mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Server stats:

8.9K
active users

#signalgate

16 posts8 participants2 posts today
Continued thread

Since #Trump returned to office, the #Pentagon has launched an investigation into #leaks that resulted in 3 ofcls being placed on leave [#Signalgate].

It has also required legacy media organizations, including the #NewYorkTimes, the #WashingtonPost, #CNN & #NBCNews, to vacate their Pentagon office spaces in a new *rotation system* that brought in others, including outlets generally friendly to the Trump admin such as the #NewYorkPost, #Breitbart, the #DailyCaller & #OANN.

Continued thread

"While the Department remains committed to transparency, the Department is equally obligated to protect CSNI (#classified #intelligence) & sensitive information - the unauthorized disclosure of which could put the lives of US Service members in danger," #Hegseth said in a memo.

[laughable coming from a guy involved in the PC Houthi group chat & also a chat that included his wife & brother both of which divulged classified military operations over a commercial app. #Signalgate]

Continued thread

A week after that #hack, the #CISA recommended that users "discontinue use of the product" barring any mitigating instructions about how to use the app from #Smarsh.

Jake Williams, a fmr #NationalSecurity Agency #cyber specialist, said that, even if the intercepted text messages were innocuous, the wealth of #metadata - the who & when of the #leaked conversations & chat groups - posed a #counterintelligence risk.

Continued thread

A #CBP spox repeated a past stmnt noting that it had disabled #TeleMessage & was investigating.

Federal contracting data shows that #State & #DHS have had contracts w/TeleMessage in recent years, as has the #CDC. A CDC spox told Reuters in an email that the agency piloted the software in 2024 to assess its potential for records management requirements "but found it did not fit our needs." The status of the other contracts wasn't clear.

Continued thread

Reuters could not ascertain how #TeleMessage had been used by each agency. The service - which takes versions of popular apps & allows their messages to be archived in line w/government rules - has been suspended since May 5, when it went offline "out of an abundance of caution." TeleMessage's owner, the Portland, Oregon-based digital communications firm #Smarsh, did not respond to requests for comments about the #leaked #data.

Continued thread

Some chats did seem to bear on the travel plans of snr govt ofcls. One #Signal group, "POTUS | ROME-VATICAN | PRESS GC," appeared to pertain to the #logistics of an event involving #Trump at the #Vatican. Another appeared to discuss US ofcls' trip to #Jordan.

Reuters reached out to all the individuals it could identify seeking comment; some confirmed their identities but most didn't respond or referred questions to their respective agencies.

Continued thread

One of the intercepted texts' recipients - an applicant for aid from #FEMA confirmed to Reuters that the #leaked message was authentic; a financial services firm whose messages were similarly intercepted also confirmed their authenticity.

Based on its limited review, Reuters uncovered nothing that seemed clearly sensitive & did not uncover chats by #MikeWaltz or other cabinet ofcls.

Continued thread

Reuters identified >60 unique govt users of the messaging platform #TeleMessage in a cache of #leaked #data provided by Distributed Denial of Secrets, a US nonprofit whose mission is to archive #hacked & leaked documents in the public interest. The trove included material from disaster responders, #customs ofcls, several US diplomatic staffers, at least 1 #WhiteHouse staffer & members of the #SecretService.

Exclusive: Hacker who breached communications app used by #Trump aide stole data across US govt

A #hacker who breached the comms service used by fmr Trump #NationalSecurity adviser [& current UN ambassador] #MikeWaltz earlier this month intercepted messages from a broader swath of ofcls than previously reported, potentially raising the stakes of a breach that has already drawn questions about #DataSecurity in the Trump admin.

#TeleMessage #Signalgate #InfoSec #idiocracy
reuters.com/world/us/hacker-wh

Here's how #TeleMessage was hacked:

https:///archive.telemessage.com/management/heapdump

The admin panel used Spring Boot Actuator, which provides debugging features.

The /heapdump endpoint was enabled [no auth necessary], and upon request, responds with:

...a Java heap memory dump with delicious goodies inside. Passwords, messages, content, you name it.

There's no telling what the attackers did after.

wired.com/story/how-the-signal
#Signal #SignalGate @threatintel @privacy @infosec

WIRED · How the Signal Knockoff App TeleMessage Got Hacked in 20 MinutesBy Micah Lee

What #DonaldTrump hasn't heard of:
❌ #SignalGate/ #WhiskeyLeaks I ( #HouthiPCSmallGroup)
❌ SignalGate II ( #DefenseTeamHuddle)
❌ SignalGate III ( #TMSGNL)
❌ Lesotho
❌ #TerryMoran
❌ What #JDVance just publicly said
❌ #Project2025

What #Trump has heard of:
✅ #WhiteSupremacist conspiracy theories about white South African farmers being killed en masse
✅ Immigrants eating cats and dogs in Springfield, Ohio

The ECJ #Pfizergate decision on text messages between Commission's von der Leyen and Pfizer's Bourla bears a lot of similarities to Trump cabinet's #Signalgate. Not that UvdL invited a journalist to a group chat, but that high stakes political discussions have no place over disappearing messages.