Share this article on:
Powered by MOMENTUMMEDIA
Breaking news and updates daily.
The Trump administration’s national security adviser has once again been caught out for poor security practices after it was reported that he was using his own Gmail account for government discussions.
According to a report by The Washington Post, which cited three anonymous government officials and government documents, an aide to US national security adviser Mike Waltz used a consumer Gmail for “highly technical conversations with colleagues at other government agencies involving sensitive military positions and powerful weapons systems relating to an ongoing conflict”.
Additionally, Waltz himself received “less sensitive, but potentially exploitable information” such as work documents and schedules to his own private Gmail account.
Gmail accounts are frequently targeted by threat actors, nation-state or otherwise, who use phishing attacks, malware, account compromise and more. As a result, the government officials cited by The Washington Post noted the handling of the data by Waltz and his aid as “problematic”.
During the 2020 election, security researchers discovered that Chinese threat actors were targeting the personal emails of Joe Biden’s presidential campaign staff, while the year before, Trump’s 2020 presidential election campaign staff were being targeted by Iran state-sponsored threat actors.
Waltz’s latest alleged security mishap closely follows last month’s leak of sensitive Yemen strike plans by himself and a handful of other senior Trump administration national security staff after Waltz accidentally added editor-in-chief of The Atlantic Jeffrey Goldberg to a Signal chat.
Goldberg said he was sent a connection request by a user going by “Michael Waltz”, who then added him to a group chat called the “Houthi PC small group”, where details of the strikes were discussed.
Members of the group included US Vice President JD Vance, Secretary of Defence Pete Hegseth, Secretary of State Marco Rubio, and Director of National Intelligence Tulsi Gabbard.
National security lawyers speaking with Goldberg said that US officials should not be creating Signal threads at all and that national security matters should be discussed in a sensitive compartmented information facility, or SCIF, something most high-ranking national security officials have in their own homes. The only alternative would be to use government equipment for communication.
Additionally, Goldberg noted that SCIFs do not allow mobile phones, suggesting the operation was discussed in a public space.
“Had they lost their phones, or had they been stolen, the potential risk to national security would have been severe,” Goldberg said.
Furthermore, Goldberg noted that the messages were set to disappear after either a week or four weeks, which may be a violation of federal records law as communications about official acts are required to be preserved.
Be the first to hear the latest developments in the cyber industry.