US special envoy Steve Witkoff did not use Signal on his personal phone while in Russia, according to the White House — as fears grow over Moscow’s repeated hacking of the encrypted app that is front-and-center of a recent leak.
As US officials were discussing a classified strike against the Houthi rebels on a Signal group chat accidentally shared with a journalist, Witkoff, who was in the chat, traveled to Moscow to meet with Russian President Vladimir Putin.
Following reports about the timing and possibility of a security breach, Witkoff said that he did not have access to his phone while in Russia, and joined the “Houthi PC small group” only after he left Moscow.
“I only had with me a secure phone provided by the government for special circumstances when you travel to regions where you do not want your devices compromised,” he wrote on X.
“I had no access to my personal devices until I returned from my trip,” he added. “That is the responsible way for me to make these trips and that is how I always conduct myself.”
White House Press Secretary Karoline Leavitt backed Witkoff’s claims, saying the phone provided to him by the US government “was the only phone he had in his possession while in Moscow.”
Russia has been known to target Signal, an open-source, encrypted messaging app that has been flagged for possible vulnerabilities by the National Security Agency (NSA).
The NSA warned the Department of Defense last month about the risks of using Signal, specifically citing the plague of Russian hacking groups who actively attack the app, CBS reported.
“The use of Signal by common targets of surveillance and espionage activity has made the application a high value target to intercept sensitive information,” the NSA documents read.
The Pentagon previously issued a department-wide memo in 2023 warning staff to avoid using Signal for any nonpublic official information.
“Please note: third party messaging apps (e.g. Signal) are permitted by policy for unclassified accountability/recall exercises but are NOT approved to process or store nonpublic unclassified information,” the memo read.
The NSA’s warning came as Google’s cybersecurity arm found that Russian state-linked hacking groups had managed to sneak into the Signal accounts of Ukrainian military staffers to acquire sensitive information.
The Russian groups had been able to use phones acquired on the battlefield to gain access to the staff members’ accounts, which were then used to send altered “group invite” links to breach more accounts, according to the report.
Signal maintains that its app is secure from hacking, with previous breaches conducted through means of phishing and device-linking.
National Intelligence Director Tulsi Gabbard and CIA Director John Ratcliffe testified on Tuesday that no classified materials were shared in the Signal chat that was shared with Jeffrey Goldberg, the editor-in-chief of The Atlantic.
Goldberg later shared screenshots that showed details about the timing and method for the airstrikes in Yemen were posted to the group.
National security adviser Mike Waltz has since accepted “full responsibility” over the incident, but he has yet to explain how Goldberg ended up in the group chat with top US officials.
Read the full article here
