Steve Witkoff, President Trump’s envoy for Ukraine and the Middle East, was in Moscow meeting with Russian President Vladimir Putin when he was added to a group chat featuring over a dozen top administration officials—and inadvertently, one journalist—on the messaging app Signal, as revealed by a CBS News analysis of open-source flight data and Russian media sources.
Russia has consistently attempted to exploit Signal, a widely used commercial messaging platform that many found surprising to know was utilized by senior Trump administration officials for discussions about sensitive military operations.
Witkoff landed in Moscow just after noon local time on March 13, according to information from the flight tracking site FlightRadar24. Russian state media aired footage of his motorcade departing from Vnukovo International Airport shortly thereafter. Approximately 12 hours later, he was incorporated into the “Houthi PC small group” chat on Signal alongside other senior Trump administration figures to deliberate on an urgent military operation against the Houthis in Yemen, according to The Atlantic’s editor Jeffrey Goldberg, who was included in the chat under unclear circumstances.
U.S. lawmakers from both parties have raised concerns about using a commercial communications platform for such discussions, a detail Goldberg disclosed on Monday in his report for The Atlantic.
The National Security Council confirmed to CBS News on Monday that the group chat “appears to be authentic.”
Goldberg has noted that Witkoff didn’t contribute to the group chat until Saturday, after his return to the U.S., following a stop in Baku, Azerbaijan, on Friday. It’s unclear whether a device issued to Witkoff by the U.S. government or his personal phone was part of the Signal chat, or if he had the device with him in Russia, especially since U.S. officials have been advised against utilizing the app on government-issued devices, according to the Department of Defense.
White House Press Secretary Karoline Leavitt criticized The Atlantic report on Tuesday, stating on X that no “war plans” were discussed and, without mentioning Signal specifically, indicated that the White House Counsel’s Office had “provided guidance on various platforms for President Trump’s senior officials to communicate as securely and effectively as possible.”
Two participants from the group chat, Director of National Intelligence Tulsi Gabbard and CIA Director John Ratcliffe, recently addressed the Senate Intelligence Committee for a pre-planned hearing on global security threats. Ratcliffe confirmed on Tuesday that he was part of the chat.
During the Signal discussion, Goldberg reported that Ratcliffe named an active CIA intelligence officer at 5:24 p.m. Eastern time, shortly after midnight in Russia. Witkoff’s flight did not depart Moscow until around 2 a.m. local time, with Sergei Markov, a former advisor to Putin, claiming on Telegram that Witkoff and Putin were in a meeting in the Kremlin until 1:30 a.m.
Neither the Kremlin nor the White House have verified the timing of Witkoff’s meeting with Putin. The White House did not respond immediately to CBS News’ inquiries regarding the meeting or whether Witkoff had his device with him at the Kremlin.
Signal is regarded as secure partly due to its open-source code, allowing vulnerabilities to be scrutinized, Neil Ashdown, a cybersecurity consultant, told CBS News. However, Ashdown cautioned that focusing solely on the platform’s security overlooks the essential question of whether using this application in such a setting to convey sensitive information adhered to established policies and procedures; if it didn’t, then that raises concerns.
The Signal app utilizes end-to-end encryption, ensuring that messages sent through the platform are accessible only to the senders and receivers. Nevertheless, this encryption isn’t foolproof; the Google Threat Intelligence Group warned just last month of “increasing attempts from several state-aligned Russian threat actors to compromise Signal Messenger accounts of individuals pertinent to Russia’s intelligence services.”
Ukraine’s leading cyber defense agency issued a warning last week about targeted attacks that resulted in compromised Signal accounts sending malware to defense industry employees and members of Ukraine’s armed forces. A bulletin from Ukraine’s Computer Emergency Response Team (CERT-UA) on March 18 stated that these attacks commenced this month, with Signal messages containing links to archived messages disguised as meeting reports. Some messages were purportedly sent from existing contacts, heightening the chances of users clicking on the phishing links.
Some techniques for hijacking smartphones don’t even necessitate direct access to the device, Jake Moore, a global cybersecurity advisor at ESET, told CBS News.
One of the most notorious cybersecurity threats of recent years is Pegasus, spyware developed by the Israeli company NSO Group, which has been allegedly used to target journalists and activists. Pegasus can be remotely installed on mobile devices and can take control of the camera, messaging apps, microphones, or even the screen without the user ever being aware of its installation, Moore explained.
Although secure communication channels for sensitive matters exist, Moore stated that, in practice, the chosen communication method often balances convenience against security. While the risk to the public is minimal, he noted that “the more secure those conversations are, or the greater their sensitivity, the more inconvenience you may need to accept, as security must be the priority.”
