By Elie Monnickendam, Year 12,
Micheal Waltz, National Security Advisor, did a bit too much waltzing on March 11th when he created a group chat on the Signal application. The use of this mobile application (in this context) is a cookie-cutter case of insecure messaging when dealing with sensitive information. This Signal group chat was used to discuss imminent military activity against the Houthis in Yemen. This pep rally-style group chat had many members, notably J.D. Vance (VP), Marco Rubio (Secretary of State) and Pete Hegseth (Secretary of Defence). When Micheal Waltz accidentally added Jeffrey Goldberg (Atlantic’s editor-in-chief), the whole group chat was released to the press and is now known as SignalGate.
OPSEC (operational security) usually dictates sensitive information to be discussed on closed, monitored, and managed sources, so it’s a big surprise so many politically influential figures chose Signal to communicate such valuable info.Signal is an open-source public application! Anyone can look at the code, and it isn’t unheard of to hear stories of countries attempting to hack through Signals encryption. Ironically enough, one too many members of the group chat have made public statements blaming Hillary Clinton’s use of a private email server during her tenure as a US diplomat. The US Defence Dept. recently sent out a department-wide notice warning members of the dept of the dangers of using a non-secured, public application for communication, warning them of its “vulnerability”.
How does one not make this mistake? Good question. In this day and age, it’s difficult to properly communicate without the fear of being listened to. If used for casual, non-classified communication, Signal is an incredible option to communicate with your friends and family. Other apps that work similarly are Briar, Session, SimpleX, Telegram, Threema, Viber and Wire. These applications are independent secure messaging apps that allow users to communicate in more private settings. End-to-end encryption is the most popular method of secure communication. This method forces each user to encrypt the message they want to send before even sending it, which restricts people from reading your messages while they are on their way to the designated receiver. Therefore, E2E encryption is designed to specifically prevent what we call MItM Attacks (man-in-the-middle), which target information while it is in movement.
Some other methods of private communication are auto-deleting messages, which will delete your messages after a predetermined period of time (similar to Snapchat). As we all know, the weakest link in the chain (when it comes tocyber-security) is humans; without secure passwords, you can consider yourself an open book. Keeping your messages private relies heavily on how securely you keep your phone! (Curious about passwords? See: https://www.lgbexpress.com/?p=9840)
If you’re really worried about your messages being read by others, you can encrypt your messages manually! Using a well-known encryption standard such as AES-256, you can lock your messages behind a one-way encryption method that requires a key to decrypt (to make it readable).
Whether you are a doomsday prepper or a security-curious person, it’s always advisable to know how secure your messages are.
