We continue to get more details of Whiskey Pete Hegseth’s abysmal operational security.

Today, NYT revisited the issue of Pete Hegseth’s shoddy operational security, tracking all the other accounts he had registered under the phone number with which he used Signal.

Mr. Hegseth had a significant social media presence, a WhatsApp profile and a Facebook page, which he still has.

On Aug. 15, 2024, he used his personal phone number to join Sleeper.com, a fantasy football and sports betting site, using the username “PeteHegseth.” Less than two weeks later, a phone number associated with his wife, Jennifer, also joined the site. She was included in one of the two Signal chats about the strikes.

Mr. Hegseth also left other digital breadcrumbs, using his phone to register for Airbnb and Microsoft Teams, a video and communications program.

Mr. Hegseth’s number is also linked to an email address that is in turn linked to a Google Maps profile. Mr. Hegseth’s reviews on Google Maps include endorsements of a dentist (“The staff is amazing”), a plumber (“Fast, honest, and quality work”), a mural painter (“Painted 2 beautiful flags for us — spot on”) and other businesses. (Google Maps street view blurs out Mr. Hegseth’s former home.)

What they don’t say is the accessibility of his personal phone number could have made it easier to ID the IP address for the computer that (per the AP) Hegseth set up in his office so he could access Signal.

Defense Secretary Pete Hegseth had an internet connection that bypassed the Pentagon’s security protocols set up in his office to use the Signal messaging app on a personal computer, two people familiar with the line told The Associated Press.

The existence of the unsecured internet connection is the latest revelation about Hegseth’s use of the unclassified app and raises the possibility that sensitive defense information could have been put at risk of potential hacking or surveillance.

Known as a “dirty” internet line by the IT industry, it connects directly to the public internet where the user’s information and the websites accessed do not have the same security filters or protocols that the Pentagon’s secured connections maintain.

Other Pentagon offices have used them, particularly if there’s a need to monitor information or websites that would otherwise be blocked.

But the biggest advantage of using such a line is that the user would not show up as one of the many IP addresses assigned to the Defense Department — essentially the user is masked, according to a senior U.S. official familiar with military network security.

[snip]

Hegseth initially was going to the back area of his office where he could access Wi-Fi to use his devices, one of the people familiar said, and then he requested a line at his desk where he could use his own computer.

That meant at times there were three computers around his desk — a personal computer; another for classified information; and a third for sensitive defense information, both people said.

Because electronic devices are vulnerable to spying, no one is supposed to have them inside the defense secretary’s office. Important offices at the Pentagon have a cabinet or drawer where staff or visitors are required to leave devices.

But there’s a detail that remains unexplained, one which makes this more interesting.

In addition to the texts themselves, Jeffrey Goldberg provided a number of useful details about the Houthi PC small group thread.

He included the list of the 19 people who belonged to it when he left.

We see the Principals add people (and Mike Waltz add someone believed to be Stephen Miller) along the way.

Goldberg also included metadata showing Mike Waltz setting the disappearing messages. In addition, we see Marco Rubio adding a second account for himself, “MAR added MAR.”

Rubio might have done that if he had a second device.

Given that that was all public by March 26 — which was, itself, nine days after Goldberg dropped off the list — it raises questions about why, on both March 26 and March 28 (per a CIA filing in the American Oversight lawsuit), people were fiddling with administrative settings.

I understand that the Director’s personal Signal account was reviewed and a screenshot of the Signal Chat at issue was captured from the Director’s account on 31 March 2025, and transferred to Agency records systems the same day. I understand that the screenshot reflects the information available at the time the screenshot was captured, which I characterized as “residual administrative content” in my initial declaration. I used that terminology because the screenshot does not include substantive messages from the Signal chat; rather, it captures the name of the chat, “Houthi PC small group”, and reflects administrative notifications from 26 March and 28 March relating to changes in participants’ administrative settings in this group chat, such as profile names and message settings.

That is, the only thing left on John Ratcliffe’s personal cell phone when they went to archive messages covered by the Federal Records Act was a version of the screen shot above — with the name of the chat, the dates March 26 and 28, changes in message settings (perhaps Mike Waltz trying to undo the damage of his disappearing timeline), and changes in profile names.

It’s the last bit that is most interesting. It might reflect people, in addition to the 19, who were added after Goldberg dropped off, people who were even more problematic to be included in the chat than Jeffrey Goldberg. It shouldn’t reflect people changing their own screen names; at that point, after Goldberg published, there would be no point.

But there’s also something that remains unexplained, given the new information we have.

We know from the second of three DOD declarations in the same American Oversight lawsuit that someone — the passive voice is used — did a search of Whiskey Pete’s “mobile device,” whence the “available Signal application messages that are at issue in this case have been preserved.” We know from the third declaration that a search — possibly the only one — that was conducted (the passive voice is used again) on March 27, between the day of the first admin changes reflected on Ratcliffe’s personal phone, March 26, and the day of the second administrative changes, March 28.

What we don’t have, however, is any indication how Hegseth accessed Signal via two different devices, the personal cell that was searched (passive voice) and the desktop in his office hooked up to the dirty old Internet — that is, whether he had a second account, maybe called WarFightersLoveWhiskey or just Pete, or whether he did in fact use his publicly identifiable phone number on the desktop hooked up to the dirty old Internet. That’s actually one possible explanation for the changes on March 26 and 28.

Perhaps we could answer that question by searching the device in Whiskey Pete’s office for Federal Records Act compliance?

Or maybe, as I said, there was someone added in the nine days after Goldberg left.