President Trump’s Ukraine and Middle Eastern envoy Steve Witkov was in Moscow, where he met with Russian President Vladimir Putin. Included in group chat There is more than a dozen other top government officials, and carelessly, one journalist. Messaging App Signalreveals CBS news analysis of open source flight information and Russian media reports.
Russia has repeatedly tried to compromise Signal, a popular commercial messaging platform that many shocked to learn what Trump administration officials were using to discuss sensitive military plans.
Witkoff arrived in Moscow shortly after the afternoon of the local time on March 13th. According to data from the flight tracking website Flightradar24 and his Motorcade’s Russian state media broadcast video, which soon left Vnukovo International Airport. About 12 hours later, he was added to the “Houthi PC Small Group” chat, where he and other Trump administration officials discussed the imminent military operations against Yemen’s Houthis.
Both Democrats and Republicans have questioned the use of commercial communications platforms for conversation. Goldberg revealed in his own Atlantic report on Monday.
The National Security Council told CBS News on Monday that the group chat “seems to be authentic.”
Goldberg has not said he has not commented on group chat until Saturday after stopping in Baku, Azerbaijan on Friday, leaving Russia and returning to the US. It is unclear whether a phone issued to Witkoff by the US government is included in the signal chat, or whether he has a device in Russia. American officials It discourages messaging apps from using government devices, including the Department of Defense.
White House press director Karoline Leavitt criticized the Atlantic report on Tuesday, saying there was no “war plan” on X, adding that without naming a signal, the White House advisory office “provided guidance on many different platforms for President Trump’s top officials to communicate as safely and efficiently as possible.”
Two members of the group chat, national intelligence director Tarshigabad and CIA director John Ratcliffe, appeared before the Senate Intelligence Email Committee on Tuesday. Pre-planned hearing About global security threats. Ratcliffe confirmed at the hearing that he is part of the chat.
During a group discussion on the signal, Goldberg reported that Ratcliffe had appointed an active CIA intelligence officer in the chat at 5:24pm, just after midnight in Russia. Witkov’s flight did not leave Moscow until around 2am local time. And Sergei Markov, a former Putin advisor near the Russian president, said in a telegram post that Witkov and Putin were meeting in the Kremlin until 1:30am.
Neither the Kremlin nor the White House have confirmed the timing of the meeting between Witkov and Putin. The White House did not respond immediately to questions from CBS News about the conference or whether Witkoff has a device in the Kremlin.
Signal is built on open source code and therefore has a good reputation for security as it can be inspected for vulnerabilities. Neil Ashdown, a consultant working on cybersecurity, told CBS News.
However, Ashdown said that considering whether the platform is secure, “it’s “missing the heart of the problem: using that application in that environment and questioning whether that level of information is in line with policies and processes.”
Signal App offers end-to-end encryption. This means that messages sent on the platform cannot be read by anyone except the sender and receiver. However, that encryption is not inexplicable.
The Google Threat Intelligence Group warned last month of “an increase in efforts from several Russian national alliance threat actors to compromise signal messenger accounts used by individuals interested in the Russian intelligence agency.”
Ukraine’s top cyber defense agency warned last week of targeted attacks in which compromised signal accounts urged employees of defense companies and members of the Ukrainian military to send malware. Breaking news published by Ukrainian Computer Emergency Response Team (CERT-UA) on March 18 shows that the attack has begun this month. According to the memo, some of the messages were sent from existing contacts, increasing the likelihood that a phishing link would be opened.
Some ways to hijack your smartphone do not even require direct access to your device. Jake Moore, global cybersecurity advisor for software and cybersecurity company ESET, told CBS News.
One of the most famous cyber threats of the past decade is the spyware developed by the Israeli company NSO Group, reportedly Pegasus. Used to target journalists and activists. Pegasus explained that it is designed to be installed remotely on mobile devices, allowing cameras, messaging apps, microphones, or users to control the screen itself without knowing that it is installed.
There are safe government communication channels for sensitive communication, but in reality, the method chosen for such communication “often depends on the balance between security and security.”
The risk is minimal for the public, but he said, “The more secure these conversations, or the more sensitive they are, the more inconvenient security must be, so the more inconvenient it has to be.”
Nicole Suganga contributed to this report.
more
