[Cryptography] Signal chat fallout.
Douglas Lucas
dal at riseup.net
Fri Mar 28 00:14:24 EDT 2025
At the risk of continuing the off-topic -- although it does fit with the
cryptography-adjacent topic of psuedonyms/handles -- I'd like to point
out that nominative determinism, aptronyms, and the magic of nams has
long been a storied part of history, and could have multiple causes.
E.g., ancient Greek famed advocate of democracy being named Democritus
when Demos- meant "people" and -kratos "rule." More recently, as George
Carlin pointed out, George Bush versus Colin Powell/Dick Cheney
("someone got fucked in the a--"), or more heroically, whistleblower
Reality Winner, who wins at what really matters. While some such
instances could be the result of moustache-twirlers consulting Ouiji
boards in cigar-smoky rooms, it could also simply be the accumulation of
subtle (so-called "subconscious") effects and the tendency of the many,
many (but thankfully decreasing number of) people deeply uncomfortable
with psuedonyms, nicknames, etc; i.e., their tendency to assign excess
value to a person's "single, true" name and to relate to someone on that
basis, rather than just treat a name as a variable sign for an
invariable reference, possibly one that says as much or more about the
parents' choices and personalities than the particular named person's.
Between the polarization of "secret moustache-twirlers determine all
history" and "no secret moustache-twirlers exist, trust your television"
is the multifactorial complexity and fun of life.
Speaking of the Signal chat, there was some coverage claiming it is
possible to "verify" screen names (or whatever they're called) on
Signal, to link them at least to a(n apparent) phone number. Perhaps it
was sloppily stated, but my understanding of Signal is that, any number
can claim to be any name, though I suppose if you actually knew
$Politican's phone number, and that number came up when you pressed the
Signal nym claiming to be $Politician, it would add a lot of credibility
that the chat was real. (For the surface story, of course. It seems
quite possibly not an oopsident to me as well; there's some reporting in
NYT that about a week prior to all this, Waltz was on the outs with the
Trump2 admin, so he was probably a loose cannon, which bolsters the idea
it was intentional on at least his part.)
Douglas
On 2025-03-27 18:56, Roland Ionas Bialke wrote:
> Next to "stupid people doing stupid thing" are red herings, produced
> storytelling and ribbings!
>
> F.E. in the last 12 years in the US there is a ribbing game going on
> with the name of the running mate/vice president. Basically there is
> nothing serious behind it, but just powerful people and politicans,
> from different partys, having fun together in the stressful everyday
> business day.
>
> Look at the names of the running mates JD Vance and TJ Waltz of 2024!
> When you exchange one letter it is JD Dance and DJ Waltz. And this is
> one change away in each name to DJ Dance and DJ Walz. Basically both
> sponsored by the same enterprise Blackrock/Blackston. It is nearly
> interchangable.
>
> Another example of a ribbing: One of Donald Trumps friends is Dana
> White, who is/was strongly involved with UFC. (A promotion where
> people are fighting in a 8-sided cage called Octagon.) I thought Dana
> was a female name. So Donald Trump named a speaker for the Pentagon.
> This was a women with the name Dana White. Funny, Pentagon-Octagon and
> the same name.
>
> Another example was the nomination of Mike Pence as running mate. Do
> you know the exact date? It was really nearby the date where the
> Brexit was announced. Do you get it? Mike for microphone and Pence for
> the small unit of brittish currency. Another example was the
> nomination of Kamala Harris as running mate of Joe Biden. One of the
> biggest uplifters of Donald Trump was Linda McMahon. And she and his
> husband promoted a big match "Undertaker vs. Kamala" at on of the
> Wrestlemania's. In August 2020 Kamala died. His name was Jim Harris.
> The role of the other wrestler was a walking dead man. (Funny homage
> and joke!) Kamala Harris was nominated as running mate in August 2020.
>
> Do you remember when Donald Trump said "Make Amerika Great Again" the
> first time? It was a homage for Dusty "The American Dream" Rhodes. It
> was said by Donald Trump exactly on the day the death of Dusty Rhodes
> was published. He said it the first time to CNN: "The American Dream
> is dead, but..." and then the MAGA line. It was pushed by CNN heavy.
> Ted Turner, longtime owner of CNN was the owner of one of the biggest
> wrestling promotions, Dusty Rhodes worked and booked for.
>
> -
>
> But what is my point?
>
> For somw people it is possible to say and write something with a
> regular text and a sub text. And if you do it well it is not sounding
> cryptic... Basically your initial rant is wrong. You can communicate
> public (in plain sight) and still communicate private. This is no new
> stuff! I guess Satoshi Nakamoto did this in his name. And trust me -
> this harmless thing with the chat +1 is not sinister. It is produced
> (produced in an entertainment meaning). There is a lot of other evil
> stuff going on. Do you remember the ukrainian pregnant women in the
> bombed child hospital 2 or 3 years ago? Do you remember the TM Crooks
> thing? I could trademark this crooked stuff.
>
> Short:
>
> Just talk on the phone! It is understood. No FUD!
>
> Sorry, for my bad english - I am a german native speaker.
>
> Have fun,
>
> Roland Ionas Bialke
>
> OHO SATANIST AMOK
> Ray Dillinger schrieb am 27.03.2025 02:41 (GMT +01:00):
>
>> I have told people time and again that nothing happening on a cell
>> phone
>> should be considered private. Cell phones, regardless of how good
>> an
>> individual piece of software on them may be, leak like mesh bags
>> full of
>> loose shit and unless completely redesigned from the ground up
>> absolutely have no place in any security infrastructure. There are
>> a
>> lot of reasons for this, from malevolent apps to Stingrays to
>> whatever
>> else. But the biggest reason is that if you use a device to do
>> insecure
>> things, you want it to be quick and convenient and free of checks
>> and
>> stumbling blocks, and you want to be able to configure it for your
>> convenience. Such a device rapidly becomes a device which you
>> cannot
>> trust to do secure things. You want it to carry out your commands
>> rather than refuse them for security reasons, and when you're doing
>> insecure things you tend to give a lot of commands and make a lot of
>>
>> configurations which are not suitable for a secure device.
>>
>> It's possible, and tremendously easy, for ordinary people to screw
>> up
>> their phones in ways that make them insecure. Insecurity is the
>> default
>> condition of all cell phones. And when you have screwed up,
>> everything
>> appearing on the screen of their phone, or in front of its cameras
>> or
>> microphones, is available to attackers. In the case of powerful
>> officials in national governments, it's even worse. There are
>> entire
>> teams of very sharp people with access to tools and secrets, in
>> multiple
>> countries trying to induce or take advantage of any such screwup.
>> If
>> you're a high official in a government, you have to treat your phone
>> as
>> a completely public device that cannot be trusted to hold any secret
>> for
>> anybody. Whatever's on it, is most likely known to whatever
>> adversary cares.
>>
>> And now, because of a colossal screwup, we have word about American
>> officials (Vice President JD Vance, Secretary of Defense Pete
>> Hegseth,
>> CIA director John Ratcliffe, Director of National Intelligence Tulsi
>>
>> Gabbard, National Security Adviser Mike Waltz, Secretary of State
>> Marco
>> Rubio, and others, ALL OF WHOM KNOW, PROFESSIONALLY, THAT PHONES
>> LEAK
>> LIKE MESH BAGS FILLED WITH DIARRHEA) discussing plans for bombing
>> the
>> Houthi in Yemen, in real time, on their damn phones!
>>
>> I can hardly count the number of fundamental mistakes required to
>> even
>> reach the point of using a Signal chat to discuss these things on
>> cell
>> phones, but all those mistakes were made. Mike Waltz apparently
>> made an
>> *ADDITIONAL* mistake and added Jeffrey Goldberg, an editor-in-chief
>> of
>> The Atlantic Magazine, into a private group that, two weeks later,
>> had
>> the discussion in question. This mistake, like most of the rest,
>> should
>> not have been possible. In a system set up for secure
>> communications,
>> the contact information available would not have included Goldberg,
>> nor
>> anyone else whose security information had not been vetted. There
>> would
>> have been one person authorized to add people to the contact list,
>> and
>> several other people whose job would be vetting each person's
>> security
>> clearance with respect to the subject matter before opening the
>> communication.
>>
>> Additionally, the use of an e2e app which automatically deletes
>> messages
>> (one of Signal's features) for government business appears to be a
>> violation of the US Federal Records act. Any discussion of
>> government
>> business in text is a federal record, and the Federal Records Act
>> requires that it must be preserved, giving subsequent office holders
>> and
>> officials at least some insight into what their predecessors
>> committed
>> to, or were promised, and why and when and by whom. And also
>> preserving
>> information in case it needs to be researched and/or investigated.
>> Nothing in a phone prevents this from being deleted. This is yet
>> another reason why cell phones as we understand them are not capable
>> of
>> being used for government business (and cynically speaking, likely
>> part
>> of the motivation for using them - these are people with guilty
>> consciences who want to avoid scrutiny). And who is responsible for
>>
>> seeing that the National Records act is observed? Why, the National
>>
>> Archivist - Marco Rubio, who is also the Secretary of State, who was
>>
>> actually on the chat violating the National Records act!
>>
>> The messaging app involved was 'Signal' - an encrypted
>> communications
>> app that does e2e encryption. If such an app works perfectly, only
>> someone who can see the screen of your phone will know what is being
>>
>> said. See above about phone operating systems and attackers being
>> able
>> to see what's on the screen of your phone from the middle of a
>> different
>> continent. But 'Signal' was not working perfectly. On February 25,
>> the
>> NSA had sent an urgent bulletin to all of its employees warning of
>> multiple vulnerabilities in Signal being taken advantage of in the
>> wild.
>> On March 18, a week before this disaster, chat, the Pentagon had
>> issued
>> a special bulletin on how Russian hackers exploit signal. That seems
>>
>> like the sort of thing that the National Security Adviser and the
>> Secretary of Defense, both of whom were on the chat, damn well ought
>> to
>> have been fully aware of.
>>
>> I'm a bit salty about this, because it goes so far beyond left/right
>>
>> politics. This is a piece of sheer towering incompetence,
>> lawbreaking,
>> and just plain bad faith, on the part of effectively everybody
>> involved
>> except one person.
>>
>> That Person? The only person on that chat who was not violating
>> law,
>> professional ethics, sworn oaths, and duty to his country? Jeff
>> Goldberg. Honest to God he's literally the ONLY person there who
>> wasn't
>> breaking the law.
>>
>> 'Scuse my rant, but ... these are the supposed professionals, right
>> at
>> the very top of the people who have the greatest need for security,
>> with
>> all the resources the US government has to provide security, and
>> they
>> have not a single CLUE about security. How the hell can I convince
>> ANYONE to take security seriously, if these clowns don't?
>>
>> Bear
>>
>> _______________________________________________
>> The cryptography mailing list
>> cryptography at metzdowd.com
>> https://www.metzdowd.com/mailman/listinfo/cryptography
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> https://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cryptography
mailing list