The so-called SIGNALGATE incident raises so many questions and offers so many avenues of analysis and critique that we may be missing some big picture issues that arise from the details. Permit me to suggest two:
First, what is the full extent of the damage caused by NSC Principals using Signal over the last three months and how do we prevent Chinese and Russian attacks on our devices and networks?
Salt Typhoon is the codename that the cyber security world uses to describe the largest espionage operation in recent history, the Chinese intelligence agency’s penetration of all of the major US telecoms companies’ networks. We the public, do not know the extent of the damage or the success of the telecoms companies’ attempts to evict the Chinese spyware, in part because an organization that was conducting a damage assessment was abolished by the Elon Musk led “efficiency” effort.
Although both the government and the telecoms companies have been secretive about the extent of the damage, what they have said indicates that China used their access to the telecoms providers to target the voice, e-mail, and text communications of government officials and prominent Americans. The penetrations went on for months unnoticed and may be continuing. It is likely that the Salt Typhoon attack targeted the personal and government issued devices of Secretary of Defense Hegseth, Secretary of State Rubio, National Security Advisor Waltz, National Intelligence Director Gabbard, and others with access to the most secret and sensitive information in the US government.
The unclassified mobile phones given to NSC Principals by their departments and agencies come loaded with security applications and are monitored for Indications of Compromise (IOCs), but Russian and Chinese intelligence have demonstrated the ability to circumvent even the best security tools, as in the well-known Solar Winds case of the Russian defeat of CrowdStrike security.
Given the capability of the Chinese operators, it is likely that they could have downloaded spyware from the compromised telecoms on to the targets’ personal devices. Once on the device, the spyware can read anything sent or received on Signal.
Even putting aside that massive Chinese attack on the networks, we know that private companies, such as the Israeli firm NSO, have been able to develop malware that has permitted attackers to plant spyware on end points, including both iPhones and Android devices. Indeed, there is a global black market in iPhone and Android “zero day” attack malware, with current prices running $5-7 million US. The world’s better intelligence agencies have also likely developed and utilized such capability.
This all leads to three unanswered questions that go beyond whatever compromise occurred regarding the attack on Yemen:
o What other classified subjects have the NSC Principals been chatting about on Signal?
o What has been the state of security of the devices, personal and government-issued, on which such chats have taken place? (Sen. Mark Warner has called on the FBI to seize and forensically examine the devices in question.)
o What is the overall damage assessment from the Salt Typhoon attack and what are the steps being taken to determine if the Chinese have been totally expelled from our telecoms companies, and to insure that such a massive breach does not take place again?
Republican Chairman of the Senate Armed Services Committee Roger Wicker has called for an DOD Inspector General investigation and report that would address some of these questions. Trump, however, fired the DOD Inspector General.
Second, what is the policy behind the attack on Yemen that was being discussed on Signal, does it make sense, and is it likely to succeed?
With all the focus on mobile phones, encryption, and the difference between “war plans” and “attack plans,” most commentary on Signalgate has missed the fact that what was being discussed in the now infamous group chat was a bombing campaign in Yemen. Most Americans likely have little or no understanding of why US warfighters were bombing Yemen, or that we have continued the bombing since that first strike discussed on Signal.
To protest Israel’s operations in Gaza, a faction that controls most of Yemen, known as the Houthis, has been attacking Israel with drones and missiles and also striking commercial shipping in the Red Sea. Iran has been supplying the Houthis with the missiles and other arms they have used in their attacks.
The US and eight NATO countries have been protecting the commercial shipping. The US and UK have also bombed Yemen to preempt and deter such attacks. President Biden ordered dozens of strikes in 2024, including the use of cruise missiles, fighter-bombers, drones, and B-2 bombers.
The Yemenis stopped their attacks when the Gaza cease-fire went into effect. Assuming the Houthi’s attacks would be reinitiated following Israel’s ending of the cease-fire, the Trump Administration launched a large scale, series of preemptive attacks on Yemen. The first of those attacks was what the NSC Principals were discussing in the PC Small Group chat.
What is new about the Trump administration’s attacks on Yemen, as contrasted with Biden’s, is that the targets went beyond missile launchers and other military targets. The US attacked Houthi leadership facilities and civilian homes in which Intelligence believed key individuals might be present. In particular, they targeted a leader of the Houthi’s missile programs. Trump’s attacks also involved more simultaneously hit targets and a multi-day, sustained strike.
The Congress and the American people should be asking what is the end game here?
o Why are we doing it?
o How do we judge success?
o What is it that we think the bombing will accomplish?
o How long must the bombing go on?
o And, importantly, what are the rules of engagement and collateral damage guidelines regarding striking civilian homes and non-military facilities?
As a candidate, Trump campaigned to end “forever wars.” Yet, he has started a major military campaign without a speech to Congress or to the American people. Administration officials have talked about the need to protect Israel, to ensure freedom of navigation, and to counter malign Iranian influence in the region. All of those sound like worthy motivations, but how much each one matters to the Administration and how they intend to achieve them is unclear.
Although the Administration has not clearly disclosed its plan, it may be attempting the kind of “decapitation “strategy that Israel has used in Gaza and Lebanon, seeking to kill the leaders and then their replacements until the organization becomes ineffective. Such a strategy requires excellent intelligence, sustained bombing, and patience.
The decapitation of the de facto government of much of the country should also involve its replacement.
There are other factions in Yemen, some backed by Saudi Arabia and the United Arab Emirates, eager to replace the Houthis, but regional and tribal politics probably requires a government of national unity for there to be peace. Such a government could only come about as a result of a negotiation among the Yemenis, brokered by outsiders, such as the country’s Arab neighbors. Past attempts at peace talks and power sharing have failed, as have earlier attempts to destroy the Houthis by force. A major Saudi-UAE bombing campaign and ground force intervention attempted a decade ago failed to dislodge the Houthis and unite the country under one coalition government. Indeed, although the Obama Administration initially supported the Saudi-UAE intervention militarily and diplomatically, it eventually pressured the two sides to stop because their significant efforts had failed to defeat the Houthi faction and were causing extensive civilian casualties.
All of these questions and background are not meant to suggest that the Trump policy on Yemen is inappropriate. It may or may not be. Since we do not know the answers to some basic questions about what we are doing in Yemen, it is hard to judge. However, while the Congress and media are asking detailed questions about the Signal messaging application, they may also want to inquire as to why the United States military has been directed to kill people in Yemen. Those answers may be equally as important as who loaded Jeffrey Goldberg’s Signal account on Mike Waltz’s iPhone.
Richard Clarke served for thirty years in national security roles in the US government, including ten years in the White House under three presidents. He is the CEO of Good Harbor Security Risk Management. (richardaclarke.net)
