404 Media

2025-05-04 22:00:14

The Signal Clone the Trump Admin Uses Was Hacked

A hacker has breached and stolen customer data from TeleMessage, an obscure Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages, 404 Media has learned. The data stolen by the hacker contains the contents of some direct messages and group chats sent using its Signal clone, as well as modified versions of WhatsApp, Telegram, and WeChat. TeleMessage was recently the center of a wave of media coverage after Mike Waltz accidentally revealed he used the tool in a cabinet meeting with President Trump.

The hack shows that an app gathering messages of the highest ranking officials in the government—Waltz’s chats on the app include recipients that appear to be Marco Rubio, Tulsi Gabbard, and JD Vance—contained serious vulnerabilities that allowed a hacker to trivially access the archived chats of some people who used the same tool. The hacker has not obtained the messages of cabinet members, Waltz, and people he spoke to, but the hack shows that the archived chat logs are not end-to-end encrypted between the modified version of the messaging app and the ultimate archive destination controlled by the TeleMessage customer.

Data related to Customs and Border Protection (CBP), the cryptocurrency giant Coinbase, and other financial institutions are included in the hacked material, according to screenshots of messages and backend systems obtained by 404 Media.

💡
Do you know anything else about TeleMessage? I would love to hear from you. Using a non-work device, you can message me securely on Signal at signalaccount.05 or send me an email at joseph@404media.co.

The breach is hugely significant not just for those individual customers, but also for the U.S. government more widely. On Thursday, 404 Media was first to report that at the time U.S. National Security Advisor Waltz accidentally revealed he was using TeleMessage’s modified version of Signal during the cabinet meeting. The use of that tool raised questions about what classification of information was being discussed across the app and how that data was being secured, and came after revelations top U.S. officials were using Signal to discuss active combat operations.

The hacker did not access all messages stored or collected by TeleMessage, but could have likely accessed more data if they decided to, underscoring the extreme risk posed by taking ordinarily secure end-to-end encrypted messaging apps such as Signal and adding an extra archiving feature to them.

“I would say the whole process took about 15-20 minutes,” the hacker said, describing how they broke into TeleMessage’s systems. “It wasn’t much effort at all.” 404 Media does not know the identity of the hacker, but has verified aspects of the material they have anonymously provided.
A screenshot provided by the hacker. Redactions by 404 Media.
The data includes apparent message contents; the names and contact information for government officials; usernames and passwords for TeleMessage’s backend panel; and indications of what agencies and companies might be TeleMessage customers. The data is not representative of all of TeleMessage’s customers or the sorts of messages it covers; instead, it is snapshots of data passing through TeleMessage’s servers at a point in time. The hacker was able to login to the TeleMessage backend panel using the usernames and passwords found in these snapshots.

A message sent to a group chat called “Upstanding Citizens Brigade” included in the hacked data says its “source type” is “Signal,” indicating it came from TeleMessage’s modified version of the messaging app. The message itself was a link to this tweet posted on Sunday which is a clip of an NBC Meet the Press interview with President Trump about his memecoin. The hacked data includes phone numbers that were part of the group chat.

One hacked message was sent to a group chat apparently associated with the crypto firm Galaxy Digital. One message said, “need 7 dems to get to 60.. would be very close” to the “GD Macro” group. Another message said, “Just spoke to a D staffer on the senate side - 2 cosponsors (Alsobrooks and gillibrand) did not sign the opposition letter so they think the bill still has a good chance of passage the senate with 5 more Ds supporting it.”
playlist.megaphone.fm?p=TBIEA2…
This means a hacker was able to steal what appears to be active, timely discussion about the efforts behind passing a hugely important and controversial cryptocurrency bill; Saturday, Democratic lawmakers published a letter explaining they would oppose it. Bill cosponsors Maryland Sen. Angela Alsobrooks and New York Sen. Kirsten Gillibrand did not sign that letter.

One screenshot of the hacker’s access to a TeleMessage panel lists the names, phone numbers, and email addresses of CBP officials. The screenshot says “select 0 of 747,” indicating that there may be that many CBP officials included in the data. A similar screenshot shows the contact information of current and former Coinbase employees.

Another screenshot obtained by 404 Media mentions Scotiabank. Financial institutions might turn to a tool like TeleMessage to comply with regulations around keeping copies of business communications. Governments have legal requirements to preserve messages in a similar way.

Another screenshot indicates that the Intelligence Branch of the Washington D.C. Metropolitan Police may be using the tool.
A screenshot provided by the hacker. Redactions by 404 Media.
The hacker was able to access data that the app captured intermittently for debugging purposes, and would not have been able to capture every single message or piece of data that passes through TeleMessage’s service. However, the sample data they captured did contain fragments of live, unencrypted data passing through TeleMessage’s production server on their way to getting archived.

404 Media verified the hacked data in various ways. First, 404 Media phoned some of the numbers listed as belonging to CBP officials. In one case, a person who answered said their name was the same as the one included in the hacked data, then confirmed their affiliation with CBP when asked. The voicemail message for another number included the name of an alleged CBP official included in the data.

404 Media ran several phone numbers that appeared to be associated with employees at crypto firms Coinbase and Galaxy through a search tool called OSINT Industries, which confirmed that these phone numbers belonged to people who worked for these companies.

The server that the hacker compromised is hosted on Amazon AWS’s cloud infrastructure in Northern Virginia. By reviewing the source code of TeleMessage’s modified Signal app for Android, 404 Media confirmed that the app sends message data to this endpoint. 404 Media also made an HTTP request to this server to confirm that it is online.

TeleMessage came to the fore after a Reuters photographer took a photo in which Waltz was using his mobile phone. Zooming in on that photo revealed he was using a modified version of Signal made by TeleMessage. The photograph came around a month after The Atlantic reported that top U.S. officials were using Signal to message one another about military operations. As part of that, Waltz accidentally added the editor-in-chief of the publication to the Signal group chat.

TeleMessage offers governments and companies a way to archive messages from end-to-end encrypted messaging apps such as Signal and WhatsApp. TeleMessage does this by making modified versions of those apps that send copies of messages to a remote server. A video from TeleMessage posted to YouTube claims that its app keeps “intact the Signal security and end-to-end encryption when communicating with other Signal users.”

“The only difference is the TeleMessage version captures all incoming and outgoing Signal messages for archiving purposes,” the video continues.

It is not true that an archiving solution properly preserves the security offered by an end-to-end encrypted messaging app such as Signal. Ordinarily, only someone sending a Signal message and their intended recipient will be able to read the contexts of the message. TeleMessage essentially adds a third party to that conversation by sending copies of those messages somewhere else for storage. If not stored securely, those copies could in turn be susceptible to monitoring or falling into the wrong hands.

That theoretical risk has now become very real.

A Signal spokesperson previously told 404 Media in email “We cannot guarantee the privacy or security properties of unofficial versions of Signal.”

White House deputy press secretary Anna Kelly previously told NBC News in an email: “As we have said many times, Signal is an approved app for government use and is loaded on government phones.”

The hacker told 404 Media that they targeted TeleMessage because they were “just curious how secure it was.” They did not want to disclose the issue to the company directly because they believed the company might “try their best to cover it up.”

“If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it’s been vulnerable?” the hacker said.

404 Media is not explaining in detail how the hacker managed to obtain this data in case others may try to exploit the same vulnerability.

According to public procurement records, TeleMessage has contracts with a range of U.S. government agencies, including the State Department and Centers for Disease Control and Prevention.

Guy Levit, CEO of TeleMessage, directed a request for comment to a press representative of Smarsh, TeleMessage’s parent company. That representative did not immediately respond to an email or voicemail.

Recently, after the wave of media coverage about Waltz’s use of the tool, TeleMessage wiped its website. Before then it contained details on the services it offers, what its apps were capable of, and in some cases direct downloads for the archiving apps themselves.

Neither CBP, Coinbase, Scotiabank, Galaxy Digital, nor Washington D.C. Metropolitan Police responded to a request for comment.

Photo appears to show Mike Waltz using Signal-like app that can archive messages 

Former national security adviser Mike Waltz was photographed using a Signal-like messaging app during Wednesday’s Cabinet meeting, more than a month after he first came under intense scrutiny for accidentally including a journalist in a group chat th…

^{Kevin Collier (NBC News)}

404 Media

2025-05-01 20:45:01

Army Will Seek Right to Repair Clauses in All Its Contracts

A new memo from Secretary of Defense Pete Hegseth is calling on defense contractors to grant the Army the right-to-repair. The Wednesday memo is a document about “Army Transformation and Acquisition Reform” that is largely vague but highlights the very real problems with IP constraints that have made it harder for the military to repair damaged equipment.

Hegseth made this clear at the bottom of the memo in a subsection about reform and budget optimization. “The Secretary of the Army shall…identify and propose contract modifications for right to repair provisions where intellectual property constraints limit the Army's ability to conduct maintenance and access the appropriate maintenance tools, software, and technical data—while preserving the intellectual capital of American industry,” it says. “Seek to include right to repair provisions in all existing contracts and also ensure these provisions are included in all new contracts.”
playlist.megaphone.fm?p=TBIEA2…
Over the past decade, corporations have made it difficult for people to repair their own stuff and, somehow, the military is no exception. Things are often worse for the Pentagon. Many of the contracts it signs for weapons systems come with decades long support and maintenance clauses. When officials dig into the contracts they’ve often found that contractors are overcharging for basic goods or intentionally building weapons with proprietary parts and then charging the Pentagon exorbitant fees for access to replacements. 404 Media wrote more about this problem several months ago. The issue has gotten so bad that appliance manufacturers and tractor companies have lobbied against bills that would make it easier for the military to repair its equipment.

This has been a huge problem for decades. In the 1990s, the Air Force bought Northrop Grumman’s B-2 Stealth Bombers for about $2 billion each. When the Air Force signed the contract for the machines, it paid $2.6 billion up front just for spare parts. Now, for some reason, Northrop Grumman isn’t able to supply replacement parts anymore. To fix the aging bombers, the military has had to reverse engineer parts and do repairs themselves.

Similarly, Boeing screwed over the DoD on replacement parts for the C-17 military transport aircraft to the tune of at least $1 million. The most egregious example was a common soap dispenser. “One of the 12 spare parts included a lavatory soap dispenser where the Air Force paid more than 80 times the commercially available cost or a 7,943 percent markup,” a Pentagon investigation found. Imagine if they’d just used a 3D printer to churn out the part it needed.

As the cost of everything goes up, making it easier for the military to repair their own stuff makes sense. Hegseth’s memo was praised by the right-to-repair community. “This is a victory in our work to let people fix their stuff, and a milestone on the campaign to expand the Right to Repair. It will save the American taxpayer billions of dollars, and help our service members avoid the hassle and delays that come from manufacturers’ repair restrictions,” Isaac Bowers, the Federal Legislative Director of U.S. PIRG, said in a statement.

The memo would theoretically mean that the Army would refuse to sign contracts with companies that make it difficult to fix what it sells to the military. The memo doesn’t carry the force of law, but subordinates do tend to follow the orders given within. The memo also ordered the Army to stop producing Humvees and some other light vehicles, and Breaking Defense confirmed that it had.

With the Army and the Pentagon returning to an era of DIY repairs, we’ll hopefully see the return of PS: The Preventive Maintenance Monthly. Created by comics legend Will Eisner in 1951, the Pentagon funded comic book was a monthly manual for the military on repair and safety. It included sultry M-16 magazines and anthropomorphic M1-Abrams explaining how to conduct repairs.

The Pentagon stopped publishing the comic in 2019, but with the new push in the DoD for right-to-repair maybe we’ll see its return. It’s possible in the future we’ll see a comic book manual on repairing a cartoon MQ-9 Reaper that leers at the reader with a human face.
A tank teaching you how to repair it. Image: DoD archive.

Hegseth orders ‘comprehensive transformation’ of US Army, merging offices and cutting units

""All of these parochial interests and all of these lobbyists that crawl around this building and crawl around Congress, they have succeeded for far too long, and so the first thing is, we are going to start to cut the things we don't want or need," …

^{Ashley Roque (Breaking Defense)}