The Signal Clone the Trump Admin Uses Was Hacked
www.404media.co
TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked.
  • Unpigged@lemmy.dbzer0.com
    12·
    10 hours ago

    Shockingly comes days after the leak that the service is being used by the dork team. Someone really really really wants to get these backups.

  • Capt. Wolf@lemmy.world
    239·
    18 hours ago

    Just remember, no matter what way they spin this, they chose to ignore national security protocols and went out of their way to use an unsecure messaging app. That’s the real story. The witch hunt they’re undoubtedly going to go on is a perfect opportunity to redirect the public, save face, and further erode our freedoms.

    You know, SOP for the whole Trump regime…

    • SpaceShort@feddit.uk
      71·
      12 hours ago

      Also, the reason we know about it is because Mike Waltz invited a journalist to a group chat.

      • bean@lemmy.world
        3·
        9 hours ago

        a snowball of stupidity if you will. Let’s see how big it grows… looks like it picked up momentum and size now with TG Signal hacked 🤡 ☃️

    • JeeBaiChow@lemmy.world
      178·
      18 hours ago

      Actually, I’m more surprised people continue to believe the ‘end to end’ claims of these companies.

      • silence7@slrpnk.netOP
        74·
        17 hours ago

        Signal makes it believable by providing source code and reproducible builds. It doesn’t rule out the possibility that they’ve done something clever with the random number generator, or have the app store you use give you a compromised app, or provide any protection against endpoint compromise, but it’s about as good as you can get.

        Third party apps derived from theirs, which explicitly promise to log all your messages to a server somewhere, like TeleMessage, are, for obvious reasons, far less trustworthy.

        • jaybone@lemmy.zipEnglish
          4·
          10 hours ago

          Question: how can they even claim it’s e2ee if they also claim to log all the messages? Or is the claim that they log the messages in encrypted form? In which case any client(s) with the only copy of the keys could delete them, making the logs useless.

          • tamman2000@lemm.eeEnglish
            2·
            4 hours ago

            I don’t know how they claim that would work. But it’s important to note that only telemessage makes that claim, not signal.

        • xor@lemmy.dbzer0.comEnglish
          4·
          12 hours ago

          well they’ve also had great peer code reviews, and the reproducible builds lets you know they’re not putting a different version on the app store….

      • A_norny_mousse@feddit.org
        41·
        2 hours ago

        Signal? Why wouldn’t they? Why would they want to claim E2EE, then steal people’s chats, and try really hard to make it completely invisible? Which would probably fail since it’s FOSS. Not everything is a conspiracy. Sure, they will sell user’s metadata eventually (if they aren’t doing it already) or become a paid app, maybe even add advertisments, who knows (nothing is safe from enshittification).

        TeleMessage is a different thing altogether. Their “claim” is pretty much the opposite: take a known E2EE app and make it completely transparent.

      • huppakee@lemm.ee
        21·
        17 hours ago

        Even with e2e security there is 2 e’s that can get compromised, their use of a altered version of the app on one end is enough to cancel out the whole encryption part it, also on the other end.

        But in this case it’s like they have a lock for their garage door that is different from the lock on their car so they can’t steal the car when somebody steals the key to the garage door, but then think they can leave the keys in the lock because there is a lock (encryption) on the doors.

    • A_norny_mousse@feddit.org
      30·
      11 hours ago

      No. It’s a wrapper around Signal that sends everything into a corporate cloud. The Isaraeli miltary/defense/espionage whatever have been using this, then sold it to a US company. I’m guessing the company provides wrappers around other apps as well.

      It completely defeats the purpose of E2EE. I’m sure somebody told our oh-so-competent US government that’s exactly what they need.

      Like, it’s actually worse than SignalGate.

      • technocrit@lemmy.dbzer0.com
        4·
        3 hours ago

        The Isaraeli miltary/defense/espionage whatever have been using this, then sold it to a US company.

        Not at all suspicious. \s

      • TheObviousSolution@lemm.ee
        6·
        7 hours ago

        So basically, they hacked themselves out of any benefit Signal was giving them, and then an external party finished the hack.

      • Redex@lemmy.world
        21·
        8 hours ago

        Goverment officials are required to archive all communications, so it doesn’t defeat the purposes of E2EE because you can’t have full E2EE to start with. If it was propely implemented and didn’t get hacked it would be fine. Tho I guess implementation wise if it really sends all the data to a corporate instead of government cloud that’s a problem as well.

        • rumba@lemmy.zipEnglish
          1·
          2 hours ago

          If it was propely implemented and didn’t get hacked

          If it was properly researched and approved by DoD and used on authorized, secure devices which were running on secured networks, it would be fine.

          The baseline for security has been pretty decent for years. It’s painfully restrictive which is why they’re chomping at the bit to make it easier, but just slamming a corporate product into use with secret data with no oversight has never been fine even if it was secure.

    • xor@lemmy.dbzer0.comEnglish
      111·
      12 hours ago

      well it’s published now….
      the part where they’re a private company, keeping backups of top secret information… that’s only on there to avoid accountability….
      yeah that’s bad too….

      i just hope the hackers are the leaker type and not the hostile foreign government type…

  • FiveMacs@lemmy.ca
    24·
    17 hours ago

    Hopefully someone releases all their messages to throw more shit in their faces. Overwhelm them with bullshit just like they did to everything

  • frezik@midwest.social
    151·
    16 hours ago

    These goddamned idiots are going to get at least one supercarrier sunk. At least one.