4mo ago

Private data and passwords of high-ranking US security politicians found online by journalists of German news outlet

www.spiegel.de /netzwelt/web/usa-private-daten-von-sicherheitspolitikern-im-netz-a-132886fa-7d7e-4698-9507-a3423b23bddc

EDIT: Since I've posted this, an English language version of the article has been published. Here is the link. @Mods: please let me know if I should replace it in the in the URL field as well, I'm going to leave it as is for know,

Article both in German and behind a paywall. I've translated the most relevant parts:

Donald Trump's most important security advisors discussed a military strike via signal chat. Research by [the German magazine] SPIEGEL now shows that the problem is even bigger. [...] Private contact details of US President Donald Trump's most important security advisors are available on the internet. Research by SPIEGEL revealed mobile numbers, email addresses and, in some cases, passwords.
For the research, information from commercial personal search engines and customer data published online was used. National Security Advisor Mike Waltz, US Intelligence Coordinator Tulsi Gabbard and Secretary of Defense Pete Hegseth are demonstrably affected by the leaks.
Most of the publicly accessible numbers and email addresses are probably still being used by those affected. Some of them are linked to profiles on Instagram and LinkedIn, among others. They were used to create Dropbox accounts and profiles in apps that track running data. There are WhatsApp profiles for the respective phone numbers, and in some cases even Signal accounts. [...] It is therefore conceivable that foreign agents were reading along when Gabbard, Waltz and Hegseth discussed a military strike in a signals chat with others.

57 comments

So…not to be dramatic or anything, but this sounds really fucking bad.
- They're human. All sorts of people have personal accounts compromised, they don’t need flak for that.
  What’s bonkers is that they are using at least some of it, casually, for sensitive professional talk. If you are anyone close to this position, you do whatever the heck security tells you without question, and it’s not over public signal or Dropbox accounts.
  An analogy is trying not to get sick. Sure, people try their best in their personal lives. No one is perfect. But you would act very different in, say, a CDC lab working on Ebola. This would be like someone walking out with a Petri dish splattered all over their suit, and shrugging when someone with an accent scrapes it off your suit. It just screams "I have no regard for this institution's protocol or the consequences."
  …But it’s worse than that. Like, I cannot describe the billions spent on even slightly influencing or penetrating these people's spaces, and it turns out they are operating like your boomer grandparents, apparently ignoring the direct instructions of the largest security institution on the planet like they know better.
  
  Maybe i am naive, but i would think that looking for compromises on personal accounts would be part of a security on-boarding process. Even if they don't discuss sensitive information on their personal accounts. If for instance a foreign agent gets to read them sexting their affairs that creates quite some blackmail material.
  
  I think your Ebola analogy is apt. These are the people who killed USAID and foreign medical aid during the start of an Ebola outbreak, ignoring the pleas of the CDC. These are the people that appointed RFK Jr.
  In other words, they put just as much care into not getting sick.
- Not to sound alarmist or anything, but this is quite possibly the worst thing in history for US intelligence, so far.
  Just think, how many accounts do you reuse your password for? How many of those are 2fa? Now take all that, wrap it up in an alcoholic, and now you've got the opsec of a toddler.
  
  I would be very surprised if any of these idiots even know what 2FA is, let alone use it.
- An absolute gong show
- I’m hoping they can dig up more dirt on the Russian sympathy.
  When you decide to start buying fertilizer from an enemy of the United States over a longtime ally and partner, this is all the red flags you need.
- Pretty much everyone has compromised accounts/passwords because websites keep getting hacked. You can go to haveibeenpwned.com and look up your own.
  That said, it's also why you shouldn't be using the public Internet for classified information.
  
  also why you should use good passwords and not reuse them
  
  SIPRnet
- At what stage should we be at in terms of beginning to think about maybe starting to worry?
  
  You're a little late for that
- It's public, it's handed off to everyone :)
  
  Who would that be in this case?
OPSEC 100% clean!
It is therefore conceivable that foreign agents were reading along when Gabbard, Waltz and Hegseth discussed a military strike in a signals chat with others.
It is guaranteed that foreign agents were reading along. 1,000% guaranteed. Probably most if not all of their personal devices are compromised, the E2EE aspect doesn't even matter.
Infosec in the modern computing ecosystem against skilled and well-resourced adversaries is very very hard, even when you're trying, and this bunch isn't trying and wouldn't be good at it if they were.
- One of the participants was IN FUCKING MOSCOW AT THE TIME! It is a guarantee that Russia, at the bare minimum, was reading it first hand holding the phone of a participant.
- Maybe we can subpoena chinese intelligence officials to get some straight answers on this.
Same article and site, in english
- Thank you, I've added it to my post
What a bunch of fucking vulnerable idiots. No big deal, just nuclear arms in the hands of the types who don’t know how to turn on their computers.
Guys, I’m starting to wonder if trump and his cabinet are, y’know, outrageously fucking stupid.
- This level of stupid can only be intentional, tho right? Need to come up with some type of unprecedentedly stupid award before more new records are set quick!
  
  Hegseth would never let someone else hold his beer.
- Stultitia et imperitivae = stupidity and ignorance. Couldn’t agree more with the spirit of this post.
  
  Imperitia is correct in this context.
We need to bring Rudy Giuliani back as cybersecurity adviser.
Is he still alive?
- Doesn’t he work at the Four Seasons garden shop now?
Imagine the new fascist American regime not even getting off the ground because the fascists are so incredibly incompetent
- Unfortunately, fascists don’t need to be competent to be effective. In fact, ignorance plus incompetence can be very dangerous.
  Hitler Was Incompetent and Lazy—and His Nazi Government Was an Absolute Clown Show
- They are some of the dumbest people imaginable. So there is hope.
Great job Senate. They knew they shouldn't have appointed these complete amateurs, but they were too afraid of being primaried by Trump lackeys.
Another day, another woopsie doopsie.
I’d love an anonymised list of the passwords used, out of sheer curiosity. Just how safe/smart are these people, that are entrusted with running the world’s (currently) most powerful nation?
How many “password1234” or “asdfghjkl” would we find?
- What's another 100% OPSEC between friends?
First US outlet I see picking up the story: https://www.mediaite.com/news/report-passwords-of-top-u-s-security-officials-found-online-hegseth-gabbard-waltz-among-those-affected/
Buttery males is why we are here. Donald love buttery males!
Keystone Kops of Kaos!!!
Well don't announce it. Change them.
Merit based hires
Oh wow, these idiots are so unbelievably inept. Truly criminally incompetent.
The Official Trump Seal of Merit™
- I thought this was Ameritocracy^TM
LOL! Peking and Moscow have been drooling since the 05 Nov 2024. The MSS and SVR are keeping themselves busy with their fucked up sock puppets.
I can hear the Benny Hill music playing in the background...

57 comments