Authored by Karl Denninger via Market-Ticker.org,
PresidentĀ Donald TrumpĀ revealed that a staffer with national security advisor Mike Waltz’s office included the editor-in-chief of the Atlantic in a Signal group chat with senior Trump officials who were discussing plans for an upcoming strike on Houthi rebels in Yemen.
“It was one of Michaelās people on the phone.Ā A staffer had his number on there,”Ā Trump told NBCĀ in a phone interview when asked how Jeffrey Goldberg, the Atlantic’s editor-in-chief, was added to the high-profile chat.
Who was the person with zero IT security expertise that had people in the DOD and NatSec part of the government usingĀ anything other than their own infrastructureĀ for such things?
There’s utterly no reason toĀ everĀ trustĀ anyĀ external system for sensitive information internal to the government.
Ever.
Let’s say, for example, I send you an email.Ā I typically “sign” them.Ā By doing thisĀ the email has included both an attestation that it has not been altered, as otherwise the signature will not validate,Ā andĀ my public key.
Now ifĀ yourĀ computer has a trust chain to verify that — and I publish that, by the way (so it can validate that public key is good)Ā then you can now send me an encrypted message.Ā Ā Once you do soĀ not even youĀ can read it — only I can, because I’m the only one with theĀ other halfĀ of the key.
With me so far?
Now let’s say we start up a conversation and we haveĀ tenĀ people in there.Ā I send an encrypted message toĀ all ten.Ā What I actually send isĀ ten messagesĀ because each person’s public key isĀ differentĀ and again, each of them are theĀ onlyĀ people with the other half of it.Ā So far so good.Ā They each get it, they can decode it, but not the copy sent to anyone else — and since IĀ signedĀ it if that signature verifiesĀ they knowĀ it hasn’t been tampered with in transit.
But in this case, since you care about the integrity ofĀ whoĀ can be a part of conversations generally,Ā allĀ transmissions go through the government’s infrastructure.Ā The government, incidentally,Ā already hasĀ the PKI infrastructure (issuing certificates, attesting to them, etc. — this is part of, but not all of, how a CAC card works) to do all this.
Thus when you send the message the server — which is a DOD/NatSec server — is the machine that processes it.Ā Ā Because a public key is in fact public it knows who the message is going to (all of the recipients)Ā and whether the DOD/NatSec servers issued the certificates involved and to whom.
The serverĀ cannotĀ see theĀ unencryptedĀ contentsĀ of the message asĀ onlyĀ the recipient of each transmission has the private key required to decode itĀ — but it knows who its going toĀ andĀ their public certificate.Ā Ā This means it can be set up to look at same andĀ refuse to deliverĀ a messageĀ if it is to someone who doesn’t have a DOD-issued certificate and, for example,Ā the other people in the communication do;Ā it could either embargo it (after all, thereĀ mightĀ be circumstances where this is legitimate) or alert someone that something hinky may be going on, throw it in the trash summarily, or some combination.
It can’t see the contents, but itĀ canĀ interdict the message before it ever leaves the DODĀ andĀ identify who transmitted it because the machine that sent it is known.
In other words if you set things up properly, and run them properly,Ā what happened can’t happenĀ andĀ if it is attempted, either by accident or malice, not only does it not workĀ the person who did it gets bustedĀ if the transmission wasĀ notĀ legitimate.
Yeah.
That.
Security of communications is supposed to be important…. right?
So why did CISA, which is anĀ official government agency,Ā recommendĀ SignalĀ specificallyĀ when it has no nexus within the governmentĀ and thus, while it may be end-to-end encrypted (and not full of holes, which I can’t speak to since I’ve never looked at it in sufficient detail to have a valid opinion)Ā it has no means of controlling who is in a chat nor to prevent anyone who might,Ā whether through accident or malice, add someone unauthorized to a new or existing one and there is no means for the participantsĀ or organization to which they belongĀ to vetĀ whoĀ is in said chat.
You can have theĀ bestĀ encryption on the planet — absolutely impossible to break — butĀ if there is either someone foolish or malicious it is meaninglessĀ exactly as while you can have a fortified home or businessĀ if you leave the front door unlocked it matters not.
TheĀ entire reasonĀ you use a chain of trustĀ and only allow entities known to have been authorized through that chainĀ to be included in any sort of access regimeĀ is precisely this.Ā Humans are both fallibleĀ and,Ā from time to time, corrupt.
EitherĀ is fatal to a security scheme and thusĀ you must design in and insist on a control process to mitigate that risk.
We do not, at present, know if the breach here was due to stupidity (accident counts)Ā or maliceĀ but what weĀ doĀ know is that CISA —Ā an official government source —Ā made a recommendation during the last Administration (so no, you can’t lay this one on Trump)Ā to use infrastructure for allegedly “secure” communicationsĀ that lacked any measure of control over human accidentĀ or maliceĀ in terms of recipient (and group) management.
This incident, beyond theĀ actualĀ person who added (or changed) the recipient so that reporter was in the list, isĀ directlyĀ chargeable against CISA and their recommendation.Ā Since it isĀ their jobĀ to put forward such standards for the governmentĀ this is a fatal failure and every individual involved in that process, no matter how small their involvement, must be both publicly identified and expelled.Ā As there was apparently noĀ classifiedĀ data breached as a result of this criminal sanction is not appropriate — but permanent severance from any government employment now and in the future,Ā along with summary and permanent revocation of any clearance held by said personsĀ is not just advisable — it is mandatory.
Security is a process,Ā notĀ a product.
Tyler Durden
Thu, 03/27/2025 – 17:40
