GoKawiilA data exposure at Dialog, the private events group cofounded by Peter Thiel, exposed personal information of multiple US national security personnel. These include an intelligence official on the National Security Council (NSC) and an active-duty intelligence officer supporting sensitive military operations, WIRED has learned. The Pentagon is now examining the matter.
Personal information about intelligence and military personnel is among the data most sought by foreign intelligence services, which use it to identify, surveil, and approach US operatives abroad and at home. For active-duty officers and the units they support, the exposure can add operational risks.
The White House asked WIRED to not name the NSC official on national security grounds but otherwise declined to comment about the exposure.
The Dialog exposure, which evidence shows was enabled by a misconfigured website, included the private information and login tokens of 222 Dialog event registrants, including current and former senior military and national security officials from the United States and its allies.
Among them are the NSC official, whose role includes advising President Donald Trump and the national security adviser on sensitive intelligence programs, and a person identified in the records as an active-duty intelligence officer embedded with a “Tier 1” special operations unit.
According to the records, neither has a prior history with Dialog; both were invited and registered as new participants for the group’s retreat this August outside Dublin, Ireland.
Dialog has internally characterized the exposure as a “cyberattack,” but WIRED found that the files appear to have been exposed because of a misconfiguration in the group’s own website. Anyone could create an account with an email address, log in, and access the files simply by loading a landing page for the group’s app. The discovery began with a tip first received by a Swiss DJ and cybersecurity researcher, maia arson crimew. How long the records were accessible, and who else may have obtained them, remains unclear.
Federal prosecutors indicted crimew in 2021 on hacking-related charges, but she has not been arrested or convicted of a crime and has not faced subsequent charges. In 2023, she discovered a copy of the US government’s No Fly List on an unsecured server and made it available to some journalists alongside a technical write-up.
Outside counsel for Dialog issued a letter over the weekend saying the data was “stolen” and demanding WIRED turn over its copy of the data. WIRED declined. Dialog did not respond to questions submitted for this story.
Dialog’s file on the NSC intelligence official, a former CIA officer, includes at least two dozen personal details and survey responses and is similar to its dossiers on tech founders, actors, journalists, and hedge fund managers. Alongside what the records indicate are their date of birth, home address, mobile number, headshot photo, and private authentication token, the file also documents their political leanings and how they came into the invitation-only group’s orbit.
... continue reading