Opinion Just when it seems they couldn't be that careless, US officials tasked with defending the nation go and do something else that puts American critical infrastructure, national security, and troops' lives in danger.

In Signalgate part 3, or possibly 4 — we've lost track — on Thursday it came to light that US Defense Secretary Pete Hegseth had an [1]insecure internet connection set up in his office so that he could [2]use Signal on a personal computer.

This followed earlier revelations that the defense secretary used the encrypted messaging app on his personal phone to share sensitive details about [3]military operations in Yemen among [4]multiple Signal groups . One of these was set up by national security adviser Michael Waltz and [5]inadvertently included the Atlantic's editor-in-chief. Plus, Hegseth himself created at least one other that [6]included his wife, brother, and personal attorney, and again involved the sharing of military plans.

[7]

Plus, Waltz and other members of the US National Security Council reportedly used their [8]personal Gmail accounts to exchange information about an unnamed, ongoing conflict, including details about military positions and weapons systems.

[9]

[10]

All of these incidents should raise a number of security concerns for several reasons. They involve White House officials discussing military operations using commercial apps and services, on their personal devices that are connected to the public internet. Foreign spies routinely target government officials — and their personal email accounts and mobile phones — for surveillance and snooping.

And even if they are using Signal, which is considered the gold-standard for end-to-end chat encryption, there's no guarantee their personal devices haven't been compromised with some sort of [11]super-spyware like Pegasus, which would allow attackers to read the messages once they land on their phones.

Circumventing the Pentagon's security protocol puts sensitive intelligence in jeopardy

"It is certainly a massive concern," said John Ackerly, who previously worked in the George W Bush White House as a tech advisor before co-founding encryption business Virtru.

"Secure networks for national defense communications are there for a reason: Because other telecom services do not have adequate protections in place to ensure the protection of highly sensitive data," he told The Register .

[12]

"It is no secret that our adversaries are trying every method possible to infiltrate American systems and access sensitive information," Ackerly added.

"The [13]Salt Typhoon and [14]Volt Typhoon campaigns out of China demonstrate this ongoing threat to our telecom systems. Circumventing the Pentagon's security protocol puts sensitive intelligence in jeopardy."

In most cases this would seem to be a fireable offense. But the Trump administration isn't one for norms — or, it seems, cybersecurity.

[15]

Folks in IT security are known to say " [16]security is a team sport " and talk about how they are creating a " [17]security culture " in their corporate environments. In this case, America is screwed.

Our team leaders don't play by the rules, and they certainly aren't creating a lead-by-example culture on why things like data privacy and secure communications are important and how cyberthreats can have real-world consequences.

[18]Signalgate chats vanish from CIA chief phone

[19]Signalgate: Pentagon watchdog probes Defense Sec Hegseth

[20]Forget Signal. National Security Adviser Waltz now accused of using Gmail for work

[21]Signalgate storm intensifies as journalist releases full secret Houthi airstrike chat

There were undoubtedly lessons to be learned about how China's Salt Typhoon [22]breached American government and telecommunications networks — and how to prevent system intrusions like this in the future. But we won't learn them because the administration [23]purged the Cyber Safety Review Board in the middle of its investigation into Beijing's hacks.

We've already learned that China's spies are [24]sitting on US critical infrastructure networks, prepositioning for [25]future destructive attacks , so there's ample reason for national security officials to put more effort into shoring up communications channels and making sure sensitive information stays private. But America's leaders are doing the exact opposite.

Plus, even after the Atlantic published some of the Signal messages proving that their Signal chats spelled out the exact time of a planned — and carried out — airstrike in Yemen, government officials continued to [26]insist it was [27]no big deal and most certainly did not put troops on the ground in harm's way.

White House officials have created the ultimate insider threat. And despite their efforts to convince the American public that there's nothing to see here, you'd better believe that China, Russia, and any other adversaries who want to tap into US intelligence are taking note. ®

Get our [28]Tech Resources



[1] https://apnews.com/article/hegseth-signal-chat-dirty-internet-line-6a64707f10ca553eb905e5a70e10bd9d

[2] https://www.washingtonpost.com/national-security/2025/04/23/hegseth-signal-pentagon-computer/

[3] https://www.theregister.com/2025/03/24/signal_atlantic_security_disaster/

[4] https://www.politico.com/news/2025/04/02/waltzs-team-set-up-at-least-20-signal-group-chats-for-crises-across-the-world-00266845

[5] https://www.theregister.com/2025/03/26/signal_calls_congress/

[6] https://www.nytimes.com/2025/04/20/us/politics/hegseth-yemen-attack-second-signal-chat.html

[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aAxaZ2pvd-6awguK-FbxswAAAk0&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[8] https://www.theregister.com/2025/04/02/waltz_gmail_security/

[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aAxaZ2pvd-6awguK-FbxswAAAk0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aAxaZ2pvd-6awguK-FbxswAAAk0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[11] https://www.theregister.com/2025/03/26/signal_calls_congress/

[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aAxaZ2pvd-6awguK-FbxswAAAk0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[13] https://www.theregister.com/2025/02/13/salt_typhoon_pwned_7_more/

[14] https://www.theregister.com/2025/03/12/volt_tyhoon_experience_interview_with_gm/

[15] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aAxaZ2pvd-6awguK-FbxswAAAk0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[16] https://www.theregister.com/2025/03/10/incident_response_advice/

[17] https://www.theregister.com/2024/06/15/microsoft_brad_smith_congress/

[18] https://www.theregister.com/2025/04/16/cia_signalgate_chat/

[19] https://www.theregister.com/2025/04/04/hegseth_inspector_general/

[20] https://www.theregister.com/2025/04/02/waltz_gmail_security/

[21] https://www.theregister.com/2025/03/26/signal_calls_congress/

[22] https://www.theregister.com/2025/01/22/dhs_axes_cyber_advisory_boards/

[23] https://www.theregister.com/2025/01/30/gutting_us_cyber_advisory_boards/

[24] https://www.theregister.com/2025/03/12/volt_tyhoon_experience_interview_with_gm/

[25] https://www.theregister.com/2024/02/07/us_chinas_volt_typhoon_attacks/

[26] https://www.foxnews.com/video/6371789239112

[27] https://apnews.com/article/cia-gabbard-ratcliffe-trump-russia-china-signal-d2ecd2e9f50822d747681a061dec62e2

[28] https://whitepapers.theregister.com/