There's More to Signalgate Than the Two Chats We Know About: A Deeper Look
Beyond the two Signal chats that have been exposed, there are other very disturbing aspects of insecure practices that need urgent attention and aren't getting it.
Signalgate has, to date, been very focused on the two infamous Signal group chats involving senior U.S. officials, but the real problem appears to run much deeper. This is not just about a few careless texts — it reflects serious structural vulnerabilities at the highest levels of national security. It deserves much greater attention and sustained pressure from the media, watchdog groups, and influencers in the cybersecurity and national security spaces. Following is a Deeper Look at aspects of Signalgate that need to get more attention and scrutiny.
The Der Spiegel Report: Private Data and Passwords Exposed
Days after the initial Signalgate exposure occurred, Der Spiegel broke a startling story that got far less attention than it should have. Der Spiegel reporters were able to determine conclusively that personal data, including phone numbers, email addresses, and even passwords, of several top U.S. security officials appeared online. It appears these include some of the phone numbers attached to the Signal group chat. Among those affected were Defense Secretary Pete Hegseth, Congressman Mike Waltz, and Director of National Intelligence Tulsi Gabbard.
This information is frankly a lot more significant than the original gaffe or putting a journalist in the chat, or the fact they used a Signal chat at all. When you combine the online availability of the phone numbers, emails, and in some cases passwords — with the use of a commercial chat on those very phones and devices—you have a recipe for a major security breach that goes beyond “Signalgate” as we have understood it until now. There is no doubt whatsoever that hostile actors such as Russia, China, and Iran have harvested the same info that the Der Spiegel staff harvested from the internet, and armed with that, could exploit this information in a variety of ways. Alarmingly, there has been little follow-up from mainstream U.S. media, and no formal public accounting of how these passwords and accounts appeared online or what actions — if any — have been taken to mitigate the risks.
The "Dirty Line" and Pentagon Workarounds
Reports have also emerged that Pete Hegseth had an unsecured, non-government "dirty" internet line installed in his Pentagon office. The purpose? To bypass Pentagon cybersecurity controls and enable the use of the Signal app on a personal laptop. This workaround was reportedly devised at least in part because cellphone reception inside the Pentagon is intentionally degraded for security reasons, making mobile Signal use difficult.
Installing a private internet line and using personal devices within the Pentagon - one of the most secure buildings in the world - creates an enormous counterintelligence vulnerability. Were foreign intelligence services were able to intercept communications sent through this channel? Or course we don’t know the answer to that, but the risk is severe. The existence of this "dirty line" has received little scrutiny in the broader conversation. It deserves attention.
The Inspector General Investigation: What We Know
Following public outcry, the Department of Defense Inspector General has opened an investigation. However, the parameters of that investigation appear narrowly focused on whether Pete Hegseth violated internal Pentagon policies regarding handling of classified and sensitive-but-unclassified (SBU) material.
Notably, there has been no indication that the investigation will address the larger systemic risks — including the unsecured line, the exposed passwords and personal data, and the apparent normalization of high-level officials communicating sensitive military planning information over third-party encrypted apps outside of government systems. Without broader investigative mandates, there is a danger that the true scope of the breach will never be fully assessed or addressed.
Continued Scrutiny is Important
The issues raised by Signalgate extend far beyond a couple of reckless chats. They point to a deep erosion of cybersecurity norms, deliberate circumvention of safeguards, and a failure to treat information security as a fundamental pillar of national defense. This is something that should concern everyone — not just hardcore national security curmudgeons. If these behaviors are not subjected to relentless scrutiny and corrected, America’s adversaries absolutely will exploit the gaps. More scrutiny is needed.
Note: This post originated as a result of a tip/suggestion from journalist Cody Shearer. Thank you, Cody. If you have a tip or area you would like me to look into, please feel free to communicate it in the comments or via a direct message.
I believe that Hegseth, Gabbard and Walz should go PERIOD. Not only because of their incompetence but also because of their laissez fair attitude toward national security. What hasn’t been mentioned here, but is of equal or greater concern is the lack of a paper trail of any conversation that should be recorded and given to the National Archives for record keeping. Signal messages literally disappear. There could hundreds if not thousands of messages not recorded and will never be known some of which could be with foreign actors to enrich anyone in the Trump administration. This is all so bad! There should be a wider investigation of security breaches and impeachment, dismissal or jail time for this.
I’ve considered all of these points, and seen varied concerns like this all over social media. None strung together cohesively like this, though. I feel your concern. I wonder too: Is there anything going on in the Pentagon - and White House - that hostile actors do not know?