獨家：駭客入侵特朗普助手使用的通訊應用程式，竊取廣泛的美國政府數據

Recently Yahoo News on-line picked up the following:

Exclusive-Hacker who breached communications app used by Trump aide stole data from across US government

Reuters -  AJ Vicens, Raphael Satter

Updated Wed, May 21, 2025 at 8:04 a.m. PDT·4 min read

WASHINGTON (Reuters) -A hacker who breached the communications service used by former Trump national security adviser Mike Waltz earlier this month intercepted messages from a broader swathe of American officials than has previously been reported, according to a Reuters review, potentially raising the stakes of a breach that has already drawn questions about data security in the Trump administration.

Reuters identified more than 60 unique government users of the messaging platform TeleMessage in a cache of leaked data provided by Distributed Denial of Secrets, a U.S. nonprofit whose stated mission is to archive hacked and leaked documents in the public interest. The trove included material from disaster responders, customs officials, several U.S. diplomatic staffers, at least one White House staffer and members of the Secret Service. The messages reviewed by Reuters covered a roughly day-long period of time ending on May 4, and many of them were fragmentary.

Once little known outside government and finance circles, TeleMessage drew media attention after an April 30 Reuters photograph showed Waltz checking TeleMessage's version of the privacy-focused app Signal during a cabinet meeting.

While Reuters could not verify the entire contents of the TeleMessage trove, in more than half a dozen cases the news agency was able to establish that the phone numbers in the leaked data were correctly attributed to their owners. One of the intercepted texts' recipients - an applicant for aid from the Federal Emergency Management Agency - confirmed to Reuters that the leaked message was authentic; a financial services firm whose messages were similarly intercepted also confirmed their authenticity.

Based on its limited review, Reuters uncovered nothing that seemed clearly sensitive and did not uncover chats by Waltz or other cabinet officials. Some chats did seem to bear on the travel plans of senior government officials. One Signal group, "POTUS | ROME-VATICAN | PRESS GC," appeared to pertain to the logistics of an event at the Vatican. Another appeared to discuss U.S. officials' trip to Jordan.

Reuters reached out to all the individuals it could identify seeking comment; some confirmed their identities but most didn't respond or referred questions to their respective agencies.

Reuters could not ascertain how TeleMessage had been used by each agency. The service - which takes versions of popular apps and allows their messages to be archived in line with government rules - has been suspended since May 5, when it went offline "out of an abundance of caution." TeleMessage's owner, the Portland, Oregon-based digital communications firm Smarsh, did not respond to requests for comments about the leaked data.

The White House said in a statement that it was "aware of the cyber security incident at Smarsh" but didn't offer comment on its use of the platform. The State Department didn't respond to messages. The Secret Service said TeleMessage products had been used "by a small subset of Secret Service employees" and that it was reviewing the situation. FEMA said in an email that it had "no evidence" that its information had been compromised. It didn't respond when sent copies of internal FEMA messages. A CBP spokesperson repeated a past statement noting that it had disabled TeleMessage and was investigating the breach.

 

METADATA RISK

Federal contracting data shows that State and DHS have had contracts with TeleMessage in recent years, as has the Centers for Disease Control. A CDC spokesperson told Reuters in an email Monday that the agency piloted the software in 2024 to assess its potential for records management requirements "but found it did not fit our needs." The status of the other contracts wasn't clear. A week after that hack, the U.S. cyber defense agency CISA recommended that users "discontinue use of the product" barring any mitigating instructions about how to use the app from Smarsh.

Jake Williams, a former National Security Agency cyber specialist, said that, even if the intercepted text messages were innocuous, the wealth of metadata - the who and when of the leaked conversations and chat groups - posed a counterintelligence risk.

"Even if you don't have the content, that is a top-tier intelligence access," said Williams, now vice president of research and development at cybersecurity firm Hunter Strategy.

Waltz's prior use of Signal created a public furor when he accidentally added a prominent journalist to a Signal chat where he and other Trump cabinet officials were discussing air raids on Yemen in real time. Soon after, Waltz was ousted from his job, although not from the administration: Trump said he was nominating Waltz to be the next U.S. ambassador to the United Nations.

The circumstances surrounding Waltz's use of TeleMessage haven't been publicly disclosed and neither he nor the White House has responded to questions about the matter.

(Reporting by Raphael Satter and AJ Vicens; Editing by Chris Sanders and Anna Driver)

Translation

獨家：駭客入侵特朗普助手使用的通訊應用程式，竊取廣泛的美國政府數據

華盛頓（路透社）- 據路透社報道，本月早些時候，一名黑客入侵了特朗普前國家安全顧問 Mike Waltz 使用的通訊服務，並截獲了比之前報道的更廣泛的美國官員的信息，這可能會加劇此次入侵事件的風險，而此次入侵事件已經引發了人們對特朗普政府數據安全的質疑。

路透社在美國非謀利組織Distributed Denial of Secrets 提供的洩漏據快取裡, 發現了超過 60 名使用訊息平台 TeleMessage 的政府用戶，該組織聲稱其使命是為公眾利益存檔被駭客入侵和洩露的文件。這些珍貴資料包括災難救援人員、海關官員、幾名美國外交人員、至少一名白宮工作人員和特勤局成員的資料。路透社審查的資訊涵蓋了截至 5 月 4 日大約一天的時間，其中許多都是零碎的。

TeleMessagen 在政府和金融圈外曾經是鮮為人知，但自從 4 月 30 日路透社拍攝的一張照片顯示Waltz 在內閣會議上查看 TeleMessage 的隱私應用版本 Signal 後，TeleMessage 便引起了媒體的關注。

儘管路透社無法核實 TeleMessage 資料的全部內容，但在超過六件案例中，該新聞機構能夠確定洩漏資料中的電話號碼確實屬於的所有者。其中一名被截獲簡訊的接收者 -  一位聯邦緊急事務管理局的援助申請人 - 向路透社證實，洩露的資訊是真實的；一家金融服務公司的資訊也遭到了類似的截取，並證實了其真實性。

根據路透社的有限查閱，沒有發現任何明顯敏感的內容，也沒有發現 Waltz 或其他內閣官員的聊天記錄。一些談話似乎確實與政府高級官員的旅行計劃有關。一個信號組 "POTUS | ROME-VATICAN | PRESS GC" 似乎與梵蒂岡活動的後勤工作有關。另一封郵件似乎在討論美國官員的約旦之旅。

路透社聯繫了所有能確認身份的個人去尋求評論；有些人證實了自己的身份，但大多數人沒有回應, 或將問題轉交給各自的機構。

路透社無法確定各機構如何使用 TeleMessage。該服務採用流行應用程式的版本，並允許根據政府規定去存檔其資訊。自 5 月 5 日「出於謹慎考慮」該服務離線了, 並一直處於暫停狀態。 TeleMessage 的所有者、位於俄勒岡州波特蘭的數位通訊公司 Smarsh 尚未回應洩漏資料的評論請求。

白宮在一份聲明中表示， “已知悉 Smarsh 的網路安全事件”，但未對該平台的使用發表評論。美國國務院沒有回覆訊息。特勤局表示，一小部分特勤局員工使用了 TeleMessage 產品，特勤局正在審視這種情況。聯邦緊急事務管理局 (FEMA) 在一封電子郵件中表示，「沒有證據」表明其資訊遭到洩露。它在收到 FEMA 內部消息副本時沒有回應。美國海關及邊境保護局(CBP)發言人重申了先前的聲明，指出已禁用 TeleMessage 並正在調查違規行為。

 元數據風險

聯邦合約數據顯示，國務院和國土安全部近年來與 TeleMessage 簽訂了合同，疾病管制中心也是如此。美國疾病管制與預防中心發言人週一在一封電子郵件中告訴路透社，該機構於 2024 年試用了該軟體，以評估其在記錄管理方面的潛力，「但發現它並不符合我們的需求」。其他合約的情況尚不清楚。在這次駭客攻擊發生一周後，美國網路防禦機構 CISA 建議用戶 “停止使用該產品”，除非 Smarsh 提供關於如何使用該應用程式的任何緩解說明。

前國家安全局網路專家 Jake Williams 表示，即使截獲的簡訊是無害的，但大量的元資料 - 洩露出對話和聊天群組的人物和時間 - 也構成了反間諜風險。

現任網路安全公司 Hunter Strategy 研發副總裁的 Williams 表示: 「即使你沒有內容，這也是一種頂級情報存取」。

Waltz 之前使用 Signal 時曾引起公眾軒然大波，當時他和其他特朗普內閣官員正在實時討論對也門的空襲時，不小心將一位著名記者添加到了 Signal 聊天中。此後不久，Waltz 被解職，但並未離開政府：特朗普表示，他提名Waltz 擔任下一任美國駐聯合國大使。

關於 Waltz 使用 TeleMessage 的情況尚未公開披露，他和白宮都沒有回應有關此事的問題。

So, a hacker who breached the communications service used by Mike Waltz earlier this month had intercepted messages from a larger number of American officials than had previously been reported, and potentially raising the stakes of a breach that had already drawn questions about data security in the Trump administration. Hackers are everywhere. Apparently, even if the intercepted text messages are innocuous, with a large among of  leaked metadata, information merely just about who and when of the conversations or who are in the chat groups can pose a counterintelligence risk.