The Frank
Home
Today's Fastrack
About
Subscribe
Signal Clone Used by Govt Officials Hacked

Signal Clone Used by Govt Officials Hacked

author
author

The Frank Staff

The Frank Staff.
[email protected]
@TheFrank_com
The Frank Staff
author

The Frank Staff

The Frank Staff.
[email protected]
@TheFrank_com

May 6, 2025

·

0 min read

Share options

Email
Facebook
X
Telegram
WhatsApp
Reddit

A hacker has breached and stolen customer data from TeleMessage, an obscure Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages, 404 Media has reported.

The data stolen by the hacker contains the contents of some direct messages and group chats sent using its Signal clone, as well as modified versions of WhatsApp, Telegram, and WeChat. TeleMessage was recently the center of a wave of media coverage after Mike Waltz accidentally revealed he used the tool in a cabinet meeting with President Trump.

The hack shows that an app gathering messages of the highest ranking officials in the government—Waltz’s chats on the app include recipients that appear to be Marco Rubio, Tulsi Gabbard, and JD Vance—contained serious vulnerabilities that allowed a hacker to trivially access the archived chats of some people who used the same tool. The hacker has not obtained the messages of cabinet members, Waltz, and people he spoke to, but the hack shows that the archived chat logs are not end-to-end encrypted between the modified version of the messaging app and the ultimate archive destination controlled by the TeleMessage customer.

Data related to Customs and Border Protection (CBP), the cryptocurrency giant Coinbase, and other financial institutions are included in the hacked material, according to screenshots of messages and backend systems obtained by 404 Media.

The breach is hugely significant not just for those individual customers, but also for the U.S. government more widely. On Thursday, 404 Media was first to report that at the time U.S. National Security Advisor Waltz accidentally revealed he was using TeleMessage’s modified version of Signal during the cabinet meeting. The use of that tool raised questions about what classification of information was being discussed across the app and how that data was being secured, and came after revelations top U.S. officials were using Signal to discuss active combat operations.

The hacker did not access all messages stored or collected by TeleMessage, but could have likely accessed more data if they decided to, underscoring the extreme risk posed by taking ordinarily secure end-to-end encrypted messaging apps such as Signal and adding an extra archiving feature to them.

“I would say the whole process took about 15-20 minutes,” the hacker said, describing how they broke into TeleMessage’s systems. “It wasn’t much effort at all.” 404 Media does not know the identity of the hacker, but has verified aspects of the material they have anonymously provided.

The data includes apparent message contents; the names and contact information for government officials; usernames and passwords for TeleMessage’s backend panel; and indications of what agencies and companies might be TeleMessage customers. The data is not representative of all of TeleMessage’s customers or the sorts of messages it covers; instead, it is snapshots of data passing through TeleMessage’s servers at a point in time. The hacker was able to login to the TeleMessage backend panel using the usernames and passwords found in these snapshots.

A message sent to a group chat called “Upstanding Citizens Brigade” included in the hacked data says its “source type” is “Signal,” indicating it came from TeleMessage’s modified version of the messaging app. The message itself was a link to this tweet posted on Sunday which is a clip of an NBC Meet the Press interview with President Trump about his memecoin. The hacked data includes phone numbers that were part of the group chat.

One hacked message was sent to a group chat apparently associated with the crypto firm Galaxy Digital. One message said, “need 7 dems to get to 60.. would be very close” to the “GD Macro” group. Another message said, “Just spoke to a D staffer on the senate side - 2 cosponsors (Alsobrooks and gillibrand) did not sign the opposition letter so they think the bill still has a good chance of passage the senate with 5 more Ds supporting it.”

This means a hacker was able to steal what appears to be active, timely discussion about the efforts behind passing a hugely important and controversial cryptocurrency bill; Saturday, Democratic lawmakers published a letter explaining they would oppose it. Bill cosponsors Maryland Sen. Angela Alsobrooks and New York Sen. Kirsten Gillibrand did not sign that letter.

One screenshot of the hacker’s access to a TeleMessage panel lists the names, phone numbers, and email addresses of CBP officials. The screenshot says “select 0 of 747,” indicating that there may be that many CBP officials included in the data. A similar screenshot shows the contact information of current and former Coinbase employees.

Another screenshot obtained by 404 Media mentions Scotiabank. Financial institutions might turn to a tool like TeleMessage to comply with regulations around keeping copies of business communications. Governments have legal requirements to preserve messages in a similar way.

Another screenshot indicates that the Intelligence Branch of the Washington D.C. Metropolitan Police may be using the tool.

The hacker was able to access data that the app captured intermittently for debugging purposes, and would not have been able to capture every single message or piece of data that passes through TeleMessage’s service. However, the sample data they captured did contain fragments of live, unencrypted data passing through TeleMessage’s production server on their way to getting archived.

404 Media verified the hacked data in various ways. First, 404 Media phoned some of the numbers listed as belonging to CBP officials. In one case, a person who answered said their name was the same as the one included in the hacked data, then confirmed their affiliation with CBP when asked. The voicemail message for another number included the name of an alleged CBP official included in the data.

Share options

Email
Facebook
X
Telegram
WhatsApp
Reddit

Newark Mayor Arrested for Storming ICE Detention Center

May 9, 2025

2 min

Trump Tax Cuts Are in Big Trouble

May 9, 2025

2 min

WH considering Suspending Habeas Corpus for Illegal Migrants

May 9, 2025

2 min

Newark Controllers Lose Radar, Radio Contact Again

May 9, 2025

2 min

Ohio GOP Bucks Gov. DeWine, Endorses Vivek for Governor

May 9, 2025

3 min

India Offers to Cut Trade Tariff Gap with US by Two-Thirds

May 9, 2025

3 min

Feds to Photograph Everyone Exiting US by Car

May 9, 2025

2 min

Trump Picks Jeanine Pirro as Top Prosecutor in DC

May 9, 2025

2 min

New Pope Leo XIV Spent Years Retweeting Criticism of Trump Policies

May 9, 2025

3 min

Trump Floats Tax Hike for Millionaires

May 9, 2025

2 min

Spain’s Deputy PM Attacked in Broad Daylight by Knife-Wielding Man

May 9, 2025

2 min

Bidens Weigh $30 Million Tell-All Book Deal: Report

May 9, 2025

2 min

Trump to End $2.5 Billion ‘Digital Equity Act’ Passed by Biden

May 9, 2025

<1 min

RFK Jr.’s Ex-Running Mate Attacks Trump’s New Surgeon General Pick

May 9, 2025

2 min

Leo XIV Is the New Pope

May 8, 2025

5 min

Trump Considers Jeanine Pirro to Replace Ed Martin as Top DC Prosecutor

May 8, 2025

2 min

FBI Opens Criminal Investigation of Letitia James

May 8, 2025

2 min

Texas AG Paxton Announces Vote Fraud Charges Against 6 People

May 8, 2025

1 min

Trump Announces Trade Deal with UK

May 8, 2025

1 min

Pakistan ‘Kills’ 50 Indian Soldiers in Retaliation Strikes

May 8, 2025

4 min

  • Today's Fastrack
  • About
  • Contact
  • Policy & Terms
  • Recaptcha