If you’re running the security directorate of a hostile nation, savor this moment. It’s never been easier to steal secrets from the United States government. Can you even call it stealing when it’s this simple? The Trump administration has unlocked the vault doors, fired half of the security guards and asked the rest to roll pennies. Walk right in. Take what you want. This is the golden age.
In its first two months, the Trump administration has made move after move that exposes the government to penetration by foreign intelligence services. It’s not just the group chat about forthcoming military strikes that The Atlantic revealed on Monday — although that was, to be clear, as audacious and ridiculous a security breach as there has been in decades. The administration short-circuited the process for conducting background checks on top officials, turned tens of thousands of people with access to government secrets into disgruntled ex-employees and announced it was lowering its guard against covert foreign influence operations. It installed one of Elon Musk’s satellite internet terminals on the roof of the White House, seemingly to bypass security controls, and gave access to some of the government’s more sensitive systems to a teenager with a history of aiding a cybercrime ring, who goes by the nickname Big Balls.
In his first term, President Trump caused an uproar by revealing intelligence to the Russian ambassador that was routinely withheld from America’s actual allies. This is something different: the erosion of America’s ability to keep any secrets at all. The second Trump administration is treating security like just another stale Washington convention, an annoying impediment to its ambitions to move fast, break the bureaucratic state and replace it with an all-powerful executive. The bros in tech and finance don’t have to deal with these creaky, fussy restraints. Why should the White House?
Major adversaries pray for this level of chaos, confusion and opportunity. A secretive Chinese network is trying to recruit fired U.S. government workers. The Naval Criminal Investigative Service states with “high confidence” that foreign adversaries are trying to “capitalize” on the Trump administration’s mass layoffs. But the Chinese Ministry of State Security or the Russian Main Intelligence Directorate aren’t the only ones who stand to profit from the Trump administration’s disregard for even minimal operational security. Intelligence gathering has become easier for everyone.
So-called zero-click spyware is now sold to regimes and corporations around the globe. Apple has notified users in 150 countries that they’ve been targeted. A program from a single Israeli spyware maker, the NSO Group, has been deployed in Saudi Arabia, Spain, Hungary, India, Mexico and Rwanda. “Now the junior varsity countries can come in and succeed,” says Frank Figliuzzi, the F.B.I.’s former assistant director for counterintelligence. “You don’t need to be very sophisticated.”
This should be the time to batten down the hatches. But the Trump administration has other priorities. Around 1,000 F.B.I. agents have been diverted from their regular duties to scrub the case files of Jeffrey Epstein. (Even in New York City — a hotbed of foreign intelligence activity — the F.B.I. field office is “all hands on deck” on the Epstein review.) Meanwhile, the Justice Department stopped its investigations into the possible compromise of New York City’s Mayor Eric Adams by foreign governments. A seven-agency effort to counter Russian sabotage and cyberattacks has been put on hold. Personnel from the bureau’s counterterrorism division have been newly asked to pursue those who vandalize Teslas, while the new Joint Task Force Oct. 7 investigates “illegal support of Hamas on our campuses.”
As for that mortifying incident in which a journalist was invited into a supposedly super-triple-extra-confidential conversation with top military and intelligence leaders, it’s hard to know what’s worse: not being aware who was in the group chat or conducting the chat on mobile phones. The participants — the intended participants, anyway — may have thought they were safe because their texts were encrypted by the Signal messaging app, prized by the secrecy-minded all over the world. But a chat is only as secure as the people using it. Just a few days ago, the Pentagon issued a warning that Russian hackers were tricking people into letting them join their Signal group texts. Steve Witkoff, a special envoy, accepted an invitation to join a chat anyway — and he did it from Moscow.
There’s no way to make a phone completely unhackable. In SCIFs, the secure rooms where Washington officials conduct their most sensitive conversations, phones aren’t even allowed in the door.
The people at the center of Signalgate — the national security adviser, Michael Waltz; the defense secretary, Pete Hegseth; the director of national intelligence, Tulsi Gabbard; to name a few — all know this. They all served in the military. They no doubt heard innumerable lectures from counterintelligence experts about all the different ways an adversary can make off with sensitive data. But this is an administration that actively, proudly rejects expertise. It casts those who have it as the corrupt old guard, the real enemy, the “deep state,” and it touts its own refusal to heed them as proof of its legitimacy and righteousness. By that view, the security establishment must be bent to the White House’s will, and if the people at the top don’t have the traditional qualifications for their positions, all the better. This is an administration that makes a weekend Fox News host the leader of the world’s largest military, puts a conspiracy-minded podcaster in charge of the F.B.I., and has at its pinnacle a reality star turned president. Blunders like this are an inevitable consequence.
“Of course they have their WhatsApp groups and their Signal groups,” Matt Tait told me. Mr. Tait is a well-connected cybersecurity consultant and a former analyst at GCHQ, the British signals intelligence service. “Fundamentally, they don’t really trust the civil service that are working for them, and don’t really see any of the constraints that traditionally people would follow as applying to them at all.”
In the coming days the administration’s defenders may note, correctly, that much of what the federal government stamps secret barely qualifies as sensitive, and that administrations going back 20 years or more have used their personal devices to talk war and peace. But that does nothing to excuse the recent gaffe, which is why those involved are trying to distract us with claims that fall just this side of comedy. Mr. Waltz suggested that Jeffrey Goldberg, the journalist who was invited to the war planning chat, might have hacked his way in, as if that would make the security concerns better, not worse. Ms. Gabbard claimed the texts exchanged by the group — detailing the targets, timing and weapons system used in an ongoing U.S. attack — were somehow not classified at all, and therefore no secrets had really leaked.
So if you’re running a foreign intelligence service, relax. You’ve got time. This fiasco could’ve been a wake-up call to the Trump team, an opportunity to overhaul their security procedures and maybe stop courting disaster on quite so many fronts. This administration has decided to go hard in the other direction. “Nobody’s texting war plans,” Mr. Hesgeth told reporters, after being exposed for doing just that. “I know exactly what I’m doing.”
Noah Shachtman has reported from Iraq, Afghanistan and Russia for Wired. He previously served as the editor in chief of Rolling Stone and The Daily Beast. This article originally appeared in The New York Times.
Donate to the newsroom now. The Salt Lake Tribune, Inc. is a 501(c)(3) public charity and contributions are tax deductible