Norms Impact
The Signal Clone the Trump Admin Uses Was Hacked
A government-facing Signal clone built to archive officials’ messages was breached, exposing how outsourced retention systems can quietly strip security guarantees from top-level communications.
May 4, 2025
Sources
Summary
A hacker breached TeleMessage and stole customer data, including contents of some direct messages and group chats sent through TeleMessage’s modified Signal and other messaging apps used for archiving.
The breach exposes that archived chat logs tied to senior government communications can be accessible without end-to-end encryption protections between the modified app and the customer-controlled archive destination.
The practical consequence is that sensitive government-adjacent and institutional communications can be exposed through a third-party archiving pipeline that can be “trivially” compromised.
Reality Check
Outsourcing the capture and archiving of senior officials’ chats into a system that can be “trivially” accessed sets a precedent where sensitive governance communications are effectively routed through a weaker, hackable backdoor—eroding our collective security and the privacy of anyone pulled into these conversations. On this record, the conduct described is primarily a catastrophic security and records-risk failure rather than clearly chargeable criminality; the breach itself is most plausibly criminal on the hacker’s side under the Computer Fraud and Abuse Act (18 U.S.C. § 1030) and could implicate wire fraud (18 U.S.C. § 1343) depending on the access methods and intent. The deeper democratic harm is institutional: when end-to-end encryption is broken at the archiving layer, “secure messaging” becomes a compliance theater that invites surveillance, leaks, and manipulation without meaningful accountability to the public.
Detail
<p>A hacker breached TeleMessage, an Israeli company that provides modified versions of Signal and other messaging apps to U.S. government customers for message archiving, and stole customer data. The stolen material includes contents from some direct messages and group chats sent using TeleMessage’s Signal clone, as well as TeleMessage-modified versions of WhatsApp, Telegram, and WeChat.</p><p>TeleMessage drew attention after Mike Waltz was seen using the tool during a cabinet meeting with President Trump. The breached data reflects that Waltz’s chats on the app included recipients whose identities appear to be Marco Rubio, Tulsi Gabbard, and JD Vance, but the hacker did not obtain messages belonging to cabinet members, Waltz, or his conversation counterparts.</p><p>The breach indicates the archived chat logs were not end-to-end encrypted between the modified messaging app and the ultimate archive destination controlled by the TeleMessage customer. Screenshots of messages and backend systems show hacked material included data related to Customs and Border Protection, Coinbase, and other financial institutions.</p>