Full Report
A photo taken this week showed Mike Waltz using an app that looks like—but is not—Signal to communicate with top officials. "I don't even know where to start with this," says one expert.
Analysis Summary
# Main Topic
The discovery this week of U.S. National Security Advisor Mike Waltz using a messaging application that strongly resembles Signal but is explicitly identified as a different, Israeli-made platform ("TM SGNL" / TeleMessage Signal) while communicating with top officials, raising significant security and compliance concerns related to federal record retention laws.
## Key Points
- A photograph showed Mike Waltz using an app labeled "TM SGNL" during a White House cabinet meeting.
- The application is identified as TeleMessage Signal, an Israeli-made app, not the standard end-to-end encrypted Signal app.
- This incident follows the prior "SignalGate" scandal involving the use of vanishing Signal messages for coordinating sensitive military strikes, which led to disclosure issues and Waltz's prior removal from his role.
- Experts noted the inappropriateness of using non-hardened, non-federal platforms for sensitive discussions, regardless of the specific app used.
## Threat Actors
- **Actor/Victim:** Mike Waltz (then U.S. National Security Advisor).
- **Other Entities Mentioned:** JD Vance, Marco Rubio, Tulsi Gabbard (contacts in the chat). Jeffrey Goldberg (editor of The Atlantic, previously included in a prior SignalGate chat).
- **Attribution Context:** This is not a report of external malicious hacking (cyber threat actor), but an internal security lapse concerning improper use of communications technology by high-level officials.
## TTPs
- **Improper Communications Channel Usage:** Utilizing a non-approved, potentially non-compliant messaging application (TeleMessage Signal) for sensitive government communications involving top officials.
- **Records Retention Evasion/Risk:** The use of vanishing messages or specialized third-party apps heightens the risk of violating federal records retention laws, similar to the earlier SignalGate incident.
- **Technology Misidentification:** The app is visually similar to Signal, suggesting potential confusion or deliberate use of an alternative platform that may lack required federal scrutiny.
## Affected Systems
- **Systems/Platforms Involved:** TeleMessage Signal ("TM SGNL") application used on a mobile device.
- **Scope of Impact:** Communication involving top U.S. officials regarding sensitive matters, leading to potential non-compliance with federal records management protocols.
## Mitigations
- **Platform Hardening:** Communications involving sensitive discussions must occur on special-purpose, hardened federal devices and software platforms.
- **Policy Enforcement:** Strict adherence to mandated federal records retention policies, ensuring all official communications are logged and archived correctly, regardless of end-to-end encryption status.
- **Training/Awareness:** Immediate security refresher training is necessary for high-level officials regarding approved communication toolsets.
## Conclusion
The deployment of "TM SGNL" (TeleMessage Signal) by a National Security Advisor highlights a continuing vulnerability in secure communications protocol enforcement amongst high-level government staff. The primary threat identified is non-compliance with federal records laws due to the use of unapproved third-party applications, echoing the preceding "SignalGate" breach. Immediate action should focus on retraining personnel to restrict sensitive communications exclusively to validated, hardened federal systems.