In Regulatory Wrap for the week to May 9, Rob Mason narrates the impact of a breach to a messaging platform used by the U.S. government.
In this week’s Regulatory Wrap, we review how the use of TeleMessage in a White House cabinet meeting resulted in a breach of the messaging app less than 30 minutes later, as well as the subsequent risks posed to the U.S. government.
1. Former National Security Advisor Mike Waltz was photographed using TeleMessage – an unofficial Signal clone – which led a hacker to breach the messaging app’s chat archives
2. The hacker accessed and shared data related to Customs and Border Protection, Coinbase (a cryptocurrency exchange), and other financial institutions
3. Following this incident, TeleMessage services were suspended, and an external cybersecurity firm was tasked with investigating the incident
4. While the U.S. government has previously approved of TeleMessage use, officials are now being instructed against using the app due to a previous incident where a journalist was accidentally added to a Signal chat used by government figures to discuss military operations
5. U.S. Senator Rony Wyden wrote to the Department of Justice advising the agency to investigate a “serious threat to national security” posed by “dangerously unsecure communications software”
This episode is brought to you by our Director of Regulatory Intelligence, Rob Mason.
Government use of messaging apps may be a contested topic, but a few things are for sure – complete record retention, trusted communications capture tools, and strong “tone from the top” are key ingredients for fully-baked compliance and resilience strategies.
