As "Signalgate" continues to plague the Trump administration, including the discovery of 20 more White House-created Signal chat groups on Wednesday, security experts weigh in on national security, human error, and the growing need for modern communications – even for highly sensitive government positions.
The White House security blunder – the accidental addition of a seasoned journalist to a White House cabinet-member Signal chat group discussing active war plans last month – serves to remind us that humans are still the number one threat when it comes to protecting sensitive information.
In fact, a Mimecast cyber resilience report (coincidentally, published just two weeks before the White House Signal debacle) found that in 2024, “human risk [once again] surpassed technology gaps as the biggest cybersecurity challenge for organizations around the globe.”
Proving the point, multiple reports on Wednesday confirmed that Trump’s top security officials not only regularly used their personal Gmail accounts for White House business but were actively messaging each other via at least 20 other Signal group chats explicitly created to discuss issues such as Ukraine, China, Gaza, and more.
“Our national security leaders took the decision that we all take every day, albeit on a larger stage: compromise privacy and security for the convenience and ubiquity of cellular-based comms,” said John Doyle, founder and CEO of Cape, a privacy-first mobile network designed specifically for high-risk users.
According to the 2025 State of Human Risk report, Mimecast reveals that a whopping “95% of all data breaches are caused by human error,” listing insider threats, credential misuse, and human misstep as the most common.
The research also showed that security professionals believe there is a roughly 83% risk of employees inadvertently leaking data and oversharing company information on social media. And, a more than 75% risk of employees using personal accounts and smartphones for work-related tasks. Sound familiar?
National security unravels on Signal
The Signal chat group at the center of it all was admittedly created by a staffer working for National Security Advisor Mike Waltz to discuss a pending US military strike on Houthi rebels in Yemen.
The encrypted Houthi chat – filled with highly sensitive and now declared "unclassified" information – had been seen in full by The Atlantic’s Jeffrey Goldberg in the lead-up to the bombings, and, if in the wrong hands, essentially could have put the entire mission and military lives at risk.
And, although Trump has claimed the exposed Signal-induced war plan chatter had "no impact at all" on the operation, a federal judge has since ordered the chat to be “preserved” – presumably for any future disciplinary action that could take place.
“We think we can get away with it until something bad happens – someone's stolen our identity, or in this case, gotten a peek at classified war plans with lives on the line,” Doyle explained.
“This story, as surprising as it seems, is bound to repeat itself until we accept that modern mobile is how we communicate – from teens to fighters in Ukraine to our nation's leaders. We need to find a way to make it more secure,” Doyle said.
“We think we can get away with it until something bad happens – someone's stolen our identity, or in this case, gotten a peak at classified war plans with lives on the line. This story, as surprising as it seems, is bound to repeat itself until we accept that modern mobile is how we communicate – from teens to fighters in Ukraine to our nation's leaders. We need to find a way to make it more secure.”
– John Doyle, founder and CEO of Cape
Goldberg, who published a piece exposing the incredulous national security f—up on March 24th, claimed to have eventually removed himself from the chat, practically comparing the incident to quietly backing out of a room where one has walked in on their parents having sex.
Subsequently, the White House fail has led to a fine-toothed investigation aimed at uncovering all the potentially insecure communication methods used by top officials in Washington, and what a find it's been.
American war planning usually takes place in highly secure facilities. But the Trump administration planned its strikes on the Houthis using a group chat—and accidentally included The Atlantic’s editor in chief, @JeffreyGoldberg. https://t.co/vLTDk2wRet pic.twitter.com/VTFrAAzSfv
undefined The Atlantic (@TheAtlantic) March 24, 2025
Arne Möhle, CEO at Tuta Mail, an end-to-end encrypted email provider similar to Signal, says that the entire scenario underlines a crucial risk with group chats: “Secure communication is meaningless if you’re not certain who you’re talking to.”
“Encryption is only part of the equation. It can guarantee data remains confidential, but it can not automatically verify who is part of a conversation,” Möhle said, highlighting the threat of man-in-the-middle attacks. Even with key verification, "human error – as in the case here – remains a risk,” he said.
Besides the twenty chat groups sourced by Politico, the Washington Post additionally reported on Wednesday that one of Waltz's senior aides also used their Gmail account to share information involving "highly sensitive military positions and weapon systems in an ongoing conflict."
To be fair, the Post noted that Waltz, unlike his National Security Council (NSC) counterparts, including US Vice President JD Vance, Secretary of Defense Pete Hegseth, and Secretary of State Marco Rubio, had never used his personal email account to send classified material.
The media even uncovered that one of Elon Musk’s DOGE lackeys – now a top official for the government efficiency agency and assigned to the US Justice Department (DoJ) – was actually a self-confessed former hacker and distributor of pirated software.
According to a Reuters exclusive, the 33-year-old former X and SpaceX employee had been found bragging about his unsavory actions on several online forums from barely a decade ago. (But, more on DOGE later).
The human factor, China, and insider attacks
When it comes down to brass tacks, Möhle pointed out that “government officials shouldn’t have used Signal for these discussions in the first place,” and not because of any weakness in key encryption, but because of the "legal requirements" of the US government.
Möhle further connected the security lapse to the recent attacks on US telecommunications companies carried out by Chinese-backed threat actors Salt Typhoon, which is still an active and ongoing threat.
Salt Typhoon has already been blamed for several hacking instances, including telecom giant Verizon and the phone records of then-presidential candidates Trump, Vance, and several Harris staffers in the months leading up to the November election.
“Highly targeted individuals should assume that all communications between mobile devices – including government and personal devices—and internet services are at risk of interception or manipulation,” the US Cybersecurity and Infrastructure Security Agency (CISA) said in a 2024 advisory.
In December, CISA released a five-page “Mobile Communications Best Practice Guide” warning that the Chinese threat actors were actively targeting telcos to “steal call records & compromise communications of highly targeted individuals.”
Ironically, the guide urged those in senior government positions to “use end-to-end encrypted communications, such as Signal or similar apps.” The Trump team must have been paying attention.
🚨 PRC-affiliated threat actors are targeting telecom infrastructure to steal call records & compromise communications of highly targeted individuals. Protect yourself: Use end-to-end encrypted communications, such as Signal or similar apps. More info 👉 https://t.co/4sCwkKSYrG pic.twitter.com/ynzeX8hNyd
undefined Cybersecurity and Infrastructure Security Agency (@CISAgov) December 18, 2024
There have also been rumblings that the Trump administration needs to be on the lookout for the threat of insider attacks, which are rooted in the human factor.
We know that China and Russia have both been shopping around for disgruntled federal employees to act as turncoats against the US government.
And given the mass of DOGE-instigated layoffs affecting thousands of federal workers across dozens of agencies, there may be a line out the door of folks more than willing to “stick it to the man,” so to speak.
Foreign-linked entities have been observed by threat intelligence researchers trying to recruit these former workers, luring them with job offers from fake consulting and head-hunting firms with ads posted on LinkedIn and Craigslist – all with the intent of gathering intelligence. In some cases, the workers innocently share sensitive information with the malicious actors via their new jobs without even realizing it.
So, is there even a solution?
As the fallout from Signalgate continues and nation-state attacks hide around every corner, the world will watch to see how the White House adjusts its communication styles and choices moving forward.
Will the logistical need for personal devices (especially when traveling abroad) and the ease of commercial messaging apps and personal accounts, like Signal and Gmail, even come into play for the rest of Trump's term now that the lid has been blown off the roof, so to speak?
We already know that anyone in Trump’s inner circle has been marked for scrutiny by the mainstream media for the next four years, so maybe this could be the security wake-up call America needs to ensure sensitive communications are more than adequately protected in Washington.
“Security isn’t just about technology; it’s about people," said Möhle.
"When looking at the current White House teams, it appears that some key people lack the willingness or capability to take secure communication seriously enough, according to official requirements."
“The situation looks even more uncertain when taking into consideration that some teams – like the DOGE employees - are very young (19 - 25 years old),” said Möhle.
“These people are used to communicating via their personal phones and with their favorite chat apps. Without proper guidance, it’s likely that they will remain unwilling to change their habits to using officially qualified means of communications, he said.
It looks as if we're in for a bumpy ride no matter how this plays out.
Nevertheless, with significant breakthroughs expected around AI communication tools in the next few years, maybe the Zillennial penchant for dumb electronics will be the next trend to take hold over Capitol Hill. However, it didn’t work quite so well for Hezbollah.
Your email address will not be published. Required fields are markedmarked