Analysis: From Signalgate to spyware — the undoing of American security

On any given day, the air above the White House hums with invisible traffic: hundreds of Wi-Fi networks, encrypted signals and stray radio frequencies. But in February 2025, something new appeared on the digital skyline: a network labeled ‘Starlink Guest’.

It was installed inside the White House complex. And it raised alarms for some government security experts.

Starlink, the satellite company owned by Elon Musk, operates the system. At the time of its installation, Musk had an office in the Eisenhower Executive Office Building next door.

This new commercial network, far less secure than the world-class government systems already in place at the White House, is just one in a string of developments that have complicated the U.S. national security landscape.

Drawing on dozens of high-level interviews with national security officials, cybersecurity experts and policymakers, WTOP National Security Correspondent J.J. Green takes a look at how the U.S. reached this point, where its defenses stand now and what the future could hold if these threats continue unchecked.

‘Starlink Guest’

John Bolton, who served as national security adviser in President Donald Trump’s first term, and has since become a harsh critic, called the installation “insane.”

In October of this current Trump administration, a grand jury indicted Bolton on charges related to mishandling classified information. Bolton has denied wrongdoing and said the charges are part of Trump’s effort to “intimidate his opponents.”

“There is absolutely no good reason to put an alternative system of communications into the White House complex,” Bolton told WTOP earlier this year. “None.”

WTOP asked the White House about the status of the system and did not get a response.

Former White House Chief Information Officer Theresa Payton described it as “a flashing red light” for anyone responsible for national communications security.

“My heart goes out to the White House technology team,” she said. “They’re battling sophisticated cyber threats daily. We cannot afford these repeated slipups. National security is at stake.”

U.S. adversaries, including China, Russia and Iran, have historically probed U.S. government systems for weaknesses. This may be an invitation too good to pass on. Joseph DeTrani, former U.S. Special Envoy to North Korea, said even Pyongyang’s hackers are likely eyeing the vulnerability.

“They’re using cyberattacks and other means to gather as much information as they can,” DeTrani said. “Unnecessary portals make it a lot easier.”

Bolton said he believes that once a new communications “pipe” is introduced inside the White House perimeter, it becomes a potential keyhole for foreign adversaries to peer into the heart of American power.

The hidden threat

In addition to the constantly evolving wave of external threats facing U.S. national security, an internal slipup, just one month after the Starlink installation, highlighted deep concerns about vulnerabilities.

The discovery in March that senior U.S. government officials had been using the encrypted messaging app Signal to conduct official business, instead of approved secure communication channels, triggered alarm.

The situation escalated when it was revealed that a journalist had been accidentally included in one of the Signal group chats discussing a sensitive U.S. military operation in Yemen.

Before that, the CEOs of America’s 10 largest telecommunications companies were summoned to the White House in October 2024 and given grim news.

The U.S. had suffered the largest hack of its telecom systems in history.

Sen. Mark Warner, vice chair of the Senate Intelligence Committee, said Chinese operatives had slipped inside American telecom and were able to inflict unprecedented damage to U.S. national security.

“The Chinese have been inside our telecom networks for over a year. They could literally listen to voice conversations, see who you’ve called and even read your texts,” Warner said.

But they weren’t just targeting the general public.

Cybersecurity expert James Lewis from the Center for Strategic and International Studies said the attackers had national leaders in their sights.

“They were getting communications from American security leaders and political figures, reading and listening as events unfolded,” he said.

The FBI confirmed the operation was a long-running Chinese espionage campaign. Assistant Special Agent in Charge Emily Odom said in an exclusive interview with WTOP that the ‘Salt Typhoon’ operation dated back to at least 2019.

Deepfakes and deception

By spring of 2025, the threat had evolved. High-ranking officials began receiving phone calls from someone who sounded exactly like White House Chief of Staff Susie Wiles.

Two months later, Secretary of State Marco Rubio was targeted in a similar attack.

“A senator called me and said, ‘Hey, did you just try to reach me?’ And even sent me a recording,” Rubio said.

Former national security adviser John Bolton said if Wiles’ communications were compromised, hackers had access to her entire network.

In June, a hacker group linked to Iran claimed to possess 100GB of stolen emails, including correspondence from Wiles. That group was believed to be among the leading suspects in the Wiles and Rubio impersonation cases.

But in September, the Secret Service revealed a more alarming development: an active espionage network operating inside the U.S. that is targeting senior U.S. government officials.

When the Secret Service uncovered the espionage operation in New York and New Jersey, it discovered hundreds of thousands of networked phones, which were part of a SIM farm capable of launching telecommunications attacks.

A SIM farm is a setup that houses large numbers of SIM cards, which are used in phones and other communications devices, in specialized hardware, allowing many mobile identities to be used concurrently from a single location.

While legitimate for tasks, such as large-scale device testing or IoT management, SIM farms are often abused for spam, fraud, location spoofing and covert surveillance — making them a growing concern for telecom operators and national security officials.

Matt McCool, special agent in charge of the Secret Service’s New York Field Office, said in a video statement that the network enabled “anonymous encrypted communications between potential threat actors and criminal enterprises, allowing them to operate undetected.”

“It could target anyone’s phone or device, including senior national security officials,” McCool said. “And not only capture cellphone calls or text information, but also transmit data invisibly.”

Don Mihalik, a retired senior Secret Service agent, said the system’s potential went even further.

“With AI recalibrating that information and sending it out with perhaps a different message, the consequences could be serious — even international.”

Matt O’Neill, former managing director of the Secret Service’s Global Cyber Investigative Operations, believes this was not an isolated case.

“I don’t think it’s an anomaly,” O’Neill said. “Without a doubt, there are farms like this across the United States.”

O’Neill, now co-founder of 5OH Consulting, said similar undisclosed operations have been identified in the Southwest, Southeast and parts of the Midwest.

“Some of them have never become public,” he said.

The question now facing investigators is whether these systems can be dismantled before they trigger a major national or international security incident.

Follow WTOP’s “National Insecurity” series on-air and on WTOP.com all week long for more analysis on the current state of U.S. national security threats and possible future threats. Stay in the loop with parts 2 and 3.

Get breaking news and daily headlines delivered to your email inbox by signing up here.

© 2025 WTOP. All Rights Reserved. This website is not intended for users located within the European Economic Area.