In a recent turn of events, a Pentagon-wide advisory has emerged, cautioning against the use of the messaging application Signal for any communications, even those deemed unclassified. This advisory follows an incident where high-ranking national security officials inadvertently included a journalist in a Signal chat regarding military operations in Yemen, specifically discussions about bombing Houthi sites.
Security Concerns Raised
The advisory, dated March 18 and obtained by NPR, begins with a stark warning: “A vulnerability has been identified in the Signal messenger application.” The memo elaborates on the threat posed by Russian hacking groups, which are reportedly exploiting the app’s “linked devices” feature to monitor encrypted conversations. Google has also flagged these groups as actively targeting Signal Messenger to spy on individuals of interest.
In light of these developments, a previous memo from 2023, also acquired by NPR, cautioned against using Signal for any non-public official information. A spokesperson for Signal clarified that the Pentagon’s memo does not reflect concerns about the app’s inherent security. Instead, it emphasizes the need for users to be vigilant against phishing attacks, where hackers attempt to gain access to sensitive information through deceptive practices.
“Once we learned that Signal users were being targeted, and how they were being targeted, we introduced additional safeguards and in-app warnings to help protect people from falling victim to phishing attacks. This work was completed months ago,” stated Signal spokesman Jun Harada.
The March 18 memo further specifies that while third-party messaging apps like Signal are permitted for unclassified accountability and recall exercises, they are not authorized for processing or storing non-public unclassified information. This is particularly significant given that the encrypted Signal app was utilized by Defense Secretary Pete Hegseth and other senior officials to discuss sensitive military operations.
In an unusual breach of protocol, The Atlantic editor Jeffrey Goldberg was accidentally added to the group chat, gaining access to discussions that were meant to remain confidential. In military parlance, the transmission of classified data over unsecured channels is referred to as “spillage,” a serious infraction that can jeopardize a military officer’s career.
Moreover, the 2023 Department of Defense memo explicitly prohibited the use of mobile applications for even “controlled unclassified information,” which is significantly less sensitive than information pertaining to active military operations. The sharing of such critical intelligence among the heads of Defense, State, Intelligence, and National Security in an unsecured forum is unprecedented and raises serious questions about operational security.
NPR’s Bobby Allyn contributed to this story.
NPR disclosure: Katherine Maher, the CEO of NPR, chairs the board of the Signal Foundation.
