do not have full information.
scyzoryk_xyz•2h ago
The EU has it's own agency and it is a perfectly good thing for us to 'take over'.
And that guy is a cable show host.
bgwalter•2h ago
Yes, Germany supplied moderate amounts of weapons in the beginning, so they were involved from the start if you like. Then Nordstream happened, then the previous US administration repeatedly put pressure on Germany and other EU countries to do more:
https://www.cbsnews.com/news/ukraine-tanks-germany-pressure-...
The US policy that the EU should get more involved has been a recurring theme during the Biden administration. Now the EU is begging the US to continue. We do not know if all this is political theater or if Trump really wants to end the war. We might know by the end of this year.
matkoniecz•2h ago
mannykannot•1h ago
The utterly confused picture of what the president is thinking is itself a considerable problem. Political theater would be unconscionable, yet that is mostly what we get.
scyzoryk_xyz•26m ago
We expended much energy internally consumed by internal debates and arguments about who is supplying what, how much, through which channel. As EU member states we're not always aligned and we are different cultures speaking different languages. This has been used against us in the information warfare layer.
I really don't believe you can simplify the entire EU and say we're begging. There are certain capacities that we can't replace, and for decades member states prioritized dismantling our military industrial complex (in perfectly good faith!). Winding up heavy military industrial supply chains can't be an over-night process. And yeah, I believe you're absolutely correct - a lot of this is political theater.
My own personal view: the war won't be over anytime soon. The other side has gone all in on it. Even if they were to slam the brakes it would take years to reduce that momentum. They've had their own internal wars and purges fueling this thing and whatever they do, they would need to have a solid explanation. It's basically a sacred crusade to them.
Now, this might be controversial, but my personal belief is that on some level, we too prefer that the war grinds on. Only as long as it does not escalate into nuclear. It might be a cynical belief, but at this point it's the Ukrainians who are going to have years of real-life warfare experience and the EU wants access to this to learn from.
Anyways, there's a fucking TV host running the US DoD. These aren't serious people. Trump doesn't have nuanced ideas to read into on any of this - he wants to end the war as much as he wants to eat cheeseburgers and have crowds cheer for him. Maybe he'll get that headline, maybe he won't.
That's my two euro-cents ;)
DonHopkins•2h ago
Only if you don't have a leg to stand on or any evidence for your claims. But that doesn't stop most people, the ones who claim they don't want to discuss politics only after trying themselves and failing. They just don't like other people to disagree with them and prove them wrong with tiresome facts and troubling proof. It seemed so easy to get away with on Fox News.
Putin dragged the war into Ukraine and will drag it into Europe next.
bgwalter•1h ago
I'm not sure why you mention Fox News, which does not raise the points that were made in the deleted comment at all.
whizzter•2h ago
TwoNineA•2h ago
exe34•2h ago
thrance•2h ago
crispyambulance•2h ago
If Hegseth gets cut-out, someone equally ridiculous will be chosen to fill that role.
nickdothutton•2h ago
breppp•2h ago
Governments are simply run the same way businesses are now run