WASHINGTON (AP) — Defense Secretary Pete Hegseth had an internet connection that bypassed the Pentagon’s security protocols set up in his office to use the Signal messaging app on a personal computer, two people familiar with the line told The Associated Press.
The existence of the unsecured internet connection is the latest revelation about Hegseth’s use of the unclassified app and raises the possibility that sensitive defense information could have been put at risk of potential hacking or surveillance.
Known as a “dirty” internet line by the IT industry, it connects directly to the public internet where the user’s information and the websites accessed do not have the same security filters or protocols that the Pentagon’s secured connections maintain.
Other Pentagon offices have used them, particularly if there’s a need to monitor information or websites that would otherwise be blocked.
But the biggest advantage of using such a line is that the user would not show up as one of the many IP addresses assigned to the Defense Department — essentially the user is masked, according to a senior U.S. official familiar with military network security.
But it also can expose users to hacking and surveillance. A “dirty” line — just like any public internet connection — also may lack the recordkeeping compliance required by federal law, the official said.
All three spoke on condition of anonymity to discuss a sensitive matter.
A ‘dirty’ internet line to use Signal
The two people familiar with the line said Hegseth had it set up in his office to use the Signal app, which has become a flashpoint following revelations that he posted sensitive details about a military airstrike in two chats that each had more than a dozen people. One of the chats included his wife and brother, while the other included President Donald Trump’s top national security officials.
Asked about Hegseth’s use of Signal in his office, which was first reported by The Washington Post, chief Pentagon spokesman Sean Parnell said the defense secretary’s “use of communications systems and channels is classified.”
“However, we can confirm that the Secretary has never used and does not currently use Signal on his government computer,” Parnell said in a statement.
It’s the latest revelation to shake the Pentagon. Besides facing questions from both Democrats and Republicans about his handling of sensitive information, Hegseth has dismissed or transferred multiple close advisers, tightly narrowing his inner circle and adding to the turmoil following the firings of several senior military officers in recent months.
Trump and other administration officials have given Hegseth their full support. They have blamed employees they say were disgruntled for leaking information to journalists, with Trump saying this week: “It’s just fake news. They just bring up stories.”
“I have 100% confidence in the secretary,” Vice President JD Vance told reporters Wednesday about Hegseth. ”I know the president does and, really, the entire team does.”
Secure ways to communicate at the Pentagon
The Pentagon has a variety of secure ways that enable Hegseth and other military leaders to communicate:
— The Non-classified Internet Protocol Router Network can handle the lowest levels of sensitive information. It allows some access to the internet but is firewalled and has levels of cybersecurity that a “dirty” line does not. It cannot handle information labeled as secret.
— The Secure Internet Protocol Router Network is used for secret-level classified information.
— The Joint Worldwide Intelligence Communications System is for top-secret and secret compartmentalized information, which is some of the highest levels of secrecy, also known as TS/SCI.
Hegseth initially was going to the back area of his office where he could access Wi-Fi to use his devices, one of the people familiar said, and then he requested a line at his desk where he could use his own computer.
That meant at times there were three computers around his desk — a personal computer; another for classified information; and a third for sensitive defense information, both people said.
Because electronic devices are vulnerable to spying, no one is supposed to have them inside the defense secretary’s office. Important offices at the Pentagon have a cabinet or drawer where staff or visitors are required to leave devices.
Fallout over Signal
Signal is a commercially available app that is not authorized to be used for sensitive or classified information. It’s encrypted, but can be hacked.
While Signal offers more protections than standard text messaging, it’s no guarantee of security. Officials also must ensure their hardware and connections are secure, said Theresa Payton, White House chief information officer under President George W. Bush and now CEO of Fortalice Solutions, a cybersecurity firm.
The communications of senior government officials are of keen interest to adversaries like Russia or China, Payton said.
The National Security Agency issued a warning earlier this year about concerns that foreign hackers could try to target government officials using Signal. Google also advised caution about Russia-aligned hackers targeting Signal users.
Hegseth’s Signal use is under investigation by the Defense Department’s acting inspector general at the request of the bipartisan leadership of the Senate Armed Services Committee.
Hegseth pulled the information about the strike on Yemen’s Houthi militants last month from a secure communications channel used by U.S. Central Command. He has vehemently denied he posted “war plans” or classified information.
But the information Hegseth did post in chats — exact launch times and bomb drop times — would have been classified and could have put service members at risk, multiple current and former military and defense officials have said. The airstrike information was sent before the pilots had launched or safely returned from their mission.
___
AP reporter David Klepper in Washington contributed to this report.