Mike Waltz claims ‘full responsibility’ for Signal chat group leaked to journalist

[TangoNoCash]

If you are claiming that Signal has been exploited by a MiM attack in the message flow, do please support that.

Sure. Have them hire me and give me admin access and I’ll see what I can put together. I’d also like to point out that one of the message recipients was in Russia. Those messages while encrypted are open for grabs to Moscow. Can they decrypt them? It is possible and there are potential ways hence why this isn’t allowed by policy.

There's more to consider in that than just your declaration of it being so.


I did skim it. You are claiming the contrary. Which part of the policy did you want to highlight?


The date wasn't specified.
Targets were not specified.
Locations were not specified.
Routes were not specified.
Specific units were not specified.

So you think it would have been just fine if they put that on Twitter before or during the attack. No. I think you have your answer.

With out those, you really don't have much an 'attack plan' or 'war plan', or at least you have a next to useless one, which is next to useless for anyone who would try and defend against this plan's execution - no specifics.

Same argument to the previous silliness.

It wasn't 'on public network', it was in a private strongly encrypted chat app with a mistaken invitee, apparently.

Signal is a public network. I don’t care that you don’t understand that.

Given the above, it appears that far more is being made of this than is really there, and I suspect that it is being made more of is strictly political.

I agree youre being political. We both know exactly how you’d react if this was done by Biden. Do you have anything new to add? At this point you’re just circling the drain with desperate arguments that don’t make any sense.

 

[Nickyjo]

Taking responsibility is a good thing.

For the life of me, I cannot understand why Trump administration figures couldn’t simply have said, “Oops! We’ll investigate.” Why the need to bash the journalist (not offering evidence of his misconduct) and the award-winning magazine? I doubt discussion of this would still be going on if we were waiting a report or hearings.

 

[TangoNoCash]

For the life of me, I cannot understand why Trump administration figures couldn’t simply have said, “Oops! We’ll investigate.” Why the need to bash the journalist (not offering evidence of his misconduct) and the award-winning magazine? I doubt discussion of this would still be going on if we were waiting a report or hearings.

You have to question people whose first response is he’s a lying dishonest journalist making all this up. They have to know we are going to find out and those chickens will come home to roost. Now you’ve made yourself a lying imbecile to anyone that isn’t a Trump supporter.

 

[eohrnberger]

Sure. Have them hire me and give me admin access and I’ll see what I can put together.

So no support or CVE specific to a MiM attack on Signal messages. Gotcha.

I’d also like to point out that one of the message recipients was in Russia.

Oh really? Did see that. Do point point to / cite that. I'm interested.

Those messages while encrypted are open for grabs to Moscow. Can they decrypt them? It is possible and there are potential ways hence

why this isn’t allowed by policy.

I've post multiple times the screen grab of the NSA's bulletin which states otherwise.

So you think it would have been just fine if they put that on Twitter before or during the attack. No. I think you have your answer.

That's not what I posted. But you seem to be making shit up as we go along so . . .

Same argument to the previous silliness.

Ignoring the point there. OK.

Signal is a public network. I don’t care that you don’t understand that.

Encrypted Signal messages are on the public network, the Internet, yes.
Further, Signal is a public access app..
But, no, you can't consider the Signal message traffic as 'public' being heavily encrypted, such as in being transmitted in clear text or something equally stupid.

I agree youre being political. We both know exactly how you’d react if this was done by Biden. Do you have anything new to add?

My point behind all this from the very start is that the Dems are so desperate to get their party's collapse off the front page that they are over hyping this, really hard.
This hasn't changed once least bit.

At this point you’re just circling the drain with desperate arguments that don’t make any sense.

I can't help it if you have incorrect and inaccurate impressions. Oh well.

 

[Emlee]

From Jennifer Griffin:

 

[Emlee]

Continued from Jennifer Griffin in post above.

 

[TangoNoCash]

So no support or CVE specific to a MiM attack on Signal messages. Gotcha.

So you have no clue how any of this works or how it could be possibly comprised. Gotcha.

Oh really? Did see that. Do point point to / cite that. I'm interested.




I've post multiple times the screen grab of the NSA's bulletin which states otherwise.

Did you post the full version or the cherry picked one that doesn't include the part that it's not approved for non public information?

That's not what I posted. But you seem to be making shit up as we go along so . . .



Ignoring the point there. OK.


Encrypted Signal messages are on the public network, the Internet, yes.
Further, Signal is a public access app..
But, no, you can't consider the Signal message traffic as 'public' being heavily encrypted, such as in being transmitted in clear text or something equally stupid.

It's public network that anyone can access and use. Encryption is not magic. Improvements in quantum computing which state actors would have access to are becoming increasingly available. That is of course if the bad actors haven't already found a way to comprise one of the devices involved in the call outside of a direct attack on Signal or it's employees. It a bad idea. The proof of that is in the line you consistently forget that say's to not use signal for non public information. Government networks and SCIF's need to be used for these type of exchanges. How this is even debatable is head scratching for sure.

My point behind all this from the very start is that the Dems are so desperate to get their party's collapse off the front page that they are over hyping this, really hard.
This hasn't changed once least bit.


I can't help it if you have incorrect and inaccurate impressions. Oh well.

Obvious partisan bias thing is obvious. I see you.

 

[CaughtInThe]

 

[Metric Mouse]

For the life of me, I cannot understand why Trump administration figures couldn’t simply have said, “Oops! We’ll investigate.” Why the need to bash the journalist (not offering evidence of his misconduct) and the award-winning magazine? I doubt discussion of this would still be going on if we were waiting a report or hearings.

Because Trump is thin skinned and defensive.

 

[Allan]

 

[eohrnberger]

So you have no clue how any of this works or how it could be possibly comprised. Gotcha.

You are making assertions and not supporting them.

Did you post the full version or the cherry picked one that doesn't include the part that it's not approved for non public information?

A link to the scribed document, so yes, the full version which was cited previously in this thread.

It's public network that anyone can access and use. Encryption is not magic.

I never asserted it was 'magic'. (You keep trying to put words in my mouth, and it's not going well for you on that count)

What encryption does is put up a barrier to decrypting the encrypted message into clear text sufficiently high / difficult enough to either be prohibitive, or to take so long that the value of the message becomes nothing.

Improvements in quantum computing which state actors would have access to are becoming increasingly available.

Hmm. While I was aware that quantum computing was still in the labs, I haven't heard that they've made it reliable enough and work well enough for decrypting encrypted messages.

The point that you are raising, that quantum computing i going to significantly change the encryption landscape, is certainly very true.

That is of course if the bad actors haven't already found a way to comprise one of the devices involved in the call outside of a direct attack on Signal or it's employees.

This was what the NSA's bulletin on Signal was all about, the social engineering attack on a user.

It a bad idea. The proof of that is in the line you consistently forget that say's to not use signal for non public information.

You still haven't pointed that out in the NSA bulletin on Signal, nor quoted a different source to support this. I eagerly await.

Government networks and SCIF's need to be used for these type of exchanges.

When the communications contain all the specific, most certainly, but in this case, they really didn't did they?

How this is even debatable is head scratching for sure.


Obvious partisan bias thing is obvious. I see you.

 

[iguanaman]

You are ignoring something very important that Waltz said...that the contact in the Signal app had one person's name and, instead of their number, it had that reporter's number. Yes, Waltz is doing the right thing and taking full responsibility for this happening, but he knows HE didn't do that and you can be damned sure he's going to find out who did.

I would hate to be that person.

Who is taking responsibility for all our top intelligence people engaging in revealing national security secrets on an unsecured chat line? Waltz is the good guy here that revealed the crime to the world. He is not a scapegoat he is a hero.

 

[TangoNoCash]

You are making assertions and not supporting them.

That's because they are security and exploit concepts. You're asking for a specific exploit or vector. I'm only mentioning possible vectors and why policy should dictate that Signal should not be used to exchange information like this. The information I saw in those texts belongs in a SCIFF. End of that story.

A link to the scribed document, so yes, the full version which was cited previously in this thread.

So you saw it was specifically disallowed for non public information. Awesome.

I never asserted it was 'magic'. (You keep trying to put words in my mouth, and it's not going well for you on that count)

Fair enough. In the end it's just math. Math is solvable. Eventually.

What encryption does is put up a barrier to decrypting the encrypted message into clear text sufficiently high / difficult enough to either be prohibitive, or to take so long that the value of the message becomes nothing.

True and what used to take years can now take minutes.

Hmm. While I was aware that quantum computing was still in the labs, I haven't heard that they've made it reliable enough and work well enough for decrypting encrypted messages.

You are kidding yourself if you don't think governments aren't all over this. ALL of them. We are discussing government level communications. Breaking algorithms is quantum biggest use at the moment.

The point that you are raising, that quantum computing i going to significantly change the encryption landscape, is certainly very true.


This was what the NSA's bulletin on Signal was all about, the social engineering attack on a user.

That exists too. Also the possibly of a compromised employee. It's all baked in there. Also why it's disallowed.

You still haven't pointed that out in the NSA bulletin on Signal, nor quoted a different source to support this. I eagerly await.

Not sure what you are waiting for. It clearly says don't use signal for non public information. It's right there.

When the communications contain all the specific, most certainly, but in this case, they really didn't did they?

Point stands. You wouldn't post that on Twitter before the attack would you? Why not? There's your answer right there.

 

[Luce]

When the communications contain all the specific, most certainly, but in this case, they really didn't did they?

Time of launch, time on target, payload, aircraft used, region of use.

Do you not feel that is enough?

 

[eohrnberger]

That's because they are security and exploit concepts. You're asking for a specific exploit or vector.

Yes I am, as I'm skeptical if such a exploits exist in Signal. You are applying concepts without support that they are applicable.

I'm only mentioning possible vectors and why policy should dictate that Signal should not be used to exchange information like this.

The information I saw in those texts belongs in a SCIFF. End of that story.

This assertion is based on what expertise in government classification of information?

So you saw it was specifically disallowed for non public information. Awesome.

I don't recall that being in the cited NSA buliten, and you won't specifically point it out to support your assertion.

Fair enough. In the end it's just math. Math is solvable. Eventually.


True and what used to take years can now take minutes.

Neither point I contest.

You are kidding yourself if you don't think governments aren't all over this. ALL of them. We are discussing government level communications. Breaking algorithms is quantum biggest use at the moment.

Something that's not even made it out of the labs. Hmm.
Do you suppose that there's a black budget line item for Google to build a quantum computer for the NSA?
I'll grant you that maybe there is.

That exists too. Also the possibly of a compromised employee. It's all baked in there. Also why it's disallowed.

The disallowed still contested until you cite and point to what it is you are exactly referring to.

Not sure what you are waiting for. It clearly says don't use signal for non public information. It's right there.

So you keep asserting, but not presenting.
I've cited the screen grab which seems to say the opposite.

Point stands. You wouldn't post that on Twitter before the attack would you? Why not? There's your answer right there.

On Twitter? Oh hell no.
I seem to recall that there are a number of exploits against Twitter which have been made public.
But then, Signal isn't Twitter, is it?
So what is your point standing on again, exactly?

 

[eohrnberger]

Time of launch, time on target, payload, aircraft used, region of use.

Do you not feel that is enough?

What I've seen from the communications didn't contain all of that.
If you can cite where you are getting this from, I'll read it and consider it.

 

[Luce]

What I've seen from the communications didn't contain all of that.
If you can cite where you are getting this from, I'll read it and consider it.

I have seen the texts and all of that information was present.

 

[Luce]

But then, Signal isn't Twitter, is it?
So what is your point standing on again, exactly?

Signal is not an authorized medium for classified conversations.

 

[eohrnberger]

I have seen the texts and all of that information was present.

This not the citation to support your assertion which was requested.

Signal is not an authorized medium for classified conversations.

Again, cite and highlight support of this.
From the previously cited NSA bulletin, clipped a screen grab of the specific statement, it appears to indicate that Signal is permitted by existing policy.
If you have other than this, do please cite and highlight it. I'll read it.

 

[Luce]

This not the citation to support your assertion which was requested.

Here Are the Attack Plans That Trump’s Advisers Shared on Signal

The administration has downplayed the importance of the text messages inadvertently sent to The Atlantic’s editor in chief.

www.theatlantic.com

Non-paywall link

Signal war plans chat: Read leaked texts in full

The United States launched a fresh wave of attacks targeting the Houthi group in Yemen beginning on March 15.

www.newsweek.com

Again, cite and highlight support of this.
From the previously cited NSA bulletin, clipped a screen grab of the specific statement, it appears to indicate that Signal is permitted by existing policy.
If you have other than this, do please cite and highlight it. I'll read it.

Pentagon issued Signal warning before Trump war group chat leak: Report

The Pentagon warned March 18 how Russian hackers use Signal, a week before Goldberg said he was added to a Trump admin group chat.

www.newsweek.com

 

[eohrnberger]

Thank you. As I promised, I've read them.

Here Are the Attack Plans That Trump’s Advisers Shared on Signal

The administration has downplayed the importance of the text messages inadvertently sent to The Atlantic’s editor in chief.

www.theatlantic.com

Yup. That's pay walled.

Non-paywall link

Signal war plans chat: Read leaked texts in full

The United States launched a fresh wave of attacks targeting the Houthi group in Yemen beginning on March 15.

www.newsweek.com

This article doesn't list the messages and points back to The Atlantic's article.
So we are forced assume the writer's descriptions of the messages are accurate?
I'm skeptical that making this assumption is prudent, given the number of anti-Trump hoaxes MS journalists have inflicted, as established by their track record.
It is quite likely that the journalist in question is over hyping what the messages contained, tooting his own horn.

Does this particular journalist have a background in, or experience or expertise with, government information classification?

Pentagon issued Signal warning before Trump war group chat leak: Report

The Pentagon warned March 18 how Russian hackers use Signal, a week before Goldberg said he was added to a Trump admin group chat.

www.newsweek.com

This again, references the social engineering aspect, not a technical vulnerability in the application.

The email warns that these hacking groups embed "malicious QR codes in phishing pages" or conceal them in group invite links. After gaining access via the codes, the groups add their own devices as a linked device and can then view every message sent by the user in real time and bypass the "end-to-end encryption."​

From another thread on a related topic, but specific to this discussion:

If it's possible that the reporter was on the call because his number was inadvertently added through a computer glitch, it would seem reasonable to have computer pros look into it. Don't you agree?

Agreed on the computer glitch, but I'm still more leaning to a fat finger keyboarding error, but that too, computer people are good at finding out.
That said, I'm still not convinced that this is proper tasking for Musk and DOGE.

IMHO fat fingering on the keyboard even more likely than the result of social engineering one of the chat members.

 

[Luce]

This article doesn't list the messages and points back to The Atlantic's article.

Scroll further down.

Starts with

 

[eohrnberger]

Scroll further down.

Starts with

View attachment 67562530

OK. The Newsweek article which I'm looking at does not have that on the page.
But who knows what web page filtering the the IT boys in corporate are doing.
I'll have to look on my home computer to see if it display that, before I comment on that any further.

 

[Luce]

OK. The Newsweek article which I'm looking at does not have that on the page.
But who knows what web page filtering the the IT boys in corporate are doing.
I'll have to look on my home computer to see if it display that, before I comment on that any further.

Fair enough.

 

[ElChupacabra]

For the life of me, I cannot understand why Trump administration figures couldn’t simply have said, “Oops! We’ll investigate.” Why the need to bash the journalist (not offering evidence of his misconduct) and the award-winning magazine? I doubt discussion of this would still be going on if we were waiting a report or hearings.

Sure you can. Once you remember these are petty, vengeful people it all makes sense.