Summary
The Pentagon warned employees against using the encrypted messaging app Signal due to a potential vulnerability exploited by Russian hackers.
The warning came just before a security breach where top Trump administration officials, including the vice president and defense secretary, accidentally added a journalist to a Signal group chat discussing military strikes in Yemen.
The leak sparked outrage and criticism, though Trump downplayed it as a “glitch.”
Signal stated it was unaware of any unaddressed vulnerabilities.
Honestly a potential vulnerability in signal sounds like bigger news to me than this administrations war planning fuckup.
Its not like this leak is going to cause any accountability.
The Guardian references an NPR article where they discuss the vulnerability as a phishing attack, so it doesn’t seem to be anything interesting after all.
https://www.npr.org/2025/03/25/nx-s1-5339801/pentagon-email-signal-vulnerability
A phishing scheme is exactly the kind of thing those idiots would fall for.
I really want to test this theory.
I think John Oliver did a segment on data brokers and found that people in the Capitol clicked on dubious links.
found that people in the Capitol clicked on dubious links.
My experience is anecdotal, but I personally believe it’s true.
In every job I’ve ever worked somebody in the upper echelons of the company always thought rules (like regarding security) don’t and shouldn’t apply to them. Because they are the Big Boss, don’t you know? Why should they have to follow the same rules as the peons they lord over? How are they supposed to feel a separation between those they control and themselves without being able to ignore rules “for the filthy plebes.”
When I was working in television 20 years ago our station manager took out half our systems for weeks by clicking on suspicious spam emails because he was a fucking idiot. It’s been the same throughline my entire adult life.
I really do think it boils down to that simplicity. It’s like Trump refusing to use a government issued phone during his first term. He’s in charge so it couldn’t possibly apply to him. “I’m the decider” as George W. Bush famously said. This attitude is rampant among the upper echelons of US society, who genuinely think the rules couldn’t possibly apply to them because they (think they) are so important.
In other words, they constantly show their asses because they think they’re above it all and too fucking insipidly stupid to understand why that’s not actually the case. They just got the big, important title of their job, and their eyes glaze over and everything else becomes meaningless. In other words, they truly believe rules are for little people, not for the “people who makes the rules.”
The reason Trump and his ilk are in charge of US society is because these kind of idiots have been constantly elevated and constantly treated like the fucking babies they are, coddled and treated with kid gloves, every single fucking time it happens (at least in the US). There is never serious comeuppance for their abject stupidity, they just keep failing upward.
The reasons why there are so many complete idiots at the top of the chain is another matter entirely, although I absolutely have my own theories about that as well, which once again, are completely anecdotal.
The Peter Principal: they were elevated and promoted to the level of their incompetence.
Except with Trump, being promoted isn’t doing us any favors.
I personally don’t think it’s the Peter Principle at all.
When I was in college in the early 2000’s I had a friend at OSU who was struggling to pay his tuition to finish his Masters degree. To make ends meed, he took up an illicit under-the-table job writing original research papers for wealthy students are more prestigious universities. This way, the wealthy student could never be accused of plagiarism, because it was a wholly original research paper. They got the grade, my friend got paid, and he eventually graduated. He and I often discussed the implications of this job, and he often spoke of his deep misgivings about it and what it meant for society.
In our agreed opinion, it meant for society that since there was an entire underground network of writing original research wealthy students that it meant that many wealthy students at universities like Harvard and Yale had barely any relevant knowledge of their own fields, because they had spent their college years paying for someone else to do the research. Especially at the Masters level and up, where testing becomes basically unimportant and research and writing becomes the centerpiece of the education.
I am of the opinion that this underground system had existed earlier than my friends introduction to it, and the internet had simply made it explode in popularity and ease of access for both the poor students and the wealthy alike. This has led to a society where the poor but masterfully intelligent and educated get their degrees, but from what are less illustrious universities and the wealthy have essentially faked all their credentials to get the best jobs.
That’s not the peter principle at all, that’s just buying your way in and pretending you know what the fuck you’re doing. In my personal opinion, this is much more rampant than the Peter Principle, because I don’t actually see a lot of people being promoted endlessly, especially not the people who were writing the actual papers. Those people seem to be still struggling their way through life as adjunct professors.
Goldberg mentioned that is what he initially thought it was.
ah, yes. typical EBKAC / PEBKAC issue.
If you (well, not specifically you 😁) are old enough, you might remember “I love you” virus.
It worked extremely well on non technical people.
All one needs is something to boost (or question) the ego of all those idiots and the game is over.
I taught my folks through repetition and annoyance to always verify anything that claims to be me or about me, to never click a link in an email but to type in the site, or call the number on the back if a card, etc.
Thank god because they got one of those “your child has been in a horrible accident and is in jail and needs money” calls. They were initially almost fooled but they remembered what I told them. They called me. I was fine.
I also gave them a phrase to use to verify me.
Still, anytime my mom us unsure about something on her phone or computer or whatever she would call me.
Basic security is pretty basic.
Zero trust. Always verify.
So the vulnerability is that people at the pentagon fall for phishing scams. How is this a signal vulnerability? Seems like the memo is dumbed down to scare pentagon employees away from signal
It’s not a Signal problem, this is just bad journalism.
Signal also did an update one month ago to help mitigate phishing https://www.wired.com/story/russia-signal-qr-code-phishing-attack/
To be clear though, phishing was Not the problem in this case. Incompetence was the problem.
It depends on the context. If the pentagon has a chat app that only has authorized people with verified identities and using official devices in it, then using Signal introduces an attack vector that was not there before.
I mean, there are potential ways for Signal to minimize the ability for phishing but that would impede on functions which may be more valuable to users than shrinking the risk of phishing by 10%.
Lol, so WhatsApp and Telegram have the same, by their definition, vulnerability
lol why would Russia need a software exploit to get info from the pentagon?
It is not necessary to use security vulnerabilities for Russia to access all the data they’d like.
Well this administration says Russia doesnt pose a cybersecurity threat at all
Well a predator is just a guest if you give him consent
… but then : how should we call the “Security Vulnerability in Chief” 🤣 ?
People running the government
I wonder if the IT person that had to brief them on why they shouldn’t use Signal, is laughing or facepalming right now.
From my experience, it’s probably both.
Why would they warn about it when Gabbard says that it is pre-installed on federal cell phones? Is their Director of Cyber not qualified? Do they need to get Barron Trump in there?
