Defense Secretary Pete Hegseth’s personal phone number is the one used in recent signal chats, which in recent March has been easily accessible on the internet and public applications, which could make the national security secrets reveal to foreign opponents.
Phone numbers can be found in many places, including WhatsApp, Facebook and Fantasy Sports websites. The Secretary of Defense used a signal commercial message application to disclose the same figures of flight data from the U.S. strike against the Huti militia in Yemen.
Cybersecurity analysts say the U.S. Secretary of Defense’s communications equipment is often one of the most protected national security assets.
“The zero percent chance of not trying to install other spyware on your phone,” Mike Casey, a former director of the National Center for Counterintelligence and Security, said in an interview. “He is one of the top five of the most targeted populations in the world.”
“You just don’t want the Secretary of Defense’s phone number there and to use it to anyone,” added Emily Harding, a defense and security expert at the Center for Strategic and International Studies.
Pentagon chief spokesman Sean Parnell did not respond to a request for comment.
Last month, when the Atlantic editor wrote an article, Mr. Heggs used signals to convey details of Yemen’s military strike that apparently happened to join encrypted chats between senior U.S. government officials. The New York Times reported this week that Mr. Heggs provided sensitive information about the strike in the signal group chat he established, including his wife and brother.
The first signal chat about Yemen was released shortly after the German news publication was released in March, German news publication Der Spiegel found the phone numbers of Mr. Heggss and other senior Trump officials on the internet.
It is no surprise that Mr. Hegses’ private cell phone number can be easily obtained through a commercial contact provider, security experts say. After all, Mr. Heggs was a private citizen until then-President-elect Donald J. Trump announced that he wanted the former National Guard and Fox News Weekend Host to run the Pentagon, a $849 million business with nearly 3 million employees.
Several defense and security officials said in an interview that it is now routine for government officials to keep their personal cell phones when they enter the office. But they should not use them for formal business like Mr. Heggs did.
Current and former government officials say even lower-level government workers have been instructed not to use their personal cell phones and laptops for work-related matters, and they have anonymously discussed sensitive information.
For national security officials, the directive is even more important.
Mr. Hegseth has a significant social media profile, WhatsApp profile and Facebook page, which he still has.
On August 15, 2024, he joined the fantasy football and sports betting website Sleeper.com using his personal phone number, using the username “Petehegseth”. Less than two weeks later, phone numbers related to his wife Jennifer were also added to the site. She was included in one of two signal chats about the strike.
Mr. Hegseth also left other digital breadcrumbs and used his phone to register Airbnb and Microsoft Teams, a video and communications program.
Mr. Heggs’ phone number is also linked to an email address that in turn is linked to the Google Maps configuration file. Mr. Heggs’ comments on Google Maps include recognition of dentists (“The staff is great”), plumbers (“Fast, honest and high-quality work”), mural painters (“Taked 2 beautiful flags for us – 2 beautiful flags for us”) and other businesses. (Google Maps Street View blurs Mr. Hegseth’s ex.)
“If you only use your phone for normal daily activities, you’ll leave a high, highly visible digital pathway that even a medium-mature person, let alone evil actors can follow.”
Government phones, by contrast, are safer because they are equipped with strict government controls designed to protect official communications.
Security experts say that in discussing the exact time when American fighter pilots will strike in Yemen and other sensitive incidents, Mr. Heggs opened himself to foreign opponents – possibly pilots – that they have proven they were able to violate their narrative of American officials, which is not blocked.
“The phone number is like a street address telling you what house you are breaking into,” said James A. Lewis, a cybersecurity expert. “Once you get the street address, you can get to the house, there may be a lock on the door, and then ask yourself, ‘Do I have a tool to bypass or break the lock?'”
Several cybersecurity experts say China and Russia do the same, and Iran may do it, too.
Last year, a series of revelations showed how a mature Chinese intelligence group called Salt Typhoon penetrated into at least nine U.S. telecom companies. Among the targets are Mr. Trump, Vice President JD Vance and the commercial, unencrypted telephone lines used by the top national security officials, investigators said.
Mr. Gestel said he did not know whether Mr. Heggs’ phone number or whether he was attacked. However, individual phones are often more vulnerable to injury than government-issued phones.
“It’s possible that for someone’s numbers, assuming you click on some malicious numbers, it’s possible to get someone to take over the phone in a secret way,” Mr. Gustel said. “When a really mature bad guy, like Russia or China, gets involved, you can infect the phone even if you don’t click anything.”
Cybersecurity experts say that over the past decade, more than 75 countries have acquired commercial spyware. The most complex spyware tools, such as Pegasus, have a “zero-click” technology, which means they can sneakily extract everything from the target’s phone without the user clicking a malicious link to access remotely for Pegasus. They can turn their phones into tracking and secret recording devices, allowing them to monitor their owners.
Signal is an encrypted application whose commercial messaging services are considered very good for security. However, malware that has a key logger or keystroke capture code installed on your phone will allow hackers or country status to read what someone typed on the phone, even in an encrypted app.
Cybersecurity experts say that if Mr. Heggs uses signals to discuss Yemen strike plans, spyware on his phone may see what he is typing or reading before hitting “send” because the signal is encrypted at the moment of sending and receiving.
A familiar with the signal conversation said Mr. Heggs’ assistant warned him for a day or two before the March 15 strike, without discussing such sensitive operational details in his group chat. Although the chat is encrypted, it is not as secure as the government channels.
It is not clear how Mr. Heggs responded to these warnings.
Mr. Heggs also set up signals on a computer in the Pentagon office so that he can send and receive instant messages in a space where his personal cell phone is not allowed, according to two people familiar with the matter. One person who knows the matter said that his office has two computers, one for personal use and the other issued by the government.
“I promise Russia and China are all over the cell phone ministers,” said Don Bacon, a Republican representative in Nebraska.
Christiaan Triebert Reported from New York. Greg Jaffe Washington contributed reports and Sheelagh McNeill Contributed to the research.
