#telemessage

Lisa Needham at Daily Kos:

The New York Times reports that the Department of Homeland Security will no longer be using the software that captures and saves text messages between officials.  Wait. They haven’t been using it since April. Great. So, how does the most sprawling, well-funded, and violent agency go about keeping its communication records these days, given those pesky laws like the Freedom of Information Act and the Federal Records Act? Glad you asked.  Apparently, back in April, DHS started using a new, very high-tech, very efficient way to make sure that they follow the obligations of those laws. Rather than using TeleMessage, the program that had taken care of things automatically, now, it’s much, much simpler. All an official needs to do to preserve their text messages and follow the law is:

Take a screenshot of each message on your work phone

Send it to your work email

Download it to your work computer

Run a program on each screenshot to make it text searchable.

See? Piece of cake! Surely this is much more reliable than the old way, where a piece of software just ran in the background and stored everything. According to DHS, there were cybersecurity concerns with the automatic program TeleMessage, but one small detail there: they switched to the screenshot method in April, but reports of TeleMessage being hacked didn’t appear until early May. Whoopsie!

So weird that this issue has cropped up at the agency most inclined to refuse to provide any information at all about what its people are doing. It was probably inevitable that the same bunch that thinks federal agents should run around masked, armed, and with no visible ID would also eschew keeping any records about it.  DHS has said that this is totally within the law, absolutely, but their own court filings show the unlucky acting chief records officer of the National Archives William Fischer patiently and professionally writing to whatever nonsense flack is handling FOIA for DHS. And, well, here’s poor William trying to square what DHS told American Oversight about their records request with the law.

[...] DHS also made sure to throw its own FOIA staff under the bus. See, when they told American Oversight that they couldn’t find any records, it’s just because they were too stupid to know where to look! “They explained that public information officers had erroneously concluded that the agency lacked the ability to locate responsive records, without searching for manual screenshots. Those became the department’s official record-keeping practice for text messages since April 9.”

Hackers actively scan and exploit a critical flaw in TeleMessageTM SGNL, a messaging app modelled on Signal, stealing passwords by accessing unsecured debug endpoints. If your organisation uses Spring Boot internally, this is a ticking time bomb that demands immediate action.

Source: GreyNoise

TeleMessage, the messaging app used by former National Security Adviser Mike Waltz, has temporarily suspended its services after hackers claimed to have accessed and stolen sensitive data from its platform. The app, a version of Signal with added archiving features, was under investigation after reports of a breach emerged over the weekend. TeleMessage, the communications app used by…

Sen. Ron Wyden (D-Ore.) is calling on the Department of Justice to investigate the risks associat... Senate Democrat calls on DOJ to investigate risks from Signal-like app

Pete Hegseth, the worst ever Secretary of Defense, has apparently been caught using Signal on 12 more occasions for Pentagon business.

Secretary of Defense Pete Hegseth discussed Pentagon business on at least 12 separate Signal app chats, the Wall Street Journal reported Monday, citing people familiar with his management practices. Newsweek reached out to the Pentagon for comment via email on Monday evening.

Hegseth is a typical Trump appointee – a dangerous dumbass – only worse.

The Journal's reporting indicates Hegseth used the encrypted messaging app far more frequently than previously known. Trump administration officials' use of Signal came under scrutiny after The Atlantic reported earlier this year that Hegseth, then-national security adviser Mike Waltz and several other Cabinet-level officials discussed highly sensitive plans for a military strike against Yemen's Houthi militants in a Signal group chat that inadvertently included The Atlantic's editor-in-chief Jeffrey Goldberg.

Trump administration bozos are using a version of Signal which has been hacked.

Signalgate: Modified Signal App Used by Former National Security Advisor Was Hacked