Defense Secretary Pete Hegseth’s personal phone number was publicly accessible online, raising concerns about national security. The number, revealed through platforms like WhatsApp and Facebook, was used in Signal chats to discuss sensitive military operations in Yemen. Cybersecurity experts warned that his phone could be targeted for espionage, with sophisticated spyware capable of breaching even encrypted apps. Hegseth’s use of personal devices for official communication, contrary to security protocols, increases risks to U.S. operations. Experts noted that foreign adversaries like China and Russia could exploit such vulnerabilities, emphasizing the importance of using secure government-issued devices.
Defense Secretary Pete Hegseth’s personal phone number, which was utilized in a recent Signal conversation, was readily available online and on public applications as of March, possibly compromising national security information to foreign threats.
The number was discoverable across various platforms, including WhatsApp, Facebook, and a fantasy sports website. It was the same number through which the defense secretary shared flight data regarding American assaults on the Houthi militia in Yemen, using the Signal messaging app.
Cybersecurity experts noted that a defense secretary’s communication device is typically one of the most safeguarded assets related to national security.
“There’s no doubt that someone has likely attempted to install Pegasus or various spyware on his phone,” stated Mike Casey, the former director of the National Counterintelligence and Security Center, during an interview. “He is likely in the top five most targeted individuals globally for espionage.”
Emily Harding, a defense and security analyst at the Center for Strategic and International Studies, remarked, “It’s critical that the secretary of defense’s phone number isn’t accessible to everyone.”
The Pentagon’s chief spokesperson, Sean Parnell, did not reply to requests for comments.
Mr. Hegseth’s use of Signal to share details on military strikes in Yemen was first highlighted last month when the editor of The Atlantic noted he had been inadvertently added to an encrypted chat among senior U.S. officials. The New York Times reported this week that Mr. Hegseth had shared sensitive strike information in a Signal group conversation he initiated, which included his wife and brother, among others.
Following the initial Signal chat regarding Yemen, Der Spiegel, a German news outlet, discovered the phone numbers of Mr. Hegseth and other senior officials from the Trump administration online.
Security experts indicated that Mr. Hegseth’s private mobile number being easily accessible via commercial contact information providers is not unexpected. Until Donald J. Trump, who was then president-elect, appointed him to lead the Pentagon, Mr. Hegseth was a private citizen, making the department a vast operation with nearly three million employees and $849 billion in funding.
Government officials frequently retain their personal cellphones upon entering office, as stated by several defense and security officials during interviews. However, they should refrain from using them for official duties, contrary to Mr. Hegseth’s actions.
Even junior government staff are instructed against utilizing personal mobile devices and laptops for work-related activities, according to current and former officials who spoke anonymously regarding sensitive topics.
This directive becomes even more critical for senior national security personnel, noted one former high-ranking Pentagon official.
Mr. Hegseth maintained a substantial social media presence, possessing a WhatsApp profile and a Facebook account that remain active.
On August 15, 2024, he registered on Sleeper.com, a fantasy football and sports betting site, using his personal phone number with the username “PeteHegseth.” Shortly after, a phone number linked to his wife, Jennifer, also joined the site, and she was part of one of the two Signal chats concerning the strikes.
Mr. Hegseth also left digital traces by using his phone to register for Airbnb and Microsoft Teams, a video communication application.
His number is additionally associated with an email address, which is linked to a Google Maps profile. Mr. Hegseth’s reviews on Google Maps include praises for a dentist (“The staff is amazing”), a plumber (“Fast, honest, and quality work”), a mural artist (“Painted 2 beautiful flags for us — spot on”), and other businesses. (Google Maps street view obscures Mr. Hegseth’s former residence.)
“Using your phone for daily tasks creates a highly visible digital trail that even a moderately savvy individual, much less a malicious actor, can trace,” remarked Glenn S. Gerstell, a former legal counsel for the National Security Agency.
In contrast, government-issued phones are significantly more secure due to their tough security measures meant to safeguard official communications.
By utilizing that same number on Signal to discuss exact deployment times of American fighter pilots for strikes in Yemen and other sensitive topics, Mr. Hegseth risked exposing himself and, potentially, the pilots to foreign adversaries who have shown capabilities to infiltrate the accounts of American officials, regardless of encryption, cybersecurity experts warned.
“Phone numbers are akin to street addresses indicating the location to target,” said James A. Lewis, a cybersecurity specialist. “Once you determine the address, you can reach the location, assess security measures, and ponder if you have the means to circumvent them.”
China and Russia, among others, possess those capabilities, according to several cybersecurity specialists.
Last year, a series of disclosures revealed how a sophisticated Chinese intelligence team, dubbed Salt Typhoon, managed to breach at least nine U.S. telecommunications firms. Investigative teams indicated that targets included the open and unencrypted phone lines utilized by Mr. Trump, Vice President JD Vance, and upper-level national security officials.
Mr. Gerstell mentioned he was unaware of Mr. Hegseth’s phone specifics or any potential attacks. However, personal phones generally present greater vulnerabilities than government-issued devices.
“With moderate difficulty, it’s possible for someone to covertly take control of a phone once they have the number, especially if the target clicks on something harmful,” Mr. Gerstell explained. “And when highly skilled bad actors are involved, like those from Russia or China, phones can be compromised without the user interacting with anything.”
Cybersecurity analysts reported that over 75 nations have acquired commercial spyware in the last decade. The most advanced spyware, such as Pegasus, utilizes “zero-click” technology, enabling stealthy and remote access to all information on a target’s mobile without user interaction. Such tools can convert a mobile into a tracking and secret recording device, effectively enabling surveillance on the owner.
Although Signal is an encrypted application and its security measures are considered strong for a commercial messaging service, malware that incorporates a key logger or keystroke capture could enable hackers or state actors to access content typed within an encrypted application, according to former officials.
In the context of Mr. Hegseth’s use of Signal to discuss Yemen strike strategies, spyware on his device could potentially monitor his typing or reading before he pressed “send,” as Signal encrypts content only during transmission and reception, security experts noted.
An individual acquainted with the Signal discussions mentioned that Mr. Hegseth’s aides cautioned him a day or two prior to the Yemen strikes on March 15 about not handling such sensitive operational details in his group chat. Although encrypted, that chat was not deemed as secure as government communication channels.
It remains uncertain how Mr. Hegseth reacted to these warnings.
Additionally, Mr. Hegseth had Signal configured on a computer within his Pentagon office, allowing him to send and receive messages in a space where personal mobile phones are prohibited, as per two informants familiar with the situation. He uses two computers in his office: one for personal tasks and one that is government-issued, as noted by one of the informants.
“I can assure you that Russia and China are monitoring the secretary of defense’s cellphone,” stated Representative Don Bacon, a Republican from Nebraska, who has suggested Mr. Hegseth’s dismissal, while speaking to CNN this week.
Christiaan Triebert reported from New York. Greg Jaffe in Washington contributed reporting and Sheelagh McNeill contributed research.