So-called zero-click spyware is now sold to regimes and corporations around the globe. Apple has notified users in 150 countries that theyโve been targeted. A program from a single Israeli spyware maker, the NSO Group, has been deployed in Saudi Arabia, Spain, Hungary, India, Mexico and Rwanda. โNow the junior varsity countries can come in and succeed,โ Frank Figliuzzi, the F.B.I.โs former assistant director for counterintelligence, told me. โYou donโt need to be very sophisticated.โ
This should be the time to batten down the hatches. But the Trump administration has other priorities. Around 1,000 F.B.I. agents have been diverted from their regular duties to scrub the case files of Jeffrey Epstein. (Even in New York City โ a hotbed of foreign intelligence activity โ the F.B.I. field office is โall hands on deckโ on the Epstein review.) Meanwhile, the Justice Department stopped its investigations into the possible compromise of New York Cityโs Mayor Eric Adams by foreign governments. A seven-agency effort to counter Russian sabotage and cyberattacks has been put on hold. Personnel from the bureauโs counterterrorism division have been newly asked to pursue those who vandalize Teslas, while the new Joint Task Force Oct. 7 investigates โillegal support of Hamas on our campuses.โ
As for that mortifying incident in which a journalist was invited into a supposedly super-triple-extra-confidential conversation with top military and intelligence leaders, itโs hard to know whatโs worse: not being aware who was in the group chat or conducting the chat on mobile phones. The participants โ the intended participants, anyway โ may have thought they were safe because their texts were encrypted by the Signal messaging app, prized by the secrecy-minded all over the world. A chat, however, is only as secure as the people using it. Just a few days ago, the Pentagon issued a warning that Russian hackers were tricking people into mirroring their Signal group texts to a second device. Steve Witkoff, a special envoy, joined a chat anyway โ and he did it from Moscow.
Mr. Witkoff has since said that he was using a secure, government-issued device. But thereโs no way to make a phone completely unhackable. In SCIFs, the secure rooms where Washington officials conduct their most sensitive conversations, phones arenโt even allowed in the door.
The people at the center of Signalgate โ the national security adviser, Michael Waltz; the defense secretary, Pete Hegseth; the director of national intelligence, Tulsi Gabbard; to name a few โ all know this. They all served in the military. They no doubt heard innumerable lectures from counterintelligence experts about all the different ways an adversary can make off with sensitive data. But this is an administration that actively, proudly rejects expertise. It casts those who have it as the corrupt old guard, the real enemy, the โdeep state,โ and it touts its own refusal to heed them as proof of its legitimacy and righteousness. By that view, the security establishment must be bent to the White Houseโs will, and if the people at the top donโt have the traditional qualifications for their positions, all the better. This is an administration that makes a weekend Fox News host the leader of the worldโs largest military, puts a conspiracy-minded podcaster in charge of the F.B.I., and has at its pinnacle a reality star turned president. Blunders like this are an inevitable consequence.
โOf course they have their WhatsApp groups and their Signal groups,โ Matt Tait told me. Mr. Tait is a well-connected cybersecurity consultant and a former analyst at GCHQ, the British signals intelligence service. โFundamentally, they donโt really trust the civil service that are working for them, and donโt really see any of the constraints that traditionally people would follow as applying to them at all.โ
