The war plan the U.S. Defense Department sent via Signal to the Atlantic magazine

  • DNS Benchmark v2 is Finished and Available!
    Guest:
    That's right. It took an entire year, but the result far more accurate and feature laden than we originally planned. The world now has a universal, multi-protocol, super-accurate, DNS resolver performance-measuring tool. This major second version is not free. But the deal is, purchase it once for $9.95 and you own it — and it's entire future — without ever being asked to pay anything more. For an overview list of features and more, please see The DNS Benchmark page at GRC. If you decide to make it your own, thanks in advance. It's a piece of work I'm proud to offer for sale. And if you should have any questions, many of the people who have been using and testing it throughout the past year often hang out here.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.

  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

S

stevesr0

Member
Mar 9, 2024
14
1
Hi,

I am looking forward to a discussion of the recent preannouncement of a strike plan by the U.S. Secretary of Defense which was circulated via the signal tool to a list which included the Atlantic magazine!? This apparently WAS NOT a hack, but was sent out by the Department.

Side comments in press articles discussing this screwup indicate that signal use is discouraged by the Defense Department because the program is “hackable”.

Such a juicy topic for Steve, I would think.
 
I had only looked at the notes when I wrote that.

I did find his comment technically interesting. A media source I read before seeing his post basically said that signal is not considered to be adequately secure as a protocol. And that outside hackers could break its encryption

Steve’s take was different - he said the insecurity lay in using devices (and presumably means of communication) which could be infiltrated by spyware which could grab the material before it was encrypted on the senders’ devices and on the recipients’ devices after decryption.

As to the wisdom of having a preannouncement conference which (apparently) involved the use of mobile devices, he said basically it was an important lesson for the Trump administration to learn.

From the responses by republican politicians and the officials involved, they didn’t seem to me to have any interest in admitting they screwed up. It will be interesting to see if they continue to do so.
 
It was intentional to avoid FOIA discovery. That's why a screenshot shows that the conversation was set to disappear messages after a week.
 
Hi Clev,

Hmm, that sounds like the Trump team was thinking,

“Let us send our bombing plans to the editor of the Atlantic Monthly. That will prevent us having to release them after the fact under those lousy freedom of information act orders.”

I don’t understand how that makes any sense.

Are you being funny?

If so, sorry, I lost my sense of humor a long time ago…
 
<SIGH>

About 25 years ago I was called in to track an intruder on the network. The director of security, a retired air force intelligence officer, made sure we followed a strict protocol, including no cell phones or wireless devices of any kind. He kept us in line.

These guys? Amateur hour, even compared to our primitive measures at the time. Enough said.

</SIGH>
 
The issue here is about controls on the adding of numbers to a distribution list, and about the ease with which an individual message can be forwarded, or shared on other channels. The messaging protocol of signal is not the problem.
 
  • Like
Reactions: fibar
Steve's response to this issue on the last Security Now episode seemed to be pretty reasoned and make sense; basically learn from the issue, realized Signal encryption is not breakable (at least now) but phones are the weak point. He pointed out that when an employee makes a mistake and learns from it they and the employer are better for it. Interesting that so many concerned about the disclosure of this information don't blame the fact that the information was provided to the Atlantic rather than notifying the group and not making the information public. Think there was a political reason for that?
 
  • Like
Reactions: JimB
I agree with fibar that Steve’s comments was “reasoned”.

As to the disclosure of the information being “political”, i am not sure what that means.

Since the info was real time apparently, it’s publication was really after the fact, that is, did not obviously impact on the success of the bombing. (Unless folks working with the houthi targets were also on the distribtion list for the texts <g>.)

The publication —as i understand the story — was done AFTER discussion with administration folks, who specifically DIDN’T tell the editors NOT to publish the story.

Given that, it seems to me that it was a worthwhile story to publish and in the public interest, since, hopefully it does cause the Administration to act more competently.
 
It seems to me that reporter was added to the text chat due to a design flaw in Signal - it allows duplicate nicknames. If you have two nicknames and both are "JG" then it is an accident waiting to happen. Can't imagine why the software allows duplicate nicknames.
 
The first problem was government employees conducting government business on a commercial service out of government control.

The second problem is the government content.

The third is the lack of keeping a record of government business.

This leads to the fourth thing, the non-government content - the denigrating disrespectful content.

But considering that somehow the US has put a convicted felon in charge of 'the law', what can anyone expect?
 
  • Dislike
  • Like
Reactions: JimB and CSPea
Vote against. I've never voted 'for' anyone. Regardless,
the comment "the US has put a convicted felon in charge
of 'the law'" is an observable fact by anyone worldwide,
not necessarily a US voter. Signal is inappropriate for
government employees to conduct government
business over, it's civil if not criminal misbehavior, an
enlisted soldier would be courtmartialed, but
presidential appointees, not so much, considering the
civil and criminal conviction the president brings with
them into office. Consider the subject here: "The war
plan the U.S. Defense Department sent via Signal to the
Atlantic magazine". Such behavior definitely would have
landed an enlisted soldier in the brig. The perpetrators
weren't stupid; they intentionally wanted no
discoverable legal government record of their
government activity chat, a chat that denigrated and
ridiculed allies. That there are no negative personal
ramifications of discovery anyway is a testament to the
acceptance of lawlessness starting from the top on
down. Apparently Steve Gibson noted something like it
was an important lesson for the Trump administration
to learn. Yet stevesr0 ( SpinRite v0 beta tester from the
1980s ? ) suggested "From the responses by republican
politicians and the officials involved, they didn’t seem
to me to have any interest in admitting they screwed up".
Because behaving according to law is antithetical to
convicted criminals. As I wrote, "somehow the US has put
a convicted felon in charge of 'the law', what can anyone
expect?" It's not a vote for or against thing, considering
the many people who knowledgeably and knowingly
voted for a convicted criminal for whatever reasons.
Perhaps those who voted for a convicted felon would
also like to get away with similar behavior. So "Tell me
who you vote for without telling me who you vote for"
could go either way.
 
If we start with the facts - the US has put a convicted felon in charge of 'the law' - all
subsequent "what went wrong?" questions seem already pre-explained.

So "The war plan the U.S. Defense Department sent via Signal to the Atlantic magazine"
seems to be just the cascade of destiny given the starting point:

the US has put a convicted felon in charge of 'the law'.

Does anyone here on the GRC tech forums have a technical analogy to that, something
that would incisively illuminate the situation?
 
  • Dislike
Reactions: JimB
>>the US has put a convicted felon in charge of 'the law'

Nobody believes you. That's not your "reason". If you took that stain and moved it from one party to the other, you would vote the same. It doesn't matter what is put in front of you... you will reject it.
 
  • Like
  • Dislike
Reactions: hyperbole and JimB
Fuzzball said:
Nobody believes you. That's not your "reason". If you took that stain and moved it from one party to the other, you would vote the same. It doesn't matter what is put in front of you... you will reject it.
Click to expand...

Wow, not sure where that's coming from, but it comes off as quite defensive.

The guy in charge is a convicted felon. That's a fact, no matter how much some may want to redefine what that term means. And he's in charge of "the law" because the DOJ does his bidding, regardless of whether there's any legitimate basis. Just the latest example is his revoking security clearances and ordering the AG to investigate Chris Krebs because the CISA investigation debunked the allegation the 2020 election was stolen. So he's not upholding the rule of law, he's using it as his personal revenge weapon.

But this is getting off topic, so let's get back to the Signal/Atlantic issue.

I had to laugh when I first heard of that debacle. For years we've heard law enforcement officials yammer, ad nauseum, about "going dark" because of encryption, while opponents point out back doors aren't needed because criminals are stupid and will eventually give themselves away, anyway. So here we are. Signal is encrypted, but that didn't matter because they gave themselves away. I think that's worth a laugh.
 
Encryption or not is NOT the problem with US
government use of Signal.

Lack of control, and lack of record keeping, lack of
auditable access, lack of auditable security and so on are
the problems.

Remember when Obama wanted to use his beloved
Blackberry when he became president, and there was
hardly anyway to make it secure?

As suggested, look at the results of moving such desire
to use insecure unauditable services with no record
keeping from one 'party' to another, and, oh look what
happens when the US puts a convicted criminal in
charge of the law.

And, no, voting has nothing to do with it, the
observation comes from external non-voting observers.

The subject here really isn't Signal, considering that it is
obvious that Signal is not intended to provide
government services of security, controllability or record
keeping.

It's about a criminal regime's desire to avoid scrutiny as
they, oh, I dunno, as they continue to break the law.

Technology <-- the subject of the GRC Forums -
technology to the rescue, helping criminal regimes
avoid scrutiny as they break the law.
 
Last edited:
  • Like
Reactions: hyperbole
peterblaise said:
Encryption or not is NOT the problem with US government use of Signal.

Lack of control, and lack of record keeping, lack of auditable access, lack of auditable security and so on are the problems.

Remember when Obama wanted to use his beloved Blackberry when he became president, and there was hardly anyway to make it secure?

As suggested, look at the results of moving such desire to use insecure unauditable services with no record keeping from one 'party' to another, and, oh look what happens when the US puts a convicted criminal in charge of the law.

And, no, voting has nothing to do with it, the observation comes from external non-voting observers.

The subject here really isn't Signal, considering that it is obvious that Signal is not intended to provide government services of security, controllability or record keeping.

It's about a criminal regime's desire to avoid scrutiny as they, oh, I dunno, as they continue to break the law.

Technology <-- the subject of the GRC Forums - technology to the rescue, helping criminal regimes avoid scrutiny as they break the law.
Click to expand...
"Wipe? You mean like with a cloth?". HRC
 
You must log in or register to reply here.

Similar threads

D
Picture of the week
Replies
0
Views
227
Security Now Podcast
dusanmal
D
H
Sending email to the podcast?
Replies
5
Views
969
Security Now Podcast
peterblaise
peterblaise
D
SN1041 Ukraine, The Ukraine
Replies
1
Views
457
Security Now Podcast
JorgeA
J
A
At the door
Replies
0
Views
890
Security Now Podcast
a viewer
A
O
Picture of the Week Suggestion
Replies
1
Views
596
Security Now Podcast
peterblaise
peterblaise
Top Bottom
Back