As top Trump aides sent texts on Signal, flight data show a member of the group chat was in Russia
President Trump's Ukraine and Middle East envoy Steve Witkoff was in Moscow, where he met with Russian President Vladimir Putin, when he was included in a group chat with more than a dozen other top administration officials — and inadvertently, one journalist — on the messaging app Signal, a CBS News analysis of open-source flight information and Russian media reporting has revealed.
Witkoff arrived in Moscow shortly after noon local time on March 13, according to data from the flight tracking website FlightRadar24, and Russian state media broadcast video of his motorcade leaving Vnukovo International Airport shortly after. About 12 hours later, he was added to the "Houthi PC small group" chat on Signal, along with other top Trump administration officials, to discuss an imminent military operation against the Houthis in Yemen, according to The Atlantic magazine editor Jeffrey Goldberg, who was included on the chat for reasons that remain unclear.
Goldberg has not recounted Witkoff making any comments in the group chat until Saturday, after he left Russia and returned to the U.S., with a stop on Friday in Baku, Azerbaijan. Sources told CBS News on Wednesday that no device the senior envoy brought with him to Russia had Signal on it.
Speaking Wednesday during a briefing at the White House, press secretary Karoline Leavitt said Witkoff did not have his personal device or his government-issued phone with him in Moscow. She said he was given access to a "classified protected server by the United States government, and he was very careful about his communications when he was in Russia."
Russia has repeatedly tried to compromise Signal, a popular commercial messaging platform that many were shocked to learn senior Trump administration officials had used to discuss sensitive military planning.
It is unclear whether a phone issued to Witkoff by the U.S. government or a personal device was included in the Signal chat, but U.S. officials have been discouraged from using the messaging app on government devices, including by the Department of Defense.
Witkoff, in his own social media post Wednesday, said he "had no access to my personal devices until I returned from my trip."
"I only had with me a secure phone provided by the government for special circumstances when you travel to regions where you do not want your devices compromised," Witkoff said.
The White House has not answered CBS News' question about whether Witkoff's government-issued phone had on it the Signal account in question. During a congressional hearing Wednesday, Director of National Intelligence Tulsi Gabbard said "the Signal message app comes pre-installed on government devices."
On Tuesday, Leavitt criticized The Atlantic report, saying no "war plans" were discussed, and, without naming Signal, adding that the White House Counsel's Office had "provided guidance on a number of different platforms for President Trump's top officials to communicate as safely and efficiently as possible."
Two members of the group chat, Gabbard and CIA Director John Ratcliffe, appeared before the Senate Intelligence Committee for the pre-planned hearing on worldwide security threats that continued on Wednesday. Ratcliffe acknowledged Tuesday during the hearing that he was part of the chat.
U.S. lawmakers, both Democrats and Republicans, have questioned the use of the commercial communications platform for the conversation, which Goldberg revealed Monday in his own report for The Atlantic.
During the group discussion on Signal, Goldberg reported, Ratcliffe named an active CIA intelligence officer in the chat at 5:24 p.m. eastern time, which was just after midnight in Russia. Witkoff's flight did not leave Moscow until around 2 a.m. local time, and Sergei Markov, a former Putin advisor who is still close to the Russian president, said in a Telegram post that Witkoff and Putin were meeting in the Kremlin until 1:30 a.m.
Neither the Kremlin nor the White House have confirmed the timing of Witkoff's meeting with Putin.
Signal has a good reputation for security in part because it is built on open-source code and can therefore be inspected for vulnerabilities, Neil Ashdown, a consultant working on cybersecurity, told CBS News.
Ashdown said, however, that considering whether the platform is secure, "is to miss the crux of the problem, which is to question whether the use of that application in that environment to convey that level of information was in line with policies and processes, and if it wasn't, then that becomes an issue."
The Signal app offers end-to-end encryption, meaning messages sent on the platform cannot be read by anyone but the senders and receivers. That encryption is not impenetrable, however.
The Google Threat Intelligence Group warned just last month of "increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services."
Ukraine's top cyber defense agency warned just last week about targeted attacks prompting compromised Signal accounts to send malware to employees of defense industry firms and members of Ukraine's armed forces. The bulletin issued by Ukraine's Computer Emergency Response Team (CERT-UA) on March 18 indicates that attacks started this month, with Signal messages containing links to archived messages, masquerading as meeting reports. According to the memo, some of the messages were sent from existing contacts, increasing the likelihood of the phishing links being opened.
Some methods of hijacking smartphones don't even require direct access to the device, Jake Moore, a global cybersecurity advisor at the software and cybersecurity firm ESET, told CBS News.
One of the most well-known cyber threats to emerge in the last decade has been Pegasus, spyware developed by the Israeli firm NSO Group and purportedly used to target journalists and activists. Pegasus was designed to be remotely installed on mobile devices and can then take control of the camera, messaging apps, microphones, or even the screen itself without the user even knowing it has been installed, Moore explained.
While secure government communications channels exist for sensitive communications, Moore said in practice, the method chosen for such communication, "often comes down to the balance of convenience versus security."
While the risk is minimal to members of the public, he said "the more secure those conversations are, or the sensitivity of them is greater, you have to increase the inconvenience, because the security has to be paramount."
