The Israeli company behind the modified Signal app used by the Trump administration has been hacked.

TeleMessage’s backend panel was accessed using credentials found in intercepted data. The hacker exposed archived messages and contact info for U.S. officials.

The hack reveals that archived chat logs are not end-to-end encrypted between the modified messaging app and the final archive destination controlled by the TeleMessage customer.

Commenting on the Israeli modification of Signal adopted by the US government, signalapp told 404media that “We cannot guarantee the privacy or security properties of unofficial versions of Signal.”

https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/

>>22996152

https://x.com/wikileaks/status/1919359727030374651

—

The Signal Clone the Trump Admin Uses Was Hacked

A hacker has breached and stolen customer data from TeleMessage, an obscure Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages, 404 Media has learned. The data stolen by the hacker contains the contents of some direct messages and group chats sent using its Signal clone, as well as modified versions of WhatsApp, Telegram, and WeChat. TeleMessage was recently the center of a wave of media coverage after Mike Waltz accidentally revealed he used the tool in a cabinet meeting with President Trump.

The hack shows that an app gathering messages of the highest ranking officials in the government—Waltz’s chats on the app include recipients that appear to be Marco Rubio, Tulsi Gabbard, and JD Vance—contained serious vulnerabilities that allowed a hacker to trivially access the archived chats of some people who used the same tool. The hacker has not obtained the messages of cabinet members, Waltz, and people he spoke to, but the hack shows that the archived chat logs are not end-to-end encrypted between the modified version of the messaging app and the ultimate archive destination controlled by the TeleMessage customer.

Data related to Customs and Border Protection (CBP), the cryptocurrency giant Coinbase, and other financial institutions are included in the hacked material, according to screenshots of messages and backend systems obtained by 404 Media.

💡

Do you know anything else about TeleMessage? I would love to hear from you. Using a non-work device, you can message me securely on Signal at signalaccount.05 or send me an email at joseph@404media.co.

The breach is hugely significant not just for those individual customers, but also for the U.S. government more widely. On Thursday, 404 Media was first to report that at the time U.S. National Security Advisor Waltz accidentally revealed he was using TeleMessage’s modified version of Signal during the cabinet meeting. The use of that tool raised questions about what classification of information was being discussed across the app and how that data was being secured, and came after revelations top U.S. officials were using Signal to discuss active combat operations.

The hacker did not access all messages stored or collected by TeleMessage, but could have likely accessed more data if they decided to, underscoring the extreme risk posed by taking ordinarily secure end-to-end encrypted messaging apps such as Signal and adding an extra archiving feature to them.

“I would say the whole process took about 15-20 minutes,” the hacker said, describing how they broke into TeleMessage’s systems. “It wasn’t much effort at all.” 404 Media does not know the identity of the hacker, but has verified aspects of the material they have anonymously provided.

>>22996166

A SCREENSHOT PROVIDED BY THE HACKER. REDACTIONS BY 404 MEDIA.

The data includes apparent message contents; the names and contact information for government officials; usernames and passwords for TeleMessage’s backend panel; and indications of what agencies and companies might be TeleMessage customers. The data is not representative of all of TeleMessage’s customers or the sorts of messages it covers; instead, it is snapshots of data passing through TeleMessage’s servers at a point in time. The hacker was able to login to the TeleMessage backend panel using the usernames and passwords found in these snapshots.

A message sent to a group chat called “Upstanding Citizens Brigade” included in the hacked data says its “source type” is “Signal,” indicating it came from TeleMessage’s modified version of the messaging app. The message itself was a link to this tweet posted on Sunday which is a clip of an NBC Meet the Press interview with President Trump about his memecoin. The hacked data includes phone numbers that were part of the group chat.

One hacked message was sent to a group chat apparently associated with the crypto firm Galaxy Digital. One message said, “need 7 dems to get to 60.. would be very close” to the “GD Macro” group. Another message said, “Just spoke to a D staffer on the senate side - 2 cosponsors (Alsobrooks and gillibrand) did not sign the opposition letter so they think the bill still has a good chance of passage the senate with 5 more Ds supporting it.”

Cover for The 404 Media Podcast

Play

The 404 Media Podcast

Meta's AI Chatbots Are a Disaster

00:00:00

Forward 15 secondsBack 15 seconds

SHARESUBSCRIBEDESCRIPTIONMegaphone wordmark

IN THIS PLAYLIST

1 EPISODES

This means a hacker was able to steal what appears to be active, timely discussion about the efforts behind passing a hugely important and controversial cryptocurrency bill; Saturday, Democratic lawmakers published a letter explaining they would oppose it. Bill cosponsors Maryland Sen. Angela Alsobrooks and New York Sen. Kirsten Gillibrand did not sign that letter.

One screenshot of the hacker’s access to a TeleMessage panel lists the names, phone numbers, and email addresses of CBP officials. The screenshot says “select 0 of 747,” indicating that there may be that many CBP officials included in the data. A similar screenshot shows the contact information of current and former Coinbase employees.

Another screenshot obtained by 404 Media mentions Scotiabank. Financial institutions might turn to a tool like TeleMessage to comply with regulations around keeping copies of business communications. Governments have legal requirements to preserve messages in a similar way.

>>22996170

Another screenshot indicates that the Intelligence Branch of the Washington D.C. Metropolitan Police may be using the tool.

A SCREENSHOT PROVIDED BY THE HACKER. REDACTIONS BY 404 MEDIA.

The hacker was able to access data that the app captured intermittently for debugging purposes, and would not have been able to capture every single message or piece of data that passes through TeleMessage’s service. However, the sample data they captured did contain fragments of live, unencrypted data passing through TeleMessage’s production server on their way to getting archived.

404 Media verified the hacked data in various ways. First, 404 Media phoned some of the numbers listed as belonging to CBP officials. In one case, a person who answered said their name was the same as the one included in the hacked data, then confirmed their affiliation with CBP when asked. The voicemail message for another number included the name of an alleged CBP official included in the data.

404 Media ran several phone numbers that appeared to be associated with employees at crypto firms Coinbase and Galaxy through a search tool called OSINT Industries, which confirmed that these phone numbers belonged to people who worked for these companies.

The server that the hacker compromised is hosted on Amazon AWS’s cloud infrastructure in Northern Virginia. By reviewing the source code of TeleMessage’s modified Signal app for Android, 404 Media confirmed that the app sends message data to this endpoint. 404 Media also made an HTTP request to this server to confirm that it is online.

TeleMessage came to the fore after a Reuters photographer took a photo in which Waltz was using his mobile phone. Zooming in on that photo revealed he was using a modified version of Signal made by TeleMessage. The photograph came around a month after The Atlantic reported that top U.S. officials were using Signal to message one another about military operations. As part of that, Waltz accidentally added the editor-in-chief of the publication to the Signal group chat.

TeleMessage offers governments and companies a way to archive messages from end-to-end encrypted messaging apps such as Signal and WhatsApp. TeleMessage does this by making modified versions of those apps that send copies of messages to a remote server. A video from TeleMessage posted to YouTube claims that its app keeps “intact the Signal security and end-to-end encryption when communicating with other Signal users.”

“The only difference is the TeleMessage version captures all incoming and outgoing Signal messages for archiving purposes,” the video continues.

It is not true that an archiving solution properly preserves the security offered by an end-to-end encrypted messaging app such as Signal. Ordinarily, only someone sending a Signal message and their intended recipient will be able to read the contents of the message. TeleMessage essentially adds a third party to that conversation by sending copies of those messages somewhere else for storage. If not stored securely, those copies could in turn be susceptible to monitoring or falling into the wrong hands.

>>22996176

That theoretical risk has now become very real.

A Signal spokesperson previously told 404 Media in email “We cannot guarantee the privacy or security properties of unofficial versions of Signal.”

White House deputy press secretary Anna Kelly previously told NBC News in an email: “As we have said many times, Signal is an approved app for government use and is loaded on government phones.”

The hacker told 404 Media that they targeted TeleMessage because they were “just curious how secure it was.” They did not want to disclose the issue to the company directly because they believed the company might “try their best to cover it up.”

“If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it’s been vulnerable?” the hacker said.

404 Media is not explaining in detail how the hacker managed to obtain this data in case others may try to exploit the same vulnerability.

According to public procurement records, TeleMessage has contracts with a range of U.S. government agencies, including the State Department and Centers for Disease Control and Prevention.

Guy Levit, CEO of TeleMessage, directed a request for comment to a press representative of Smarsh, TeleMessage’s parent company. That representative did not immediately respond to an email or voicemail.

Recently, after the wave of media coverage about Waltz’s use of the tool, TeleMessage wiped its website. Before then it contained details on the services it offers, what its apps were capable of, and in some cases direct downloads for the archiving apps themselves.

A Coinbase spokesperson told 404 Media in an email “We are aware of reports that a third party communications tool widely used across the tech, banking, and other industries for archival and trade surveillance purposes has been breached. We are closely following these reports and assessing their impact on Coinbase. At this time, there is no evidence any sensitive Coinbase customer information was accessed or that any customer accounts are at risk, since Coinbase does not use this tool to share passwords, seed phrases, or other data needed to access accounts.”

Neither CBP, Scotiabank, Galaxy Digital, nor Washington D.C. Metropolitan Police responded to a request for comment.

https://archive.ph/E7XFt

>>22996177

https://m3.gab.com/media_attachments/80/29/ff/8029ffbdc59284d0c456fa5a9e8f00e2.png?width=568

The Terrifying Way Scammers Clone Your Voice to Defraud Your Family

Artificial intelligence has added a new layer of subterfuge to spoofing, extending its reach and worsening its effect on victims.

https://www.theepochtimes.com/article/the-terrifying-way-scammers-clone-your-voice-to-defraud-your-family-5849310?utm_source=gab&utm_medium=Social&utm_campaign=etgab

Denmark Introduces World-First Deepfake Ban, Raising Alarms Over Free Speech

https://reclaimthenet.org/denmark-proposes-deepfake-ban

CDM CLIPS: Brandon Weichert - Trump's Going To Lose A Carrier

https://armedforces.press/cdm-clips-brandon-weichert-trumps-going-to-lose-a-carrier/

OpenAI Drops For-Profit Plans in Major Victory for Elon Musk https://www.thegatewaypundit.com/2025/05/openai-drops-profit-plans-major-victory-elon-musk/

Hegseth directs 20% cut to top military leadership positions

https://www.militarytimes.com/breaking-news/2025/05/05/hegseth-directs-20-cut-to-top-military-leadership-positions/?utm_source=sailthru&utm_medium=email&utm_campaign=air-dnr

Controversial military personnel nominee faces Senate panel this week

https://www.militarytimes.com/news/pentagon-congress/2025/05/05/controversial-military-personnel-nominee-faces-senate-panel-this-week/?utm_source=sailthru&utm_medium=email&utm_campaign=air-dnr

Trump requests $892.6 billion base defense budget, a real-terms cut

https://www.defensenews.com/congress/2025/05/02/trump-requests-8926-billion-base-defense-budget-a-real-terms-cut/?utm_source=sailthru&utm_medium=email&utm_campaign=air-dnr

VA shifts survivors assistance office in effort to speed up benefits

https://www.militarytimes.com/veterans/2025/05/05/va-shifts-survivors-assistance-office-in-effort-to-speed-up-benefits/?utm_source=sailthru&utm_medium=email&utm_campaign=air-dnr

Defense Department designates second military zone on southern border

https://www.militarytimes.com/news/pentagon-congress/2025/05/02/defense-department-designates-second-military-zone-on-southern-border/?utm_source=sailthru&utm_medium=email&utm_campaign=air-dnr

Russian glide bombs pound Kiev’s troops (VIDEOS) — RT Russia & Former Soviet Union

https://www.rt.com/russia/616798-glide-bombs-kherson-kharkov/?utm_source=Newsletter&utm_medium=Email&utm_campaign=Email

Western Memory of WWII is basically fan fiction — RT World News

https://www.rt.com/news/616817-western-memory-of-wwii/?utm_source=Newsletter&utm_medium=Email&utm_campaign=Email

NEW: FAA Releases Urgent Statement After United Grounds Flights Amid Alarming Newark Airport Radar Outage https://www.thegatewaypundit.com/2025/05/new-faa-releases-urgent-statement-after-united-grounds/

When Republicans Fought Abuse of Power

https://foreignpolicy.com/2025/05/05/republicans-mccarthyism-senate-censure-abuse-power/

Reuters wins Pulitzer for China's Fentanyl GENOCIDE of America investigation | Reuters

https://www.reuters.com/world/china/reuters-wins-pulitzer-investigation-fentanyl-trade-2025-05-05/

BREAKING VIDEO - MASSIVE fire burning after Israeli air strikes in retaliation for Houthi attack https://therightscoop.com/breaking-video-massive-fire-burning-after-israeli-air-strikes-in-retaliation-for-houthi-attack/

Julie Kelly 🇺🇸

@Julie_kelly2

NEW: Sens Grassley and Johnson widen their inquiry into the lawfare against Pres Trump.

Both have asked NARA—a key dirty player in classified documents case—for comms btw Biden WH, DOJ, and NARA related to 2 criminal investigations into Trump under Biden regime.

>>22996541

DHS Announces Historic Travel Assistance and Stipend for Voluntary Self-Deportation

Release Date: May 5, 2025

https://www.dhs.gov/news/2025/05/05/dhs-announces-historic-travel-assistance-and-stipend-voluntary-self-deportation

The Enemy Within

Cartels, crime rings and U.S. cannabis.

Todd Harrison

May 05, 2025

∙ Paid

https://toddharrison.substack.com/p/the-enemy-within?publication_id=99621&post_id=162691779&isFreemail=true&r=x2iu&triedRedirect=true

Civilization Jihad Is Here: How the Muslim Brotherhood Is Winning Without Firing a Shot:

Undercover Investigator Exposé (Video) https://rairfoundation.com/civilization-jihad-is-here-how-muslim-brotherhood-is/

https://x.com/paulsperry_/status/1919537187726487749

Another Hoax Goes Up in Smoke: MSNBC Forced to Issue Retraction Live On-Air After Guest Floats Bogus Claim About Kash Patel (VIDEO) https://www.thegatewaypundit.com/2025/05/another-hoax-goes-up-smoke-msnbc-forced-issue/

https://m3.gab.com/media_attachments/ab/76/16/ab761638b32b0e60e91ad1b8992580a9.png?width=568