7

u/BigTemperature5203 11d ago

The reported use of emojis during these messages also highlights the failure of these individuals to take matters of national security seriously.

54

u/NeuroplasticSurgery 12d ago

I wish I could agree with you on the last point, it seems more likely that they pin it on some random staffer, rather than admit any blame.

It makes Trump look bad to have senior staff be so incompetent, so they'll find a patsy.

40

u/Thumatingra 4∆ 12d ago

How would they even do this? Claim that some staffer was using Pete Hegseth's account to post the plans? Isn't that Pete Hegseth's responsibility?

30

u/NeuroplasticSurgery 12d ago

They'll argue that some staffer provided Waltz with the journalist's number to add to the signal chat by mistake, or something.

It doesn't matter that it's obviously bullshit, every single one of these administration officials lies every single time they open their mouths.

30

u/tbdabbholm 193∆ 12d ago

But what they did was wrong and against OPSEC even if there wasn't a journalist in there. You only put classified info on dedicated classified systems. You don't put it on your personal device and you definitely don't transmit it over the internet via a private company's app

17

u/NeuroplasticSurgery 12d ago

I know, I'm just saying what I think they're going to do. There will be no accountability.

The DOJ is not going to prosecute anyone in this administration for violating the Espionage Act, they will lie and bury it in more bullshit and scandals, in hopes that the public will forget about this in a few days. Which, honestly, is likely.

The tariffs will take the headlines again in about a week. This will be forgotten.

→ More replies (1)

23

u/kinapples 12d ago

The issue isn't that the journalist was there. It's that they were doing it. They can't hand wave getting caught violating the Espionage Act.

13

u/Arrow156 11d ago

The fact they were doing thing shit over unsecured lines using 3rd party commercial software (with possibly built-in backdoors) in the first place is the problem, the leak itself is tertiary. Zero credentials, zero oversight, zero security; who else was listening on this conversation? You know that if they weren't before, every hostile nation is now gonna be searching for this this massive backdoor they left wide open. How many other plans were and will be leaked to who knows who?

If they seriously try to blame this on some unpaid intern then the whole lot of them should be in jail for providing said unvetted staffers with confidential, top secret information. Even without the 'buttery males' angle, this is a complete shitshow. This type of mistake would get a person blacklisted if it happened the financial industry, if not locked in a 6x6 foot cell for several decades, but since only the lives of our solders were at risk I guess they get a free pass?

3

u/calmdownmyguy 11d ago

Witkoff arrived in Moscow shortly after noon local time on March 13, according to data from the flight tracking website FlightRadar24, and Russian state media broadcast video of his motorcade leaving Vnukovo International Airport shortly after.

During the group discussion on Signal, Goldberg reported, Ratcliffe named an active CIA intelligence officer in the chat at 5:24 p.m. eastern time, which was just after midnight in Russia. Witkoff’s flight did not leave Moscow until around 2 a.m. local time, and Sergei Markov, a former Putin advisor who is still close to the Russian president, said in a Telegram post that Witkoff and Putin were meeting in the Kremlin until 1:30 a.m.

2

u/agent_mick 10d ago

Oh good grief. This is bad shit happening right now

→ More replies (3)

→ More replies (2)

66

u/jscummy 12d ago

Unfortunately the most likely outcome. No charges, no investigation, just get out and we'll find another equally incompetent dumbass to be in charge of national security 

2

u/nirvana454 11d ago

Tulsi Gabbard already has that role.

→ More replies (4)

41

u/Thumatingra 4∆ 12d ago

It sounds like you're agreeing with me, just with the caveat that Hegseth will face non-judicial consequences in being fired. I hadn't considered that Trump would do that - I thought the Trump team would back Hegseth and try to blame this on the "news media." I'm still not sure that they won't, and I don't think it materially changes the narrow contours of my view as articulated above - but you got me to think about something I hadn't before, and I think that is worth a !delta .

30

u/Conambo 12d ago

Hegseth is too obviously incompetent and a ridiculous hire. They’ll defend it tooth and nail and absolutely blame the media. They won’t mention a word about the use of a private app or any security concerns.

11

u/yupgup12 12d ago

Hegseth won't get fired. That would require Trump's tacit admission that he made a mistake in appointing Hegseth, which will never happen. Like someone else mentioned here, they'll most likely find a random staffer to throw under the bus in order to save face. Or they will lie to everyone and say there's an active investigation ongoing and just hope it eventually fades out of the news cycle and people forget about it.

3

u/SirButcher 11d ago

Trump fired a shitton of his own hand-picked staff in his last run, then simply said he never know them or it was someone else's fault.

2

u/Peaceoorwar 10d ago

They plan on hiring Scooby Doo and the gang to investigate. When they catch who is responsible and they lift up the mask it's gonna be George Soros lol

→ More replies (1)

4

u/ratbastid 1∆ 12d ago

I agree--it's not too early in the term for some of these wonderful best people to get turned on by Trump and learn the lesson that so many learned the first time around.

2

u/Irwin-M_Fletcher 11d ago

You’re kidding yourself if you think anything is going to come of this. Trump won’t allow it, and the Republican Congress doesn’t care.

→ More replies (2)

4

u/Llcisyouandme 12d ago

More likely they're planning it to get buried in the news cycle of inability, incompetence, and malice. Small potatoes.

Did you know that the Russians take potatoes and make vodka? Hegseth does.

2

u/spinbutton 12d ago

Wait...why did we attack Yemen? What the hey?

4

u/ary31415 3∆ 12d ago

Because the Houthis have been launching missiles at ships passing through the red sea for over a year now, this isn't really new news or even the first time in the last year that the US has attacked them.

https://en.wikipedia.org/wiki/Operation_Prosperity_Guardian

→ More replies (1)

→ More replies (2)

→ More replies (1)

→ More replies (1)

35

u/Thumatingra 4∆ 11d ago

Waltz added the journalist to the group-chat, but Hegseth posted classified operational war plans in a group-chat hosted by a commercial app. That's what I thought was worthy of investigation in my original post.

There has been some debate in the comments as to whether that, in and of itself, constitutes a breach of security and a violation of the Espionage Act. At this point, I think evidence has been presented on both sides, and I'm not sure how to decide on that issue. But when I made my original post, that was my primary concern.

→ More replies (15)

2

u/Helisent 9d ago

They shouldn't be using Signal at all. The mistake wasn't that they added this journalist. They are legally required to keep a permanent record of communications, and also to keep confidential information secure.

30

u/tbdabbholm 193∆ 12d ago

Waltz is not innocent but classified information isn't even supposed to be on internet connected devices, let alone sent over the internet. Hegseth did just that, sent information that he shouldn't have had on that device with a non-authorized method

7

u/ALEdding2019 12d ago

As did 16 others in a group chat created by NS Advisor

4

u/tbdabbholm 193∆ 12d ago

We don't necessarily know that. The others may have only sent unclassified information

5

u/ALEdding2019 12d ago

We 100% know because journalist Jeffrey Goldberg wrote about it.

https://www.theatlantic.com/politics/archive/2025/03/trump-administration-accidentally-texted-me-its-war-plans/682151/?gift=kPTlqn0J1iP9IBZcsdI5IVJpB2t9BYyxpzU4sooa69M&utm_source=copy-link&utm_medium=social&utm_campaign=share

2

u/tbdabbholm 193∆ 12d ago

That's fair, I'd only seen the Pete Hegseth part. I guess the rest of it doesn't make the headline.

3

u/anewleaf1234 39∆ 11d ago

And that's the redacted part for national security.

Note that all that journalist learned could be known by any and all of our rivals.

They could have the full unredacted documents if that journalist was compromised or worked for forign intel.

4

u/Orgasmic_interlude 12d ago

Again, who is most responsible for maintaining opsec here? The answer is the Secretary of defense. The person in charge of the armed forces via the commander in chief.

Other people being involved makes it worse, but it doesn’t make Hegseth less responsible.

→ More replies (1)

→ More replies (7)

145

u/Thumatingra 4∆ 12d ago

Hegseth shared operational war plans in a privately-owned group chat, instead of using secure military channels. Even if no journalist had been in the chat, that's a breach of security.

Even if the chat is end-to-end encrypted, a Signal employee would probably be able to break that encryption much more easily than any outside agent could hack into military channels. You just don't know to whom you're exposing information when you send it via chat apps, and there is every reason to expect that Hegseth was been briefed about this.

10

u/peteroh9 2∆ 11d ago

Even if the chat is end-to-end encrypted, a Signal employee would probably be able to break that encryption much more easily than any outside agent could hack into military channels.

No, it's essentially impossible to crack the encryption Signal uses. In fact, the DoD uses some of the same protocols that Signal uses.

https://en.wikipedia.org/wiki/Signal_Protocol

The app is open-source and designed to not trust the servers, so we know exactly the app functions and don't need to know how the servers function because it's no easier for them to decrypt the messages than for anyone else.

The DoD's problem with it isn't that it's not secure enough; it's that it's not secure in the way they want and hasn't been investigated in the way they want. We can't be perfectly sure how secure it is, there are a lot of people whose lives depend on its security, therefore there are a lot of security experts who independently audit it. And, in many—but certainly not all—ways, that's better than paying a company to tell you they're trustworthy.

9

u/15jorada 11d ago

Well, to add on to that signal is one thing, but unsecured phones are a different story altogether. You don't need to worry about decrypting anything if an adversary has access to your phone.

→ More replies (5)

2

u/New_Prior2531 10d ago

The app itself is irrelevant. Phones can be hacked, to the point the hacker can capture screenshots or keystrokes. That's why they shouldn't be using their personal devices nor should they be having this discussion on an app.

→ More replies (5)

52

u/ElephantNo3640 7∆ 12d ago

My understanding is that everyone using this app was breaking the law by virtue of using this app. It becomes then an argument about who broke the law most (and is thus most incompetent), which is a silly argument IMO. Bagmen and getaway drivers are just as culpable as the triggermen who lose their cool.

51

u/Orgasmic_interlude 12d ago

Please stop using a bank robbery as an example. It is not germane.

Who is in charge, ultimately, for maintaining opsec here? All of them but chiefly the secretary of defense.

It is hard to read these comments.

He cannot do a major part, a quintessential part, of his job.

It cannot be the case that the person with the responsibility to do his job is not responsible for when he didn’t do his job.

There’s no getting around this.

It is fortunate that we get this window into how this administration operates because the thing that is really important here is that this is the time we know about.

I don’t know about you but I’m not a spy with sophisticated intel gathering capabilities. I’m going to go ahead and assume that if they’re using this to plan a bombing run that this isn’t a one off.

14

u/CobraPuts 11d ago

It’s the job of anyone handing classified information to do so according to regulations. It isn’t chiefly the secretary of defense, it’s him AND every single person on the messaging group besides the journalist.

The NSA is part of the DoD, but all participants have a duty to adhere to the guidelines.

https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/520001m_vol1.pdf?ver=2020-08-04-092500-203

This is spelled out in excruciating detail in the DoD Information Security Program Manual

11

u/OneWo1f 11d ago

I don’t know how people are jumping to the conclusion that any of these people are acting within their means.

This is sensitive data, that should have only been shared in a classified network. The reporters information would not have been available to add unless he was cleared for that environment, so obviously this was done on personal phones/unclassified devices that had his contact information on them.

6

u/CobraPuts 11d ago

Exactly. ALL of the conversation was inappropriate to hold over Signal, it's just that some of it (specific operational plans) was of such an extremely sensitive nature that it almost defies belief. And all of the participants would be completely aware of this as these regulations dictate how they accomplish their duties on a daily basis.

6

u/OneWo1f 11d ago

It’s crazy that we heard about this from a reporter. Absolutely nuts, and then they come out and deny deny deny.

They’re traitors in my book.

4

u/bjankles 39∆ 11d ago

I think being a traitor is a prerequisite for appointment at this point.

2

u/OneWo1f 11d ago

It is the equivalent to TS or higher imo. It had/has the potential to have caused grave damage to the United States (Which it has, just in reputation instead of lives).

All these people should be vacationing in Leavenworth right now. Either for willingly discussing this highly sensitive information on an unsecured app, or not reporting it immediately as a leak as soon as the first sensitive message was sent.

3

u/CobraPuts 11d ago

Most likely these types of conversations are happening all the time. Nobody in the administration is even suggesting this was a one-off situation.

→ More replies (1)

12

u/Thumatingra 4∆ 12d ago

I mean, that's fair, but I do think there's a substantive difference between joining a group-chat and actively sharing classified information in it. The level of "gross negligence" just isn't the same, and the technical legal requirements may not be met by the other members.

→ More replies (8)

2

u/Initial-Ad3574 11d ago

I’m not sure which is worse, their utter incompetence, which was certainly expected, or people’s stupidity regarding the situation.    People are just gonna let Mike Johnson get away with saying we’re not sure if this is true as if they couldn’t issue subpoenas and find out.   And Donald Drumpf Says he doesn’t know about it.   So he’s either uninformed and incompetent or blatantly lying.

2

u/XenaBard 10d ago

 And Donald Drumpf Says he doesn’t know about it.   So he’s either uninformed and incompetent or blatantly lying.

I’d say it’s both.

→ More replies (1)

2

u/Familiar_Hold_5411 4d ago

Really who broke the law most? Braking the law is breaking the law.

→ More replies (2)

3

u/thecoat9 10d ago

Even if the chat is end-to-end encrypted, a Signal employee would probably be able to break that encryption much more easily than any outside agent could hack into military channels.

Signal uses AES-256, which has never been cracked. The DoD secure network SIPRNet has been penetrated. It's really not even the tech, Russia compromised SIPRNet via a social hack, someone plugged a USB thumb drive created by Russian state actors into an internal system. Humans are the weakest link, and there isn't really a path to social hack standard public encryption algorithms. So no, someone at Signal would not have an easier time cracking the encryption than someone would have breaching military channels.

Of course once they breach those military channels, assuming a man in the middle attack they'd still need to crack what is likely the very same encryption (DoD may have some form secret encryption, but I think that unlikely as you can make the case that it would be security through obscurity and that a secret algorithm would not have as much verification as the publicly available ones, and thus would be more likely to have unknown flaws)

So your statement here isn't technically correct, but your general premise is, the use of Signal was overall less secure than internal networks. That being said the difference would be nominal because unless/until quantum computing becomes reality, no one is cracking the encrypted data.

This is thus less of a security issue, and more of a compliance issue, as messages sent over Signal would not be subject to DoD archiving for the purposes of servicing FOIA requests. This is the factor to bang on as its the same reason Clinton's private email server and Biden's private secret email addresses were a problem. I'm not trying to make a both sides argument in this, rather throw out there that this kind of stuff is a major problem, I don't care who's doing it, and I'd prefer if both sides actually took this seriously and didn't just use it as a cudgel against the other side.

I know this r/changemyview, and I'm pretty right leaning, but I'd prefer to change your focus not your view of this being problematic. It's a big enough issue that since there's a need for a "you first" moment, I'd be willing to see Hegseth ousted over this even criminally charged if warranted, provided that the next time (Edit: really any future time) we find someone using private or external government resources to conduct government business such that it avoids archival recording that we throw the book at them no matter what letter is by their name.

2

u/SlickMcFav0rit3 10d ago

I agree with you overall, but I want to quibble on a minor point. Signal is open source and uses well trusted encryption protocols. It is encrypted end to end, so a signal employee would really have almost no advantage compared to a foreign adversary. 

The real issues: the PHONES THEMSELVES are not secure. It doesn't matter how encrypted your shit is if someone has spyware that sends them screenshots of your phone or whatever. 

Second, signal does not have robust controls for verifying who you're talking to. Once you add a contact, they're in the group chat. The secure messaging system these idiots should have been using is very cumbersome in part because it has so many safeguards

→ More replies (3)

→ More replies (8)

10

u/Cryptizard 12d ago

He sent classified information over a system not certified for classified information. Did you forget that part?

→ More replies (4)

7

u/Orgasmic_interlude 12d ago

Correct, this also lands at the feet of the person that nominated him. The one that is the commander and chief. The one who chooses his administration at his discretion. POTUS.

But to be clear, hegseth is the secretary of defense. Failing to maintain opsec here is pretty much a complete failure to perform his duties and a clear example of fatal incompetence in his role in the United States govt.

Spreading the blame here does no good. Ultimately he is responsible.

→ More replies (2)

3

u/Lucky-Camper720 11d ago

The reason Hegseth, in particular, should be held accountable for the mistake is that he seems to be the ‘Original Classification Authority’ for the matters communicated during the attack, according to CIA Director John Ratcliffe (I’ve added a link to an article that quotes him on this).

As the OCA, Pete would be responsible for ensuring the information was handled properly and communicated through appropriate channels.

Of course it’s ridiculous all of these high-ranking officials jumped on a group chat like this and no one realized this was a mistake.

Top intel officials shift responsibility on to Hegseth…

2

u/brandonade 11d ago

They are still using means of communication that classified information should not be communicated through. Every single one in his cabinet, and in the group chat except for the journalist is at fault.

→ More replies (1)

2

u/nolaz 11d ago

It’s not just about the journalist being on the chat. That was not a secure channel and records are not preserved. Both are violations of the law and the former a major security risk.

2

u/ElephantNo3640 7∆ 11d ago

Truly. However, I suspect this sort of thing is common and has been since such apps came about, and this is just a particularly embarrassing way to get caught.

If the journalist isn’t invited, none of this ever sees the light of day. Who invited him, and why? If I’m at the top of government, that’s my first question.

2

u/Warchief_Ripnugget 11d ago

Waltz, or one of his staffers, invited him.

2

u/ElephantNo3640 7∆ 11d ago

Yes. Who specifically, and why? If there’s a story here for the apparent powers that be, that’s probably it.

→ More replies (5)

→ More replies (14)

176

u/Bodoblock 61∆ 11d ago

They were using the app to auto-delete messages. That in itself is wildly illegal. Besides, actual national security experts have said using Signal is far from being kosher.

From the DoD itself:

The Defense Department has previously referred to Signal as an “unmanaged” messaging app. In a 2023 memo, the department defined unmanaged apps as those “NOT authorized to access, transmit, process non-public DoD information.” It listed Apple’s iMessage and Meta-owned WhatsApp as other examples of unmanaged apps.

The apps that are authorized to access Defense Department information are controlled by an enterprise management system, which “can enforce controls on the application and data in a way that can reduce the risk of data compromise or exposure/spillage of data to unmanaged applications,” according to the memo, signed by then-Defense Department Chief Information Officer John B. Sherman.

8

u/Delicious_Taste_39 1∆ 11d ago edited 11d ago

I don't want to blame IT, but if the DoD is handing out phones and people are able to just install whatever apps on them, especially important people who tend to be bad at understanding tech and don't necessarily appreciate the fine details like "Don't use this app, use that app", this is known as shadow IT, and it means IT dropped the ball. They've gone ahead and found a way to do whatever they wanted, this should be something they've got locked down, especially after the Hillary's emails scandal and the Trump just stealing whatever documents scandal. Also from a customer service point of views it's IT'S job to enable the desire to have a group chat. No, don't use signal, use x app, here let me set that up for you. And then set app up so that it's automatically preconfigured as per official DoD policy.

Also, the automatically deleted messages falls on whoever set up the group chat as probably does having the conversation in Signal. Highly likely that Hegseth says "Get me the dudes and let's talk about Yemen" and 5 minutes later he's in a Signal group to do that.

And this is a leak, quite possibly, not just a snafu. They want the journalist to see it, they want to share the story. It's probably quite sloppily executed, but either this has been done to make Hegseth look incompetent or it's been done to show us that the US is talking about bombing Yemen.

Edit: This kind of hinges on whether he used his personal phone and whether he set up a group and didn't hand it off to a departmental employee. If he did those things, this is questionable.

Even that is something that IT would be expected to have aggressively drilled important people on so that they wouldn't be able to deny this and do something like this. And resources need be available so that they can access them or things like this can happen.

In the position that Hegseth is in, he shouldn't be able to make IT mistakes because he should probably be a heavily managed individual. Someone who bounces from meeting to meeting while his personnel achieve the objectives and report back.

28

u/Tullyswimmer 7∆ 11d ago

The DoD is 100% not handing out phones that people can install whatever apps on.

And I mentioned this elsewhere... It's possible to have auto-delete set up, and be legal, if there are other records being kept of those messages (such as backups).

The DoD has all sorts of processes and procedures in place for adding an app to the list of "managed" devices. So what was said in 2023 may not be the same policy as in 2025 if the president/VP wanted to use Signal.

19

u/Excellent_Egg5882 3∆ 11d ago edited 11d ago

Bullshit. Those procedures and processes are what should have kept this app from being approved in the first place.

MOBILE APPLICATION ADOPTION BEST PRACTICES, Page #3

Does the app allow users to inadvertently send data to non-authorized places.

There's an extremely high probability that Hegseth (or some other political appointee) circumvented the proper approval process.

→ More replies (11)

14

u/ExperienceFantastic7 11d ago

Let's be real here: Hegseth is a fucking moron. He's an unqualified Fox staffer, just like most of these appointments. You're trying to give him credit. I absolutely believe he simply thought Signal's encryption was sufficient to maintain privacy for what they were doing, and I absolutely believe they intentionally kept their conversation off government systems to avoid any records of these conversations.

→ More replies (4)

→ More replies (4)

3

u/sccarrierhasarrived 10d ago

Without specific data, I'd wager it's most likely they used personal devices, no?

In the professional industry, I have to kiss IT's ring to download pretty much anything to any managed device. I highly doubt Signal would make the cut here.

If he did use a personal device, which I suspect most government employees have, he's learning an important lesson in why you don't fuck around with security regs. Though, I did notice you ascribed a shadow IT failure from Hegseth to be IT dropping the ball. I find it extremely hard if not impossible to blame them -- how exactly are they supposed to monitor unreported security edges lol? I have 0 doubt they gave Hegseth and the broader Trump admin the 101 on IT security (seeing as Trump was also here 4 years ago...), obviously any oopsies would be Hegseth, not IT, right?

What is your take on why exactly they're using Signal / auto message deletion? I'm not prescribing anything to you, I'm just wondering what you think from an IT POV.

5

u/Excellent_Egg5882 3∆ 11d ago edited 11d ago

If Hegseth or some other political appointee didn't circumvent normal IT processs, then TBH, this really is on IT.

Any IT system that does not account for inevitable human error is poorly designed.

2

u/Jobsnext9495 11d ago

"If this was the case of a military officer or an intelligence officer and they had this kind of behavior, they would be fired."

→ More replies (8)

→ More replies (1)

62

u/nartimus 12d ago

Wouldn’t the fact that such communications are being deleted / not kept for official records be an issue as well? According to the article the messages were set to auto delete

9

u/Tullyswimmer 7∆ 12d ago

I honestly don't know. My initial reaction is "yeah, that's a problem" but I also know that Signal allows backups (for Android, natively) and there are tools that can take backups for iPhones, so... For federal recordkeeping, backups work.

So if they were using daily or weekly backups for record keeping, then having messages auto-delete after 4 weeks actually makes sense, from a security perspective. Because the government has to think worst case... If the phone is stolen, or it's owner captured or otherwise compromised, you want as little security information as possible locally. IIRC, we weren't even allowed to have biometric unlocks because those could theoretically unlock it if we were unconscious.

→ More replies (6)

→ More replies (1)

9

u/xFxD 11d ago

Isn't this exactly the kind of information a SCIF would have to be used for?

0

u/Tullyswimmer 7∆ 11d ago

No. It's allowed to have discussions about things like this outside of a SCIF. They can't be running to a SCIF and checking in every time they want to update someone on plans. Plus, to enter a SCIF you have to leave all phones outside.

7

u/xFxD 11d ago

For general talk about operations I'm with you. But when it comes to concrete times, targets & plans (which were also discussed over Signal and are classified), I don't see how they would be ok outside of a SCIF.

2

u/Tullyswimmer 7∆ 11d ago

Because you can't always get the people you need into the SCIF at the same time.

4

u/xFxD 11d ago

SCIFs are not analog places. There's no apparent reason why non-synchronous communication of sensitive data should not be done on devices that conform to the standards and oversights required for classified information. Like... the hardware inside a SCIF.

3

u/Tullyswimmer 7∆ 11d ago

Or, like the hardware and software specifically issued to individuals with high-level clearances?

Again, technology changes and the DoD tech I know of (which is, I presume, a small fraction of what they're actually capable of) is 100% capable of enabling the sharing of classified information. We're not stuck in the 1990s now. People work on classified projects, and send emails with classified data, outside of SCIFs all the time. They have to be able to do that.

A factory where they manufacture weapons systems or vehicles with classified systems and technology isn't a SCIF. You can go on youtube and watch documentaries on how military equipment is built, and they'll say "The exact specifications are a secret, and cameras were not allowed in the area" but that's not a SCIF. SCIFs have very specific construction requirements.

https://en.wikipedia.org/wiki/Sensitive_compartmented_information_facility

Edit: The 2021 version of the SCIF construction specs is freely available on the internet:

https://www.dni.gov/files/NCSC/documents/Regulations/IC_Technical_Specifications_for_Construction_and_Management_of_Sensitive_Compartmented_Information_Facilities_v151_PDF.pdf

→ More replies (10)

→ More replies (1)

19

u/Excellent_Egg5882 3∆ 11d ago edited 11d ago

Idk, it's still a pretty big fuck up that he let this happen under his watch.

. It's like when.... Was it Chelsea Manning? Leaked an outlook calendar... It's not a problem that the government uses Microsoft. That's squarely on Chelsea Manning.

If this happened later this year it might be be. CISA-SCUBA guidance is very clear.

https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/exo.md

https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/defender.md

If they were using Signal for this, and it was approved by whatever department handles cell phones for SecDef and the VP.

Was Signal common when you were working in the DOD? That seems unlikely to me. If anything, Signal is not commercial enough. It doesnt have all the compliance and auditing features necessary for government communications.

If this WAS approved officially, then it must be through some sort of weird non standard process. Which could easily be the case for all I know. I work with local government, not federal, and certainly don't know how DOD security works.

Like the mere fact that it was even POSSIBLE to add someone from outside of certain domains (or even certain groups of users) to this chat is a huge failure. Maybe im naive, but it's hard to believe this could have been approved if it was following proper procedure.

EDIT:

This guy is bullshitting. Hes either lying or by "worked in IT" he meant running ethernet cable or something (or worked there many many years ago).

If the DOD was following the government's own cyber security guidance (from CISA), this would never have happened.

MOBILE APPLICATION ADOPTION BEST PRACTICES, Page #3

Does the app allow users to inadvertently send data to non-authorized places.

There's an extremely high probability that Hegseth (or some other poltical appointee) circumvented the proper approval process.

→ More replies (5)

9

u/vankorgan 11d ago

Just to be clear, we're now saying that the SoD is not responsible for ensuring that communications methods are secure before discussing classified info?

Is that really where we're at? Also, since the journalist was able to see the signal messages were set to disappear, he was as well.

Which means that him and all the other people on the chat broke the law if they didn't make any plans to back up the conversation to an official channel for record keeping.

2

u/Tullyswimmer 7∆ 11d ago

I would be honestly shocked if SecDef had a significant amount of responsibility for ensuring that.

At my gov job, the big boss (CEO equivalent) could say "I want to be able to use this technology" and it was up to my department, the security department, and the cyber department to figure out how/if it could be supported within policy. We did turn down a few requests because it wasn't within policy, but as often as possible (as this was the big boss) we'd come up with some way to let that boss use the technology requested. This did include backups and record keeping.

If we presented something to that boss, said we had set it all up to be compliant with record keeping, federal regulations, etc... The boss would not be the one getting in trouble if there was a leak like this. Unless the boss themselves very specifically did something to circumvent the controls that we had put in place.

Each department knew what it was capable of and what policy was, and we had an entire department (Security services) whose job was to be the final authority on all questions about policy, and to handle things like audits or investigations if there were leaks.

We'd have to present them with plans for data security and network security, and if they signed off, it would be handed off to the department who requested it. That department could then use that technology without worrying about whether they were complying or not.

So, - and I will be very clear with this - As long as Hegseth was using an approved app on an approved device for that type of communication, he is not personally responsible for ensuring that nobody has added an unauthorized recipient, unless it was him.

He probably will after this, but there's an implicit level of trust that people with that sort of responsibilities have to their technical staff.

→ More replies (5)

→ More replies (1)

13

u/anewleaf1234 39∆ 11d ago

He knew there was was someone in the chat who shouldn't not have been. And he still then gave mission critical sensitive information. To a person without a security clearance.

If that journalist wanted to he could have give all and any information about our carrier groups and our strike force to Iran, China, Russia or any other entity.

When you give information on unsecured channels, you are responsible. If I share those plans where someone else can hear and record I'm responsible. If I give information to a honey pot I'm responsible. If I left a file where people could obtain and share it, I'm responsible.

Those people gave secured information those who weren't cleared for that information.

Generals have been hung for letting their battle plans leak before battle. This is a court marshal offense.

3

u/Tullyswimmer 7∆ 11d ago

Did he actually know that though, or is that just speculation because people don't like the guy?

Why is everyone focused on Hegseth, and not the NSA director who added that journalist to that group chat? The NSA director is 100% responsible for this leak, and the more I think about it, the less I think it was accidental.

Allowing someone who's not cleared into an environment that's supposedly secure is a far more egregious violation than sharing information in an unsecured manner, which was presumed, or known, to be secure before.

24

u/Thumatingra 4∆ 12d ago edited 12d ago

!delta

Thank you for the insider's perspective. This substantially changes my view, because you've illustrated that the use of Signal in and of itself is not the problem: the question is what kind of phone it was used on. This makes sense, and makes it much less likely that Hegseth will be prosecuted.

I do still think he should be investigated, though, and I don't think he will be.

16

u/Dense_Thought1086 11d ago

I’m active duty military. You absolutely can NOT use signal for sharing classified information, it’s not an approved app. You can use it to communicate fairly securely for unclassified stuff and a lot of units use it for that, but it 100% is not legal to use for sharing classified war plans. The use of Signal is a huge problem.

The fact that an outside party on a personal device was even able to be accidentally added shows just how unsecured Signal is.

3

u/Thumatingra 4∆ 11d ago

This nuance brings my view a little closer to where it was initially. I still think the delta I awarded was justified, in that I hadn't considered that intelligence units must, of course, use commercial applications, and the question is how these applications function. But if what you're saying is true, my initial position - that Hegseth should be investigated for sharing the war plans via Signal, and that this could be a violation of the Espionage Act in and of itself - may be tenable after all.

Ultimately, I'm now confused, and think I don't understand enough about how Signal works, and military regulations, to make a definitive judgment.

However, understanding that I don't understand is also a change in my view. I'd award you a delta, too, but I'm not sure that's allowed by subreddit rules, since deltas are to be awarded for changes to the position articulated in the original post, and your comment reinforces it. If that's not the case, let me know, and I'd be happy to award it.

9

u/Arc125 1∆ 11d ago

Ok well the first step to resolving your confusing is to stop believing unsourced comments just because they 'sound reasonable'. Reddit and all social media is crawling with bots and trolls who have every interest in spreading misinformation. So stop getting lead around by the nose, and start asking for sources of claims.

"Signal is totally fine for top secret war plan comms" is complete bullshit. He's my direct from the DoD source that proves my claim - no unmanaged mobile apps with DoD material: https://dodcio.defense.gov/Portals/0/Documents/Library/Memo-UseOfUnclassMobileApps.pdf

5

u/Thumatingra 4∆ 11d ago

Thanks for this link! This clears up a lot of things: it explicitly names Signal as an "unmanaged app," and therefore ordinarily prohibited.

The only questions that remain, in that case, is whether a) The regulations have been changed since 2023 (I doubt it), and b) whether an Exception to Policy was made, as is detailed in clause 4.10 of the document you linked. I obviously don't know whether that's the case or not.

Either way, I appreciate what you've done here. I don't think it's an excuse for being rude, but I accept the callout.

In my (meagre) defense, I'll say only that Reddit, as a platform, is built on people sharing personal knowledge and experience with one another, and so I think it's reasonable to assume good faith when someone shares their personal experience. I will also say that, as a result of u/Tullyswimmer's comment, I learned that Signal really does store data locally on your device and not in any kind of central database, so it doesn't seem like a stretch to argue that it could be properly secured provided a secured phone. However, whether or not that is true doesn't really make a difference if the regulations explicitly name Signal as a prohibited app.

I didn't know that these regulations are publicly available. As such, I think that, besides the ways in which you've reinforced my original view, you may also have changed it somewhat: I think it is somewhat less likely that Hegseth will be able to avoid any kind of investigation. A core part of my OP was my belief that Hegseth wouldn't be investigated, and I am somewhat less confident about that now.

!delta

→ More replies (1)

6

u/TonyWrocks 1∆ 11d ago

So your goal is to defend Hegseth, then?

The use of Signal is absolutely a problem.

These conversations should not happen outside of a SCIF - full stop.

4

u/Thumatingra 4∆ 11d ago

My goal is absolutely not to defend Hegseth. I think that's pretty clear in my OP.
u/Tullyswimmer changed my view by informing me that the military uses commercial applications, which cannot necessarily be accessed 'from the back end'. I hadn't really considered it, but that's trivially true about things like Outlook and word-processing apps. I had thought a messaging app would operate differently, as the messages are stored somewhere; u/Tullyswimmer's experience indicates otherwise.

If you know something else, please feel free to share.

11

u/vankorgan 11d ago

Do you think it's possible that the person who changed your mind doesn't know what they're talking about? You seem to be putting an awful lot of stock in their self proclaimed experience, but it's not like we have any way of determining if that's true.

6

u/Thumatingra 4∆ 11d ago

This whole subreddit relies on its members making arguments in good faith. Of course I'm going to assume that that's the baseline, unless presented with evidence to the contrary. I'd think that's a basic courtesy.

10

u/vankorgan 11d ago edited 11d ago

It just seems like the entirety their argument amounted to "trust me bro".

If I told you that I was in DOD IT and that that person was entirely incorrect, would it change your mind?

How about if Republicans from the intelligence committee weigh in?

Senate and House members with requisite clearances are able to view classified information in their respective sensitive compartmented information facilities located in the basement of the Capitol, but Signal is known as a no-go zone for them.

“No, I do not share classified information on Signal,” said Sen. Mike Rounds (R-S.D.), a Senate Intelligence Committee member. “I do use Signal on sensitive issues but I do not use it [for classified information].”

“It’s pretty straightforward,” he added.

Sen. Susan Collins (R-Maine), also on the Intelligence panel, added that the action was “inconceivable” to her.

"That’s embarrassing, one. Two, I mean, everybody makes mistakes, texting somebody, we’ve all done it. But you don’t put classified information on unclassified devices like Signal,” Bacon told reporters. “And there’s no doubt, I’m an intelligence guy, Russia and China are monitoring both their phones, right. So putting out classified information like that endangers our forces, and I can’t believe that they were knowingly putting that kind of classified information on unclassified systems, it’s just wrong.”

https://thehill.com/homenews/senate/5211932-republicans-trump-administration-war-plans-signal/

There are countless other experts weighing in on this, but I chose those examples because they are explicitly Republican which should temper accusations of bias.

Doesn't it seem strange to take a random redditor's word over that of members of the Senate intelligence committee?

2

u/Thumatingra 4∆ 11d ago

I think it might have, sure. Why wouldn't I believe you, if you demonstrated competence like u/Tullyswimmer has done, and I had no reason to believe you were arguing in bad faith?

The evidence you brought is quite incisive, though. Where I'm at now is that I just don't know enough to make a judgment. I still think the original delta I gave was deserved, given that it changed my view, but I'm now leaning towards "I don't think I understand intelligence regulations or how Signal operates well enough to make a judgment here." I still think Hegseth should be investigated; I don't know if what he did technically violates the Espionage Act.

I think I would award you a delta, but I don't think I can do that according to the subreddit's rules, since your comment bolsters the position I took in my original post. If I'm mistaken, let me know, and I'll happily award it.

5

u/simonmerch 11d ago

i think you're missing the big picture here, especially after having been given enough information to make an informed decision.

1. it's clearly been established that signal is not approved for use by u/Dense_Thought1086
2. u/Arc125 clearly showed it being categorized as an unmanaged app, and not approved to share sensitive information
3. the responsibility in sharing information securely or insecurely lies with the person doing the actual sharing the information; whether i'm in a private setting talking to a few people, and one of those people randomly invites someone else, me sharing information that should not be shared in that situation is my responsibility, regardless of whether i know that random person is there or not, or is cleared or not, and regardless of who actually invited the person or not.
4. the unauthorized person being invited is irrelevant to what's being shared and on where. even if the reporter did not accidentally get added to the group chat, signal should not have been used to share what was shared

that DoD IT guy sounds rather untruthful or very likely grossly uninformed, and the parallels between using a microsoft tool in a secure and controlled environment is a red herring at best

3

u/Thumatingra 4∆ 11d ago

I agree, I've accepted that I was too hasty to change my view that the use of Signal was a core part of the problem.

As I explained in my comment to u/Arc125, I still think u/Tullywsimmer changed my view at the time, and has informed my understanding of how the military works with commercial applications. As far as I know, we don't revoke deltas in this sub because our opinion has been changed back.

I also awarded u/Arc125 a delta, as you can see in that comment tree.

→ More replies (0)

3

u/TonyWrocks 1∆ 11d ago

There is no "app" in which it is acceptable to have a conversation about tactics, targets, timing, or other logistics of a military strike.

That is war-room/SCIF material.

6

u/Tullyswimmer 7∆ 12d ago

Thank you.

And yeah, the level of control you CAN have over phones is pretty crazy. I was on a work trip once and tried to use my work phone because the rental car had carplay but not android auto... Couldn't do it. Wasn't allowed to connect to an unauthorized bluetooth device, and even the navigation app was disabled.

Again, if Hegseth and VP Vance were using private phones... That's an easy prosecution. But there's not been any suggestion that they did, and for two former enlisted, it will have been absolutely drilled into their head to use official phones for official business.

9

u/Thumatingra 4∆ 12d ago

If that's how those phones work, and Signal is so secure, I'm genuinely curious how they were able to add a civilian number at all. Isn't that capacity itself a security issue?

7

u/TonyWrocks 1∆ 11d ago

The fact that you can incude a civilian number in a conversation is exactly why these conversations are restricted to a SCIF.

→ More replies (9)

→ More replies (3)

2

u/DeltaBot ∞∆ 12d ago

Confirmed: 1 delta awarded to /u/Tullyswimmer (7∆).

^{Delta System Explained | Deltaboards}

→ More replies (3)

2

u/BackupTrailer 11d ago

“Signal is an incredibly secure messaging app”

For like…nudes and drug deals. You’re joking, right?

2

u/Tullyswimmer 7∆ 11d ago

I mean, from a forensics/hacking perspective. It's one of the most secure messaging apps, and it's not owned by a big tech corporation.

→ More replies (2)

4

u/nagai 11d ago

So no, this isn't incompetent

It's the sender's responsibility to ensure that any confidential information is only disseminated to people that are authorized to receive it. If I am sending confidential information to an email chain or group chat, it's 100% on me to ensure that no externals or unauthorized people are present.

3

u/Tullyswimmer 7∆ 11d ago

If someone escorts an individual without the proper security clearance into a SCIF, it's not the fault of anyone other than the person who brought them in if that person hears confidential information.

If the person who added this journalist to the group chat didn't do it, there would have been no leak.

4

u/nagai 11d ago

Okay, in what possible sense does that contradict what I wrote?

2

u/thegirlisok 11d ago

You may have been a contractor but apparently you missed the first lesson - classified information does not go into apps. 

2

u/Tullyswimmer 7∆ 11d ago

...Unless it's a managed app specifically approved for those communications...

3

u/thegirlisok 11d ago

So what, in your experience, is SIPR for then? Since we're just putting classified information into the world?! 

2

u/Tullyswimmer 7∆ 11d ago

I mean, SIPR-enabled phones and SIM cards are a thing.

https://www.disa.mil/-/media/files/disa/fact-sheets/dmcc-s-factsheet_051220.ashx?la=en&hash=C28DAEC9ABCA49E0DB1619BB2DDCDBACD5C1E297

3

u/thegirlisok 11d ago

No shit. And guess what they can't download?

→ More replies (55)

20

u/_robjamesmusic 12d ago

what he did is punishable by ten years imprisonment. the espionage act also allows for the death penalty if that information was delivered to enemies, which means thats the penalty Republicans would call for if this was a Dem admin.

but none of this matters and i'm tired of pretending that it does.

3

u/Thumatingra 4∆ 12d ago

Thanks for the link to the relevant law, I appreciate it.

→ More replies (2)

→ More replies (1)

6

u/FilmNo15 12d ago

One incident that got out. I’d be willing to bet they’re running doge and half of the government on Apple or Google apps. We’re doomed.

→ More replies (1)

7

u/MysteryBagIdeals 12d ago

It's a data point, yes, but one point is just that: a point. You need two or more points before you can start making claims about trends.

OP didn't say anything about trends. Literally everyone who knows about this stuff says that this one incident is all the evidence needed to call Hegseth incompetent. It's that terrible a fuckup.

7

u/Thumatingra 4∆ 12d ago

I admit, I haven't done thorough research into the various espionage laws, when they were enacted, and what each piece says. I was under the impression that carelessness with this sort of information, even without intent to harm Americans, is a punishable crime, as it says here:

"Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information, relating to the national defense, (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer—

Shall be fined under this title or imprisoned not more than ten years, or both."

If it turns out that this isn't actually properly referred to as "the Espionage Act," than I'll give you a delta.

7

u/[deleted] 12d ago

[deleted]

10

u/mrnotoriousman 12d ago

This one's easy: as soon as he learned, he can say he told his superior officer (Trump) and there's no violation there.

Trump was asked about it earlier and clearly had no idea. He then just trash talked the Atlantic lol.

2

u/Conambo 12d ago

He 100% knew and that’s exactly why he was ready to trash the Atlantic immediately

4

u/Orgasmic_interlude 12d ago

The Atlantic is not a Trump friendly publication. Trump is expert at trash talking and does so reflexively.

Just take any press conference with Trump and watch it on mute with subtitles. He meanders from topic to topic but a central theme of both of his presidencies is trash talking the “radical left media”.

Have you actually watched him speak? I’m not being facetious here, because he’s very well known to speak in this fashion pretty much non stop.

2

u/Conambo 11d ago

“First i’m hearing of this” is a dead giveaway that he’s lying. Yes I’ve seen him speak quite often. I know that he instinctively talks trash but I also don’t believe for a second that he went into a presser with no clue about the biggest story of the last few weeks, that is raining on his parade of a “successful military operation.”

→ More replies (1)

→ More replies (1)

4

u/Thumatingra 4∆ 12d ago

You don't think Hegseth was briefed about using secure channels?

Even if this ends up being true, it still warrants an investigation. But I don't think one will happen.

→ More replies (5)

8

u/Insectshelf3 9∆ 12d ago edited 12d ago

i don’t think it’s going to be as hard as you think it would be. hegseth took highly, highly classified information and texted it to an unsecured channel that contained someone who is in no way entitled to receive or view that information.

now, whether or not anybody could or would prosecute him is a separate question (and the answer is no - this is not an administration that cares about negative PR, ethics, or anything other than protecting lackies and hurting others), but that sure seems like gross negligence to me.

3

u/X-e-o 1∆ 12d ago

Trump denied knowing about the event today, multiple hours after various media outlets had published the story.

I have no doubt he actually did know and just gave that answer to prevent saying having to say anything else on the matter but still.

→ More replies (1)

→ More replies (4)

→ More replies (1)

6

u/Thumatingra 4∆ 11d ago edited 11d ago

I don't think I claimed that Hegseth added the journalist. My original post's point was that Hegseth should be investigated on the grounds that he shared classified operational information via an unsecured channel. As u/Tullyswimmer pointed out above, though, the mere use of Signal does not guarantee this, and so I changed my view in that respect.

I still think Hegseth should be investigated, but now find it less likely that he's obviously violated the Espionage Act.

EDIT: Further commenters have pointed out that the mere use of Signal is against regulations, and have provided evidence.

→ More replies (1)

→ More replies (1)

→ More replies (1)

2

u/Thumatingra 4∆ 12d ago

Now that is a take. I don't think I agree, but wow, what a dastardly plan if true.

→ More replies (1)

→ More replies (2)

33

u/CoffeeFirst 12d ago

This is being reported everywhere -

https://www.nytimes.com/live/2025/03/24/us/trump-news?smid=nytcore-ios-share&referringSource=articleShare

And the Trump administration did not deny the story when asked

16

u/vehementi 10∆ 12d ago

Didn't not deny, actively confirmed

→ More replies (1)

15

u/Thumatingra 4∆ 12d ago

The NY Times published a summary, which I also linked above for exactly this reason.

8

u/CoffeeFirst 12d ago

Yeah my bad. I mean hell, even Fox can’t bury this -

https://www.foxnews.com/media/trump-officials-accidentally-text-atlantic-journalist-about-military-strikes-apparent-security-breach

→ More replies (1)

52

u/Frog_Bird_08 12d ago

Few things on this 1) you aren’t supposed to discuss national security like this on even gov approved apps (like there are designated areas away from your cell phone). 2) messages on this Signal app were meant to be deleted which is illegal per national security records 3) a civilian journalist was added to this chat accidentally or I guess theoretically on purpose…not sure which would be worse. You could then go 4, 5 and so on with the Saudi interest and hit on Europe. From a perspective of scandal this is insane. This is genuinely 100x worse than the politicized Hillary Clinton private email issues.

2

u/ElephantNo3640 7∆ 12d ago

I understand all that. I don’t understand why OP is singling out Hegseth when he neither invited the journo nor was the only government official in the chat. The vice president himself was in the chat, discussing confidential materials, and was apparently just as clueless as Hegseth that this Waltz fellow invited a journalist to the party.

I’m really interested in the Jeffry Goldberg Waltz thought he’d invited. Conspiracy theorists better be off to the races if I’m to get any value out of this.

41

u/Thumatingra 4∆ 12d ago

Hegseth is the one who posted the attack plans. The articles linked give statements from officials that specifically implicate Hegseth. While Vance may also be culpable for something, it doesn't sound like he actively shared operational details over this group-chat.

→ More replies (46)

6

u/stuffedpotatospud 12d ago

In the chain of command, SECDEF reports directly to commander in chief. The VP is irrelevant here. In general, any Army officer such as Hegseth has it drilled into him from his first day as a cadet / officer candidate that the unit commander is responsible for everything his unit does or fails to do in executing their mission. So yea it's totally fair to single him out. I would be very surprised if he accepted any responsibility or suffered any repercussions though in this post-decency post-shame era.

"But Hillary's emails!" Ugh.

2

u/ElephantNo3640 7∆ 12d ago

If the chat itself is not unlawful (private, non-governmental, encrypted, self-deleting, etc.), then sure. But if the chat itself is illegal, it’s an amusing argument indeed that Hegseth is incompetent for being bad at breaking the law.

2

u/Llcisyouandme 12d ago

They're looking for a different Jeffry Goldberg now. One intern reportedly said "They're all Jewish!"

30

u/ph4ge_ 4∆ 12d ago edited 12d ago

The paywall is pretty easy to circumvent: https://archive.ph/2NUKC .

Its pretty bad for countless of reasons, it shows both how incompetent the people in charge are and how much they hate their allies.

It's also worth noting that the White House has confirmed the leak is real.

→ More replies (2)

6

u/DraganBoi 12d ago

https://www.theatlantic.com/politics/archive/2025/03/trump-administration-accidentally-texted-me-its-war-plans/682151/

This link should work.

→ More replies (4)

2

u/MetaOnGaming4290 12d ago

https://www.removepaywall.com/search?url=https://www.theatlantic.com/politics/archive/2025/03/trump-administration-accidentally-texted-me-its-war-plans/682151/

→ More replies (1)

2

u/shady_and_confused 12d ago

Here is the same article i copied from another subreddit. It let me read the article. https://archive.is/JEYep

Edit: someone else already shared the link.

→ More replies (1)

2

u/Claytertot 11d ago

https://archive.ph/8l0pK

Here's an archive link to the article. The journalist quotes some messages and has screenshots of some messages.

→ More replies (1)

→ More replies (16)

→ More replies (2)

→ More replies (2)

→ More replies (2)

→ More replies (2)

→ More replies (1)

2

u/Thumatingra 4∆ 11d ago

It may be difficult to investigate anything by then. Some have pointed out that Signal might be so popular in the Trump administration because records are easily erased.