It seems that the new administration of US President Donald Trump has picked up the idea that the «role of cybersecurity in the modern world is exaggerated». In March, a secret chat between the Trump team accidentally added a journalist by The Atlantic. And now the messenger used by the Trump administration has been hacked.
The Israeli company TeleMessage creates special versions of messengers like Signal for the US government. These programs are designed to save copies of officials’ messages. However, it became known that the hacker was able to break into the company’s security systems and stole user data, including the content of some personal and group chats in Signal, WhatsApp, Telegram, and WeChat versions that were modified by TeleMessage.
The company came into the spotlight after Congressman Mike Volz accidentally showed off the app during a meeting with Donald Trump. The photo showed that he was using a modified version of Signal from TeleMessage.
The hack showed that the tool, used even by the highest officials, had serious vulnerabilities. For example, Volz’s chats that were part of the leak include such well-known figures as Marco Rubio, Tulsi Gabbard, and J.D. Vance. Despite this, the hacker did not get access to the messages of Volz and his interlocutors. But the very fact of the hack proves that the chat archives were not protected by end-to-end encryption, which Signal usually has. In other words, copies of the messages were transmitted to TeleMessage’s servers in clear text.
The stolen data includes messages related to the U.S. Customs and Border Protection (CBP), the cryptocurrency company Coinbase, and other financial institutions. The journalists have screenshots from TeleMessage systems that confirm this.
The hacker claimed to have hacked the system in 15-20 minutes. According to him, it was not difficult at all. The stolen data contains texts of messages, names and contacts of government officials, usernames and passwords to access the internal TeleMessage panel, and a list of potential clients (agencies, companies, banks).
It’s not a complete database of all TeleMessage users – it’s just a snapshot of what was passing through the company’s servers at a particular moment. But it was enough for the hacker to log in.
One of the hacked chat rooms was called Upstanding Citizens Brigade. The message contained a link to an interview with Trump about his meme. Another message concerned the discussion of the crypto law in the Senate — reports indicate that there is active internal work on promoting the bill. These were not yet public discussions.
Journalists checked the authenticity of the leak. For example, they called the numbers allegedly belonging to employees of the Ministry of Internal Affairs — some of them confirmed their identity. They checked other numbers through OSINT services and confirmed them as well.
The hacked server is located on Amazon AWS infrastructure in Northern Virginia. The journalists also confirmed that the modified Signal from TeleMessage does send messages to this server.
TeleMessage claims that their app retains «the full security of Signal», only adding an archiving function. But this is not true. In classic Signal, only the sender and the recipient can read a message. But with the TeleMessage version, a third party with access to copies intervenes in the conversation.
A Signal spokesperson said earlier:
«We cannot guarantee the security of third-party versions of Signal».
The hacker explained that he had hacked into «’s system out of curiosity to test its security. He did not want to report the vulnerability to the company itself, because he believes that they would simply «hush up the matter».
«If I could find it in less than 30 minutes — then anyone else could too. And who knows how long this vulnerability has been around?» — the hacker added.
TeleMessage has contracts with many US government agencies, including the State Department and the Center for Disease Control.
After the wave of publicity, the company’s website was completely cleaned up — all references to services, applications, and features disappeared. Previously, it was even possible to download an archiving app directly from the website.
Coinbase confirmed that it was aware of the hack and was investigating the situation. At the same time, the company assured that it did not transmit passwords, seed phrases, or other confidential information via TeleMessage. Representatives of the USPS, Scotiabank, Galaxy Digital, and the Washington police did not comment.
Earlier hacker «hacked» OpenAIbut the company concealed it. It is also worth recalling that The United States has put out a manhunt for a hacker who may have hacked «Action» in 2022.
.
Source: 404 Media