27th Marine Regiment (Rein), FMF
1st Marine Division (Rein), FMF
FPO, San Francisco, California 96602
From: Commanding Officer
To: Commanding General, 1st Marine Division (Rein)
Subj. Command Chronology, April 2025
Ref: (a) DivO 5750.2B
CLASSIFIED
OPSEC25--Signalgate--
Command Chronology Classified
DISTRIBUTION: "Special": S&C (2); Div (8)
PART I ORGANIZATIONAL DATA
PART II NARRATIVE SUMMARY
PART III CHRONOLOGY OF SIGNIFICANT EVENTS
PART IV SEQUENTIAL LISTING OF SIGNIFICANT ASPECTS
PART V CIVIL AFFAIRS
PART VI. SUPPORTING DOCUMENTS AFTER ACTION REPORT
PART I ORGANIZATIONAL DATA
1. Signal Group Chat:
a. Vice President JD Vance, Secretary of Defense Pete Hegseth, Secretary of State Marco Rubio, National Security Advisor Michael Waltz, Director of National Intelligence Tulsi Gabbard, White House Chief of Staff Susie Wiles, Deputy White House Chief of Staff Stephen Miller, U.S. Special Envoy to the Middle East Steve Witkoff.
b. National Security Advisor Waltz mistakenly added journalist Jeffrey Goldberg (The Atlantic) due to a contact list error.
2. Congressional Hearings and Participants
a. Senate Armed Services Committee: Chair: Roger Wicker (R-MS);
Ranking Member: Jack Reed (D-RI).
b. Senate Foreign Relations Committee: Member: Chris Murphy (D-CT).
c. Senate Intelligence Committee: Ranking Member: Mark Warner (D-VA).
d. Notable Senators: Richard Blumenthal (D-CT); John Cornyn (R-TX); Chuck Schumer (D-NY).
3. Witnesses
a. CIA Director John Ratcliffe; DNI Tulsi Gabbard; Pentagon officials (unspecified).
PART II NARRATIVE SUMMARY
1. The Signal group chat compromise (dubbed Signalgate) emerged as a major national security scandal in March 2025 after sensitive discussions about U.S. military operations against Yemen's Houthi rebels were inadvertently exposed. National Security Advisor Michael Waltz accidentally added Jeffrey Goldberg, editor-in-chief of The Atlantic, to a Signal group chat titled "Houthi PC small group."
2. Key events and revelations
a. Leaked content: Secretary of Defense Pete Hegseth shared operational details of impending airstrikes, including aircraft types, missile specifications, attack timelines, and post-strike assessments.
b. CIA Director John Ratcliffe mentioned an undercover officer’s name, while Vance and Hegseth disparaged European allies.
c. Security failures: The Pentagon attributed Waltz’s error to a contact list mix-up (Goldberg’s number was saved under NSC spokesman Brian Hughes’ name).
d. Subsequent reporting revealed Waltz’s team routinely used Signal for official coordination on Ukraine, China, Gaza, and other sensitive matters.
3. Broader vulnerabilities
a. Hegseth participated in a separate "Defense ' Team Huddle" chat with family members and non-cleared individuals, discussing strike timelines.
b. NSC members conducted government business via personal Gmail accounts and shared schedules over Signal.
c. Private contact details and passwords for officials were discoverable online, and Waltz’s public Venmo account revealed NSC staff connections.
4. Official responses
a. The administration insisted no classified information was shared, with Trump stating, “It wasn’t classified.”
b. Security experts countered that operational details like attack timing and methods should have been classified, regardless of technical classification status.
c. A Pentagon investigation confirmed the contact error but downplayed security risks, while watchdog groups sued to preserve chat records under federal law.
5. Implications
a. The leak exposed systemic misuse of encrypted platforms for sensitive discussions, circumventing federal record-keeping laws and creating vulnerabilities for adversaries.
b. Debates centered on whether this reflected negligence or intentional efforts to evade oversight.
PART III CHRONOLOGY OF SIGNIFICANT EVENTS
1. March 11–15, 2025:
a. The "Houthi PC small group" Signal chat is active, involving U.S. national security leaders planning military strikes against Houthi targets in Yemen.
2. March 13 (Thursday):
a. At 4:28 p.m. EDT, Jeffrey Goldberg (editor-in-chief of The Atlantic) is mistakenly added to the Signal group by Waltz, who had saved Goldberg’s contact under NSC spokesman Brian Hughes’ name.
b. The group is configured to auto-delete messages after one to four weeks.
3. March 14 (Friday):
a. Policy discussions begin at 8:05 a.m. EDT, focusing on strike strategies and coordination among senior officials.
4. March 15 (Saturday):
a. Hegseth shares classified operational details, including aircraft types (F-18s, MQ-9 drones), missile systems (Tomahawks), and exact strike timelines (1:45 p.m. EDT explosions).
b. Goldberg confirms strikes via social media reports from Sanaa, Yemen, after seeing real-time updates in the chat.
c. Participants exchange congratulatory messages post-strike, including emojis and praise for Hegseth’s team.
5. March 16 (Sunday):
a. Goldberg exits the chat, triggering a notification to members. He later contacts Waltz and others for clarification.
6. March 24:
a. Goldberg publishes a partially redacted transcript in The Atlantic, verified by NSC spokesman Brian Hughes.
b. The administration disputes claims of classified material being shared.
7. March 25-30:
a. The Atlantic releases the full transcript, omitting only the name of an undercover CIA officer.
b. Senate and House intelligence committees hold hearings on the leak.
c. The Atlantic publishes a second article with the unredacted March 15 chat log.
d. Der Spiegel reports discovering private contact details and passwords of group members online, including Hegseth and Waltz.
e. Wired reveals Waltz’s public Venmo account, linked to NSC staffers, raising security concerns.
f. The Wall Street Journal reports Waltz hosted additional Signal chats on Somalia and Ukraine.
8. April 2025:
a. The Washington Post reveals NSC members, including Waltz, used personal Gmail accounts for government business.
b. Politico details Waltz’s use of Signal for official work on Ukraine, China, and Middle East policy.
c. Reports emerge that Hegseth shared strike details in a separate Signal group (“Defense ' Team Huddle”) with family members and others.
PART IV SEQUENTIAL LISTING OF TECHNICAL ASPECTS
1. Platform Selection
a. Signal was used despite being a publicly available encrypted messaging app not approved for classified government communications.
b. Its end-to-end encryption theoretically protects message content but doesn't prevent screen captures or unauthorized device access.
2. Group Configuration
a. Auto-delete settings: Messages were configured to automatically erase after 1-4 weeks, raising concerns about federal records preservation violations.
b. Group membership: Included 18 participants (later expanded in other chats), mixing senior officials with non-cleared individuals.
3. Security Vulnerabilities
a. Device risks: Use of personal phones (vs. government-issued devices) created exposure to hacking, especially given Russia's active attempts to compromise Signal.
b. Authentication flaws: National Security Advisor Mike Waltz accidentally added a journalist due to contact list mismanagement.
c. Account linkages: Publicly visible Venmo connections and exposed passwords/contact details created secondary attack vectors.
4. Information Shared
a. Operational specifics: Defense Secretary Pete Hegseth disclosed exact strike times ("1215 ET: F-18s LAUNCH"), weapon systems (MQ-9 drones), and target locations in real time.
b. Classified references: Included the name of an undercover CIA officer and sensitive diplomatic discussions.
5. Technical Oversights
a. BYOD (Bring Your Own Device): Officials like Tulsi Gabbard refused to disclose whether they used personal or government phones during congressional hearings.
b. Cross-platform leakage: NSC members copied schedules into Signal and used personal Gmail accounts for government business.
6. Secondary Chats
a. A separate "Defense Team Huddle" group included Hegseth's family members and shared strike windows via the same unsecured platform.
7. Exploit Potential
a. Security experts warned that physical access to any member's phone could enable real-time message monitoring through Signal's linked device feature.
b. This technical profile highlights systemic failures in secure communication protocols within high-level national security operations.
PART V CIVIL AFFAIRS
1. Legal Implications
a. Espionage Act Violations:
(1) Experts argue that sharing classified operational details (e.g., strike timing, weapon systems) via Signal—an unapproved platform—could violate the Espionage Act.
(2) Legal analysts note such disclosures might meet the criteria for "unauthorized removal of classified documents."
b. Federal Records Act Compliance:
(1) The chat was configured to auto-delete messages, potentially breaching laws requiring preservation of official communications. This mirrors criticisms faced by Hillary Clinton’s email practices, with Trump officials now accused of similar hypocrisy.
c. Unauthorized Disclosure:
(1) Including journalist Jeffrey Goldberg in the chat, even inadvertently, risks violating laws against sharing classified information with unauthorized individuals.
2. Political Fallout
a. Hypocrisy Allegations:
(1) Officials like Defense Secretary Pete Hegseth, who previously criticized Clinton’s email use, faced accusations of double standards. Democrats highlighted this contrast.
b. Congressional Scrutiny:
(1) Senate and House Intelligence Committees held hearings to investigate the leak. Senators demanded full transparency, with Mark Warner (D-VA) challenging officials to release unredacted transcripts.
c. International Trust Erosion:
(1) Allies like Canada’s Prime Minister Mark Carney expressed concerns over compromised intelligence-sharing trust, particularly among Five Eyes partners.
3. Operational Security Risks
a. Troop Endangerment:
(1) Experts warned that leaked details (e.g., missile types, strike timelines) could jeopardize missions and personnel.
(2) Such disclosures, if made by service members, would typically result in court-martial.
b. Platform Vulnerabilities:
(1) The National Security Agency had previously warned about Signal’s potential compromise, raising questions about the administration’s choice of communication tools.
4. Administrative Response
a. White House Review:
(1) The administration initiated a review of Signal’s use, with officials noting its widespread adoption might soon end.
b. Deflections and Denials: Hegseth denied sharing "war plans," while the White House insisted no classified material was disclosed. Legal experts dismissed these claims as "political spin."
c. Internal Accountability:
(1) National Security Advisor Mike Waltz took responsibility for mistakenly adding Goldberg, citing a contact list error.
5. Public and Military Sentiment
a. Service Member Criticism:
(1) Military personnel expressed frustration over leadership’s lax security practices, contrasting them with strict standards enforced for lower-ranking troops.
PART VI. SUPPORTING DOCUMENTS AFTER ACTION REPORT
After Action Report
Department of Defense
Washington, D.C.
Date: [Insert Date]
MEMORANDUM FOR
TO: Secretary of Defense, Chairman of the Joint Chiefs of Staff, Senate Armed Services Committee
FROM: [Insert Investigating Authority/Office]
SUBJECT: After Action Report – Signal Group Chat Compromise (Operation Signalgate)
I. General Information
a. Incident Date Range: March 11–15, 2025 (initial compromise); full disclosure March 24–25, 2025.
b. Location: Signal messaging platform (unauthorized for classified communications).
c. Key Participants: National Security Advisor Mike Waltz, Secretary of Defense Pete Hegseth, CIA Director John Ratcliffe, Vice President JD Vance, and others.
d. Compromised Data: Operational details of imminent airstrikes in Yemen (aircraft types, missile systems, launch timings).
e. Identity of an undercover CIA officer.
f. Contemptuous remarks about European allies.
II. Summary of Events
a. Initial Breach:
(1) National Security Advisor Waltz erroneously added The Atlantic editor Jeffrey Goldberg to a Signal group chat, mistaking his contact for NSC spokesman Brian Hughes.
b. Group chat configured for automatic message deletion (1–4 weeks), violating federal records retention laws.
c. Security Lapses:
(1) Secretary Hegseth disclosed strike details to a secondary Signal group including family members and non-cleared individuals.
(2) Use of unencrypted personal Gmail accounts and Venmo for official coordination.
a. Public Disclosure:
(1) Full chat transcript published by The Atlantic, revealing classified-equivalent operational security (OPSEC) details.
(2) Subsequent leaks exposed additional Signal chats discussing Somalia, Ukraine, and Middle East policy.
III. Lessons Learned
a. SUSTAIN
(1) Issue: Cross-agency coordination via encrypted platforms.
(2) Discussion: Signal facilitated rapid communication but lacked safeguards for classified material.
(3) Recommendation: Retain encrypted tools for unclassified coordination but mandate compliance with records laws and OPSEC training.
b. CRITICAL FAILURE
(1) Issue: Unauthorized disclosure of classified-equivalent information.
(2) Discussion: Details shared in chats met criteria for classification but were not properly marked, leading to spillage.
(3) Recommendation: Enforce pre-delegation classification authority for all operational planning discussions.
IV. Recommendations
a. Immediate Actions:
(1) Suspend use of Signal for all national security communications pending review.
(2) Audit all personal devices and accounts (Venmo, Gmail) used by NSC staff.
b. Long-Term Measures:
(1) Establish an OPSEC training office per the Operational Security Act of 2025.
(2) Standardize AAR protocols for cybersecurity incidents using military templates (e.g., Part I–III frameworks from Sample AAR 1).
c. Accountability:
(1) Administrative action against personnel who violated communications policies.
(1) Criminal referrals if Espionage Act violations are confirmed.
Data: Perplexity AI
Image: https://www.navifor.usff.navy.mil/opsec/
Report prepared by: JCL, Pvt. USMC (212xxxx-2533) Radio Communications, 27th Regt. Landing Team (RLT) HQ, Duong Son 2, RVN (AT998678).
JTF-SB 2025
3/LRC/cr1/5750
CMCC NR _____3______
Ser. No. 040-25
COPY _1__ OF __10__COPIES
April 2025
End of Report
CLASSIFIED