this post was submitted on 26 Mar 2025
729 points (99.7% liked)

News

28144 readers
3823 users here now

Welcome to the News community!

Rules:

1. Be civil

Attack the argument, not the person. No racism/sexism/bigotry. Good faith argumentation only. This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban. Do not respond to rule-breaking content; report it and move on.

2. All posts should contain a source (url) that is as reliable and unbiased as possible and must only contain one link.

Obvious right or left wing sources will be removed at the mods discretion. Supporting links can be added in comments or posted seperately but not to the post body.

3. No bots, spam or self-promotion.

Only approved bots, which follow the guidelines for bots set by the instance, are allowed.

4. Post titles should be the same as the article used as source.

Posts which titles don’t match the source won’t be removed, but the autoMod will notify you, and if your title misrepresents the original article, the post will be deleted. If the site changed their headline, the bot might still contact you, just ignore it, we won’t delete your post.

5. Only recent news is allowed.

Posts must be news from the most recent 30 days.

6. All posts must be news articles.

No opinion pieces, Listicles, editorials or celebrity gossip is allowed. All posts will be judged on a case-by-case basis.

7. No duplicate posts.

If a source you used was already posted by someone else, the autoMod will leave a message. Please remove your post if the autoMod is correct. If the post that matches your post is very old, we refer you to rule 5.

8. Misinformation is prohibited.

Misinformation / propaganda is strictly prohibited. Any comment or post containing or linking to misinformation will be removed. If you feel that your post has been removed in error, credible sources must be provided.

9. No link shorteners.

The auto mod will contact you if a link shortener is detected, please delete your post if they are right.

10. Don't copy entire article in your post body

For copyright reasons, you are not allowed to copy an entire article into your post body. This is an instance wide rule, that is strictly enforced in this community.

founded 2 years ago
MODERATORS
rjc@lemmy.world
Thekingoflorda@lemmy.world
Tenthrow@lemmy.world
JonsJava@lemmy.world
gedaliyah@lemmy.world
little_cow@lemmy.world
jeffw@lemmy.world
enu@lemmy.world
WrenFeathers@lemmy.world
729
Private data and passwords of high-ranking US security politicians found online by journalists of German news outlet (www.spiegel.de)
submitted 4 days ago* (last edited 4 days ago) by Vittelius@feddit.org to c/news@lemmy.world
63 comments fedilink hide all child comments
 

EDIT: Since I've posted this, an English language version of the article has been published. Here is the link. @Mods: please let me know if I should replace it in the in the URL field as well, I'm going to leave it as is for know,

Article both in German and behind a paywall. I've translated the most relevant parts:

Donald Trump's most important security advisors discussed a military strike via signal chat. Research by [the German magazine] SPIEGEL now shows that the problem is even bigger. [...] Private contact details of US President Donald Trump's most important security advisors are available on the internet. Research by SPIEGEL revealed mobile numbers, email addresses and, in some cases, passwords.

For the research, information from commercial personal search engines and customer data published online was used. National Security Advisor Mike Waltz, US Intelligence Coordinator Tulsi Gabbard and Secretary of Defense Pete Hegseth are demonstrably affected by the leaks.

Most of the publicly accessible numbers and email addresses are probably still being used by those affected. Some of them are linked to profiles on Instagram and LinkedIn, among others. They were used to create Dropbox accounts and profiles in apps that track running data. There are WhatsApp profiles for the respective phone numbers, and in some cases even Signal accounts. [...] It is therefore conceivable that foreign agents were reading along when Gabbard, Waltz and Hegseth discussed a military strike in a signals chat with others.

Original German textDonald Trumps wichtigste Sicherheitsberater diskutierten einen Militärschlag per Signal-Chat. SPIEGEL-Recherchen zeigen nun: Das Problem ist noch größer. Private Kontaktdaten der wichtigsten Sicherheitsberater von US-Präsident Donald Trump sind im Internet einsehbar. Recherchen des SPIEGEL förderten Mobilnummern, Mail-Adressen und teilweise Passwörter zutage.

Für die Recherche wurden Informationen aus kommerziellen Personen-Suchmaschinen sowie im Netz veröffentlichte Kundendaten genutzt. Betroffen von den Leaks sind nachweislich der Nationale Sicherheitsberater Mike Waltz, US-Geheimdienstkoordinatorin Tulsi Gabbard und Verteidigungsminister Pete Hegseth.

Die meisten der öffentlich abrufbaren Nummern und Mail-Adressen werden von den Betroffenen wohl immer noch genutzt. Sie sind teilweise mit Profilen unter anderem bei Instagram und LinkedIn verbunden. Mit ihnen wurden Dropbox-Accounts und Profile in Apps angelegt, die Laufdaten tracken. Es finden sich zu den jeweiligen Telefonnummern WhatsApp-Profile, teilweise sogar Signal-Accounts. [...] Es ist daher denkbar, dass ausländische Agenten mitlasen, als Gabbard, Waltz und Hegseth in einem Signal-Chat mit anderen einen Militärschlag besprachen.

top 50 comments
sorted by: hot top controversial new old
[–] courageousstep@lemm.ee 189 points 4 days ago (11 children)

So…not to be dramatic or anything, but this sounds really fucking bad.

[–] brucethemoose@lemmy.world 69 points 4 days ago* (last edited 4 days ago) (2 children)

They're human. All sorts of people have personal accounts compromised, they don’t need flak for that.

What’s bonkers is that they are using at least some of it, casually, for sensitive professional talk. If you are anyone close to this position, you do whatever the heck security tells you without question, and it’s not over public signal or Dropbox accounts.

An analogy is trying not to get sick. Sure, people try their best in their personal lives. No one is perfect. But you would act very different in, say, a CDC lab working on Ebola. This would be like someone walking out with a Petri dish splattered all over their suit, and shrugging when someone with an accent scrapes it off your suit. It just screams "I have no regard for this institution's protocol or the consequences."

…But it’s worse than that. Like, I cannot describe the billions spent on even slightly influencing or penetrating these people's spaces, and it turns out they are operating like your boomer grandparents, apparently ignoring the direct instructions of the largest security institution on the planet like they know better.

[–] Saleh@feddit.org 58 points 4 days ago (3 children)

Maybe i am naive, but i would think that looking for compromises on personal accounts would be part of a security on-boarding process. Even if they don't discuss sensitive information on their personal accounts. If for instance a foreign agent gets to read them sexting their affairs that creates quite some blackmail material.

[–] PhilipTheBucket@ponder.cat 27 points 4 days ago (1 children)

This kind of thing used to be a big deal. There were some kind of exotic custom-hardened Blackberries that the top people got as their personal devices, specifically so the national security apparatus could have some kind of a prayer of keeping them secure against this stuff.

Being in an office like the US president is weird. You're kind of the boss, but you're also kind of an employee. Your employer gives you tons of restrictions some of which really are pretty irritating or restrictive, but it's for a good reason. It's a big deal. The kind of responsibility you carry is so globe-spanning that some of your personal preferences go straight to the back of the line. Of course, that was all when the system is functioning properly and keeping us safe from violent adversaries. Now the people in charge are violent, corrupt morons who are openly in league with our adversaries. Why would they be trying to keep us safe from them, even if they even could grasp the issues involved? Where that all might lead is pretty hard to say but it's for fucking sure not good.

[–] brucethemoose@lemmy.world 17 points 4 days ago* (last edited 4 days ago) (1 children)

I think it’s about respect as much as convenience.

If security guys told Biden, or Bush, or maybe even 2016 Trump he had so do something, he'd nod his head and do it.

Now? They don't trust them. They actively rejected protocols and norms when transitioning because they didn’t trust the Biden government. They very explicitly don’t trust the US Intelligence community. They don’t trust scientific institutions or other parties in their own government.

That’s different than being corrupt. That’s drinking the kool aid of a very toxic information environment, and I think that’s even more dangerous, as it compromises their own incentives for survival.

This is just a small example of that.

[–] PhilipTheBucket@ponder.cat 11 points 4 days ago

Yeah. When you've been handed free wins all your life, it's genuinely confusing to you when someone talks about it being important to play smart. "No, we just do whatever we want and win anyway. That's how it works." Until it doesn't...

[–] brucethemoose@lemmy.world 18 points 4 days ago* (last edited 4 days ago)

Yes of course. Trying to dig up people's skeletons before spies do has been happening way before the internet, and I would have assumed the government would have tried to “sweep” their personal accounts for vulnerabilities.

But… well, there were some warning signs of resistance to this just after the election:

https://www.axios.com/2024/11/26/trump-transition-white-house

They don’t trust the institutions they run.

load more comments (1 replies)
[–] drzoidberg@lemmy.world 57 points 4 days ago (2 children)

Not to sound alarmist or anything, but this is quite possibly the worst thing in history for US intelligence, so far.

Just think, how many accounts do you reuse your password for? How many of those are 2fa? Now take all that, wrap it up in an alcoholic, and now you've got the opsec of a toddler.

[–] dryfter@lemm.ee 19 points 4 days ago

I would be very surprised if any of these idiots even know what 2FA is, let alone use it.

[–] Stanley_Pain@lemmy.dbzer0.com 27 points 4 days ago

An absolute gong show

[–] Cornelius_Wangenheim@lemmy.world 14 points 4 days ago (2 children)

Pretty much everyone has compromised accounts/passwords because websites keep getting hacked. You can go to haveibeenpwned.com and look up your own.

That said, it's also why you shouldn't be using the public Internet for classified information.

[–] SkaveRat@discuss.tchncs.de 4 points 4 days ago

also why you should use good passwords and not reuse them

load more comments (1 replies)
[–] TwinTitans@lemmy.world 16 points 4 days ago

I’m hoping they can dig up more dirt on the Russian sympathy.

When you decide to start buying fertilizer from an enemy of the United States over a longtime ally and partner, this is all the red flags you need.

[–] tisktisk@piefed.social 6 points 4 days ago (2 children)

At what stage should we be at in terms of beginning to think about maybe starting to worry?

[–] TransplantedSconie@lemm.ee 8 points 4 days ago (1 children)

November 6th 2024

[–] floofloof@lemmy.ca 5 points 4 days ago

You misspelled 2016.

load more comments (1 replies)
load more comments (5 replies)
[–] redwattlebird@lemmings.world 91 points 4 days ago (3 children)

OPSEC 100% clean!

[–] kandoh@reddthat.com 36 points 4 days ago

👊🇺🇸🔥

[–] Stamau123@lemmy.world 17 points 4 days ago

Powerful start!

[–] pivot_root@lemmy.world 11 points 4 days ago

The only thing cleaner is his conscience /s

[–] PhilipTheBucket@ponder.cat 57 points 4 days ago (2 children)

It is therefore conceivable that foreign agents were reading along when Gabbard, Waltz and Hegseth discussed a military strike in a signals chat with others.

It is guaranteed that foreign agents were reading along. 1,000% guaranteed. Probably most if not all of their personal devices are compromised, the E2EE aspect doesn't even matter.

Infosec in the modern computing ecosystem against skilled and well-resourced adversaries is very very hard, even when you're trying, and this bunch isn't trying and wouldn't be good at it if they were.

[–] drzoidberg@lemmy.world 30 points 4 days ago

One of the participants was IN FUCKING MOSCOW AT THE TIME! It is a guarantee that Russia, at the bare minimum, was reading it first hand holding the phone of a participant.

load more comments (1 replies)
[–] Zippygutterslug@lemmy.world 31 points 4 days ago (1 children)

Same article and site, in english

[–] Vittelius@feddit.org 13 points 4 days ago

Thank you, I've added it to my post

[–] doug@lemmy.today 30 points 4 days ago

What a bunch of fucking vulnerable idiots. No big deal, just nuclear arms in the hands of the types who don’t know how to turn on their computers.

[–] homesweethomeMrL@lemmy.world 26 points 4 days ago (1 children)

Guys, I’m starting to wonder if trump and his cabinet are, y’know, outrageously fucking stupid.

[–] tisktisk@piefed.social 12 points 4 days ago (1 children)

This level of stupid can only be intentional, tho right? Need to come up with some type of unprecedentedly stupid award before more new records are set quick!

load more comments (1 replies)
[–] faberyayo@lemm.ee 13 points 4 days ago

Another day, another woopsie doopsie.

[–] Lemmist@lemm.ee 24 points 4 days ago (1 children)

Write with large letters in the White House. New slogan. "Stultitia et imperitia". Sounds good.

[–] badlotus@discuss.online 16 points 4 days ago (1 children)

Stultitia et imperitivae = stupidity and ignorance. Couldn’t agree more with the spirit of this post.

[–] Karyoplasma@discuss.tchncs.de 9 points 4 days ago (2 children)

Imperitia is correct in this context.

load more comments (2 replies)
[–] ArchmageAzor@lemmy.world 18 points 4 days ago (4 children)

Imagine the new fascist American regime not even getting off the ground because the fascists are so incredibly incompetent

[–] TransplantedSconie@lemm.ee 21 points 4 days ago

Sweet lawd let it be so. 🙏

[–] NotLemming@lemm.ee 7 points 4 days ago

Mr bean does fascism

[–] LillyPip@lemmy.ca 3 points 3 days ago

Unfortunately, fascists don’t need to be competent to be effective. In fact, ignorance plus incompetence can be very dangerous.

Hitler Was Incompetent and Lazy—and His Nazi Government Was an Absolute Clown Show

load more comments (1 replies)
[–] SatansMaggotyCumFart@lemmy.world 18 points 4 days ago (1 children)

We need to bring Rudy Giuliani back as cybersecurity adviser.

Is he still alive?

[–] adespoton@lemmy.ca 4 points 4 days ago

Doesn’t he work at the Four Seasons garden shop now?

[–] Ghostalmedia@lemmy.world 16 points 4 days ago

Great job Senate. They knew they shouldn't have appointed these complete amateurs, but they were too afraid of being primaried by Trump lackeys.

[–] conditional_soup@lemm.ee 5 points 3 days ago

Merit based hires

[–] thatKamGuy@sh.itjust.works 12 points 4 days ago

I’d love an anonymised list of the passwords used, out of sheer curiosity. Just how safe/smart are these people, that are entrusted with running the world’s (currently) most powerful nation?

How many “password1234” or “asdfghjkl” would we find?

[–] cabron_offsets@lemmy.world 12 points 4 days ago

Republicans are just fucking morons. Jesus.

[–] demizerone@lemmy.world 7 points 4 days ago

Buttery males is why we are here. Donald love buttery males!

[–] NotLemming@lemm.ee 11 points 4 days ago (1 children)

I guess it's not that worrying as they're already compromised by Russia?

[–] Rentlar@lemmy.ca 9 points 4 days ago

What's another 100% OPSEC between friends?

[–] maniajack@lemmy.world 10 points 4 days ago

First US outlet I see picking up the story: https://www.mediaite.com/news/report-passwords-of-top-u-s-security-officials-found-online-hegseth-gabbard-waltz-among-those-affected/

[–] Olhonestjim@lemmy.world 5 points 4 days ago

Well don't announce it. Change them.

load more comments
view more: next ›