President Trump’s Ukraine and Middle East envoy Steve Witkoff was in Moscow, where he met with Russian President Vladimir Putin, when he was included in a group chat with more than a dozen other top administration officials — and inadvertently, one journalist — on the messaging app Signal, a CBS News analysis of open-source flight information and Russian media reporting has revealed.
Russia has repeatedly tried to compromise Signal, a popular commercial messaging platform that many were shocked to learn senior Trump administration officials had used to discuss sensitive military planning.
Witkoff arrived in Moscow shortly after noon local time on March 13, according to data from the flight tracking website FlightRadar24, and Russian state media broadcast video of his motorcade leaving Vnukovo International Airport shortly after. About 12 hours later, he was added to the “Houthi PC small group” chat on Signal, along with other top Trump administration officials, to discuss an imminent military operation against the Houthis in Yemen, according to The Atlantic magazine editor Jeffrey Goldberg, who was included on the chat for reasons that remain unclear.
U.S. lawmakers, both Democrats and Republicans, have questioned the use of the commercial communications platform for the conversation, which Goldberg revealed Monday in his own report for The Atlantic.
The National Security Council told CBS News on Monday that the group chat “appears to be authentic.”
Goldberg has not recounted Witkoff making any comments in the group chat until Saturday, after he left Russia and returned to the U.S., with a stop on Friday in Baku, Azerbaijan. It is unclear whether a phone issued to Witkoff by the U.S. government or a personal device was included in the Signal chat, or whether he had the device with him in Russia, but U.S. officials have been discouraged from using the messaging app on government devices, including by the Department of Defense.
White House Press Secretary Karoline Leavitt criticized The Atlantic report on Tuesday, saying on X that no “war plans” were discussed, and, without naming Signal, adding that the White House Counsel’s Office had “provided guidance on a number of different platforms for President Trump’s top officials to communicate as safely and efficiently as possible.”
Two members of the group chat, Director of National Intelligence Tulsi Gabbard and CIA Director John Ratcliffe, appeared before the Senate Intelligence Committee on Tuesday for a pre-planned hearing on worldwide security threats. Ratcliffe acknowledged on Tuesday that he was part of the chat.
During the group discussion on Signal, Goldberg reported, Ratcliffe named an active CIA intelligence officer in the chat at 5:24 p.m. eastern time, which was just after midnight in Russia. Witkoff’s flight did not leave Moscow until around 2 a.m. local time, and Sergei Markov, a former Putin advisor who is still close to the Russian president, said in a Telegram post that Witkoff and Putin were meeting in the Kremlin until 1:30 a.m.
Neither the Kremlin nor the White House have confirmed the timing of Witkoff’s meeting with Putin. The White House did not immediately reply to CBS News’ questions about the meeting or whether Witkoff had his device at the Kremlin.
Evelyn Hockstein/AP
Signal has a good reputation for security in part because it is built on open-source code and can therefore be inspected for vulnerabilities, Neil Ashdown, a consultant working on cybersecurity, told CBS News.
Ashdown said, however, that considering whether the platform is secure, “is to miss the crux of the problem, which is to question whether the use of that application in that environment to convey that level of information was in line with policies and processes, and if it wasn’t, then that becomes an issue.”
The Signal app offers end-to-end encryption, meaning messages sent on the platform cannot be read by anyone but the senders and receivers. That encryption is not impenetrable, however, and the Google Threat Intelligence Group warned just last month of “increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia’s intelligence services.”
Ukraine’s top cyber defense agency warned just last week about targeted attacks prompting compromised Signal accounts to send malware to employees of defense industry firms and members of Ukraine’s armed forces. The bulletin issued by Ukraine’s Computer Emergency Response Team (CERT-UA) on March 18 indicates that attacks started this month, with Signal messages containing links to archived messages, masquerading as meeting reports. According to the memo, some of the messages were sent from existing contacts, increasing the likelihood of the phishing links being opened.
Some methods of hijacking smartphones don’t even even require direct access to the device, Jake Moore, a global cybersecurity advisor at the software and cybersecurity firm ESET, told CBS News.
One of the most well-known cyber threats to emerge in the last decade has been Pegasus, spyware developed by the Israeli firm NSO Group and purportedly used to target journalists and activists. Pegasus was designed to be remotely installed on mobile devices and can then take control of the camera, messaging apps, microphones, or even the screen itself without the user even knowing it has been installed, Moore explained.
While secure government communications channels exist for sensitive communications, Moore said in practice, the method chosen for such communication, “often comes down to the balance of convenience versus security.”
While the risk is minimal to members of the public, he said “the more secure those conversations are, or the sensitivity of them is greater, you have to increase the inconvenience, because the security has to be paramount.”
Nicole Sganga
contributed to this report.
