Recorded Future intelligence analyst Allan Liska joins TaiwanPlus News to discuss the risks around high level U.S. officials leaking military operation plans while using a commercially encrypted messaging app.
Category
🗞
NewsTranscript
00:00This story really starts with government officials using a commercial app
00:05opposed to a secure government-developed app.
00:08What are the risks that these officials are taking when they're using Signal to communicate what is perceptively classified information?
00:16So there are a few things that are concerning with this. One is
00:20that we don't know if this was on government-issued devices or personal devices and
00:26obviously your personal devices are much more susceptible to
00:30attacks and every person who was on that text chain is a target. So even if
00:37Signal isn't compromised,
00:39their personal devices could be and everything that's on those devices could be flowing off into
00:46you know, into enemy hands. But the other thing is, at least in the US, there are records requirements that
00:54all
00:55military operations have to follow and Signal is, as secure as Signal is, it doesn't meet the demands of those record
01:03requirements. So,
01:04you know, that means that conversations are having, are in place that aren't
01:10necessarily going to be recorded the way they should and and that information, the information that's being shared, is
01:17government property.
01:19So, just like any other military operation, the information being shared there is
01:23government property and now there's no record of what was being said or what why decisions were made.
01:29So, have there been incidences of other
01:31information with that, while still sensitive, is lower level,
01:35but it's still leaked on these messaging apps such as WhatsApp or Facebook Messenger, apps that would not be considered
01:43secure for sensitive information communication.
01:45I mean, absolutely. I mean, even inadvertently, you know, we've seen the stories repeatedly about how you can track
01:53secret military bases by people going running with their fitness watches
02:00and, you know, uploading the information from there, you know, from those watches
02:04to the cloud and then suddenly that's
02:07available for everybody to see. So, there are all kinds of things that happen and it shouldn't, but it definitely happens.
02:15And, you know, in sometimes in a battlefield or in an emergency situation,
02:20you don't have any choice to do this. So, in the current cyber warfare environment,
02:24we're seeing more advanced attacks and, like you said, each person on this communications chain has a device that could potentially be at risk.
02:32What steps do, say, Taiwanese or U.S. officials need to take to ensure that
02:38these mistakes don't happen again and that sensitive information stays secure?
02:42So, communication should always be done on authorized government devices and
02:48those government devices should be constantly going through audits, looking for malware, looking for intrusions,
02:54looking for the types of access that we worry about. So, that's the first thing.
03:02Again, sometimes that's not going to be the case. There are
03:06exceptions where you may have to use your personal device in a field or whatever.
03:11And in cases like that, there should be strict guidelines from government offices about
03:19how and when that can be used and what level of information would be shared. We never wanted to disrupt military operations
03:27or slow them down because of regulations, but we always have to make sure you're being secure.
03:35It doesn't do you any good if you feel like you have to use your personal device in the battlefield and you're just sharing everything
03:42that you're sending to other people in the field with an enemy combatant and
03:47that could literally be happening in any of these cases.