Signal グループチャット内容の漏洩と NSA

朝起きてトランプ政権に驚かされる事はよくあるけれど、今朝のこれは凄いな。 トランプ政権の重要閣僚がイエメンのフーシ派攻撃計画をシグナルで話し合っており、グループチャットに誤ってThe Atlanticの編集長を招待していたという話。 ゴールドバーグ編集長は最初何かの罠なのか、それともいたずらかと無言で成り行きを見守っていたが、参加者の言動があまりにも「らしい」上に、ユーザーネームが「ピート・ヘグセス」の発言通りにイエメンが爆撃され始めて、重大な国家機密の漏洩に意図せず巻き込まれた事を悟ったと。　1/3 www.theatlantic.com/politics/arc...

[image or embed]

— 鯛猫 (@taineko399.bsky.social) March 25, 2025 at 7:16 AM

“Of course, I didn’t see this loser in the group. It looked like someone else. Now, whether he did it deliberately or it happened in some other technical mean, is something we’re trying to figure out,” Waltz said, without evidence, on Fox News.

“I didn’t hack into anyone’s phone,” Goldberg told ABC News Live anchor Kyra Phillips on Wednesday. “Mike Waltz invited me to Signal and then he invited me to a group. I don’t know how to say it more simply than that.”

The National Security Agency sent out an operational security special bulletin to its employees in February 2025 warning them of vulnerabilities in using the encrypted messaging application Signal, according to internal NSA documents obtained by CBS News.

[…]

The bulletin warned of Russian professional hacking groups employing phishing scams to gain access to encrypted conversations, bypassing the end-to-end encryption the application uses.

The bulletin also underscored to NSA employees that third-party messaging applications such as Signal and Whatsapp are permitted for certain “unclassified accountability/recall exercises” but not for communicating more sensitive information.

It’s common knowledge that the NSA’s mission is breaking into and eavesdropping on other countries’ networks. (During President George W. Bush’s administration, the NSA conducted warrantless taps into domestic communications as well—surveillance that several district courts ruled to be illegal before those decisions were later overturned by appeals courts. To this day, many legal experts maintain that the program violated federal privacy protections.) But the organization has a secondary, complementary responsibility: to protect US communications from others who want to spy on them. That is to say: While one part of the NSA is listening into foreign communications, another part is stopping foreigners from doing the same to Americans.

Previously, it might have preferred to keep the flaw quiet and use it to listen to adversaries. Now, if the agency does that, it risks someone else finding the same vulnerability and using it against the US government. And if it was later disclosed that the NSA could have fixed the problem and didn’t, then the results might be catastrophic for the agency.

WASHINGTON, Nov 13 (Reuters) - China-linked hackers have intercepted surveillance data intended for American law enforcement agencies after breaking in to an unspecified number of telecom companies, U.S. authorities said on Wednesday.

[…]

The announcement confirms the broad outlines of previous media reports, especially those in the Wall Street Journal, that Chinese hackers were feared to have opened a back door into the interception systems used by law enforcement to surveil Americans’ telecommunications.

The biggest risk of eavesdropping on a Signal conversation comes from the individual phones that the app is running on. While it’s largely unclear whether the US officials involved had downloaded the app onto personal or government-issued phones—although Witkoff suggested on X that the program was on his “personal devices"—smartphones are consumer devices, not at all suitable for classified US government conversations.

As long as smartphones are in the pocket of every government official, police officer, judge, CEO, and nuclear power plant operator—and now that they are being used for what the White House now calls calls “sensitive,” if not outright classified conversations among cabinet members—we need them to be as secure as possible. And that means no government-mandated backdoors.

Other governments, possibly including US allies, will now have much more incentive to break Signal’s security than they did in the past, and more incentive to hack US government smartphones than they did before March 24.

For just the same reason, the US government has urgent incentives to protect them.