President Obama Signs Executive Order Saying That Now He's Going To Be Really Mad If He Catches Someone Cyberattacking Us
from the oh-come-on dept
This, apparently, is not an April Fool’s joke. This morning, President Obama signed an executive order [pdf] allowing the White House to issue sanctions on those “engaging in significant malicious cyber-enabled activities.” I’m sure the Chinese state hackers behind the Github DDoS are shaking in their boots.
To make this work, the President officially declared foreign hacking to be a “national emergency” (no, really) and basically said that if the government decides that some foreign person is doing a bit too much hacking, the US government can basically do all sorts of bad stuff to them, like seize anything they have in the US and block them from coming to the US. Because that won’t be abused at all.
Look, everyone agrees that there’s a lot of online hacking and computer attacks going on. So much of what we do in the world has moved online, so of course that’s going to be a target. But giving a general “ARRRRRGGH! HACKING BAD! WHITE HOUSE MAD!” executive order seems incredibly pointless and counterproductive. It seems like yet another example of politicians feeling the need to do something because there’s a problem — but not having any good ideas on what to actually do that will help solve the problem. So they just do something to say they did something, never mind how toothless it is — or (more importantly) how the broad and vague definitions set forth in the “something” they do can (and will) be used in the future against perfectly reasonable actions and actors.
It’s stories like these that make actual computer security folks shake their heads in confusion at politicians. You don’t solve cybersecurity issues with vague executive orders. You do it with better security practices (and not undermining those practices with backdoors and stockpiling zero days).
Filed Under: cybersecurity, executive order, national emergency, president obama, sanctions, white house
Comments on “President Obama Signs Executive Order Saying That Now He's Going To Be Really Mad If He Catches Someone Cyberattacking Us”
protecting intellectual property
The executive order should be sufficient to vaporize the assets of all known cyberlockers, as well as the assets of anyone who can be tied to a BitTorrent indexer, or any other sort of indexer.
SOPA would have allowed point-and-remove-from-Internet; what the copyright industry gets instead is point-and-bankrupt, which is likely to be almost as good.
We can expect open source developers of “tools which might enable piracy” to be thrown into the asset seizure mix.
The King has spoken
O thinks pretty highly of himself so I am sure he thinks he accomplished something.
Re: The King has spoken
Thanks for point this out to me now it is blindly simple to know what “O’s” problem is. He thinks he is Oprah.
Re: The King has spoken
“I am sure he thinks he accomplished something.”
We can not have any of that sort of thing occurring on our watch.
– Congress
Re: The King has spoken
That should read “The Korporate King has spoken”
And He has accomplished something all right.
You’re not gonna like what was accomplished though, as its pretty much the exact opposite of what he has claimed publically – as usual.
Life in the USA is about to become one step closer to Hell.
—
Hypocrisy, thy name is the USG
To make this work, the President officially declared foreign hacking to be a “national emergency” (no, really) and basically said that if the government decides that some foreign person is doing a bit too much hacking, the US government can basically do all sorts of bad stuff to them, like seize anything they have in the US and block them from coming to the US. Because that won’t be abused at all.
Keep in mind, this is the exact same government where multiple government agencies have argued that they should be allowed to hack any computer or network, no matter where on the planet it’s located. So apparently hacking is only a bad thing when someone other than the USG is doing it.
Re: Hypocrisy, thy name is the USG
like someone trying to start a war, almost seems like
Re: Re: Hypocrisy, thy name is the USG
HEADLINE NEWS:
Iran is hacking us, Iran is hacking us!
Bomb bomb bomb
I’m sure the only hypocrites are the USG.
Dumb dumb DUMB!
I have a small, still under construction website. Almost from day one my logs have been continuously splashed with hack attempts… this is a daily occurrence, 100s of hits per day. The IP’s trace back to a few places but China is a huge part of it. All of them “testing” my security by trying to access various known exploits of products such as wordpress (which isn’t even installed on my server) or submitting too much data to see if they can cause some sort of overrun. My site on my server is a nowhere kind of site with very little exposure and certainly no kinds of major publicity or usage. I get less than a handfull of real “impressions” per day… yet, here I am under full onslaught to try and break my security. I have to think that if me, a nobody in the internet world, is getting hammered then every other nobody and even more sites who are somebody are getting hammered just as hard and harder. One might consider this “engaging in significant malicious cyber-enabled activities” don’t you think? Tens of thousands of nobodies multiplied by this effort.
Re: Dumb dumb DUMB!
Why are you allowing Internet traffic from China to get anywhere near your web site?
Unless you have an operational need to do so — and you almost certainly don’t — firewall out the entire country. And Korea, while you’re at it. Well-curated lists of all of their network allocations are available here:
http://okean.com/asianspamblocks.html
I find it useful to update my firewalls about once a week with those and to enjoy the peace and quiet that results as every single packet originating there is dropped on the floor without so much as an acknowledgment.
Re: Dumb dumb DUMB!
I have done a significant amount of work in the field since the 90s, and I can tell you something about those “Chinese hackers” you see in your server logs.
Most of them are hacked Chinese machines in the control of western (largely American) hackers in the form of botnets. In USA, people don’t and wont get charges (IMO, for good reason) for hacking Chinese assets or property, and this is the result.
People do not just randomly scan the internet using assets that can be linked to them, or can be shut down by their ISP. They use hacked stuff that wont get searched by their own government.
Punishing people that break the law is so counterproductive.
Re: Re:
Haha, good one, April Fools!
Re: Re:
It is when the real law breakers are the ones doing the punishing..
So it’s (apparently) OK for the US government to hack foreign computers and create destructive malware like Stuxnet to unleash on the so-called “rogue nations” of the world, but if the victims of these cyber-attacks were to respond in kind, then that means war!
Finally, some accountability for the U.S OF A, oh wait, let me guess
Except us
How about a common sense executive order beefing up defensive security instead of yet MORE offensive weapons…….transparency of threats, so that companies that care can update/upgrade/patch, and those that dont can go fking bankrupt
Wait until the NSA...
I can’t wait until the NSA stretches and deforms this executive order like they did to XO12333.
House of cards
Obama has been watching the latest season of House of Cards, in which President Underwood declares “unemployment” to be a national emergency and starts using FEMA funds to create and subsidize jobs.
Re: House of cards
So … hacking is unemployment?
One of These Things Is Not Like the Other
So exactly which hacking incident(s) does Barack Obama find to be equivalent to 9/11?
I, BARACK OBAMA, President of the United States of America, find that the increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States. I hereby declare a national emergency to deal with this threat.
Executive Order on Terrorist Financing (Sep. 24, 2001)
I, GEORGE W. BUSH, President of the United States of America, find that grave acts of terrorism and threats of terrorism committed by foreign terrorists, including the terrorist attacks in New York, Pennsylvania, and the Pentagon committed on September 11, 2001, acts recognized and condemned in UNSCR 1368 of September 12, 2001, and UNSCR 1269 of October 19, 1999, and the continuing and immediate threat of further attacks on United States nationals or the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States, and in furtherance of my proclamation of September 14, 2001, Declaration of National Emergency by Reason of Certain Terrorist Attacks, hereby declare a national emergency to deal with that threat.
National Emergency
I’m not too familiar with all the various bits and bobs of Americas innumerable anti-terrorism laws and executive orders, but if memory serves, some parts of these only apply during times of National Emergency.
This order is presumably intended to – in effect – preemptively reclassify all major hacking incidents as terrorism. Individuals and organisations identified are now subject to surveillance and response under the terms set by the Patriot Act and other rules, rather than normal due process.
The order also functionally makes the acquisition of “trade secrets” into terrorism. “[…] any person determined […] to be responsible for or complicit in, or to have engaged in, the receipt or use […] of trade secrets misappropriated through cyber-enabled means […] just became subject to Patriot Act rules.
This, logically, must include everyone involved in the last big Sony hack, every file-sharing-site where the movies appeared, everyone who downloaded copies and – you’re going to love this, I just know it – every journalist who received and wrote about the various leaked emails.
Congratulations everyone, the President of the United States of America just declared all of us to be de facto terrorists, subject to unlimited surveillance and attack, at the whim of any branch of the US government that wants to do so.
Re: National Emergency
they already do that, they are justifying it with a new law
He may want to take a look at what the NSA is up to first before drafting such legislation….
Re: Re:
Considering the level of data theft (err, “gathering”) that the NSA has accomplished, along with their physically tampering with hardware, insisting on backdoors in otherwise secure systems, etc., I would say that we know where this order should first be applied.
We have met the enemy, and they are us.
A national emergency you say?
Well then, we’re just one cyber pearl harbor away from a third-term Obama.
Re: Re:
omg
For what purpose?
Given the likelihood that the USG could impose all the sanctions it wanted without an EO, it’s hard to see the point of this other than carving out another unilateral power grab. And because this is ostensibly about security, don’t expect it to be undone by a future president. It’s 12333 for the 21st century.
via a USA Today story from October 2014: President Jimmy Carter declared the oldest state of emergency still in force, in 1979, to implement a trade embargo against Iran.
The five following presidents declared about 50 emergencies, and about 30 of those emergencies remain in effect (as of Oct. 2014). The emergency powers give the President the ability to enforce economic sanctions on his own say-so.
(Background.)
reads as a “I dare you to attack us, because you called us out on us declaring we can attack anyone we want to”
Does this mean Germany is going to issue sanctions against the US for hacking into Angela Merkel’s cellphone? Or does it mean Iran is going to issue sanctions against the US for launching Stuxnet against their nuclear energy program? Maybe it means China will start issuing sanctions against the US for the NSA intercepting Cisco router shipments and implanting backdoors onto them via a process known as interdiction.
Has the US even thought this sanction policy through all the way? The US will more sanctions levied against it than any other country on the planet! Thanks NSA!
Welcome to the New War.... same as the Old War.
“ARRRRRGGH! HACKING BAD! WHITE HOUSE MAD!”
That is merely the “public perception ploy”, that allows this new “War On ____” to get full tax-traction and support of law.
In this case, its a “War On Hackers”, and once you start to realize exactly what this particular “War On” allows the Feds to do, you will be seeing this legislation in a whole new light.
You do remember the recent kerfuffle about letting Corporate America – other-wise known as the Billionaire Fascist Club – run “attack wares” – called “defense wares”, legally against “perceived” cyber assaults.
Well, now they have an executive order that will nicely immunize them against any repercussions, should they, say, fry the computers of an on-line chess club by mistake, in their retaliations against some unknown hackers or an Anonymous DDOS attack on their network.
And I’ll betcha they now have access to tax-payer funding for research and development of new and better attack, errrr… defense wares, as well, and maybe even access to NSA Brand(TM) anti-cyber tools.
And ya’all should by now, know exactly what total immunity from all consequences of one’s actions lead to.
If not, look no further than the CIA, FBI, NSA, NYPD, and all the other so-called public-servants of the USG, who are now laws unto them-selves, answering only to… well…. not you, that’s for sure.
If you’re having difficulty still, you might want to simply see this new executive order as the declaration of the War on Hackers, which will now be waged like the War on Drugs, and the War on Terror…. that is, forever and on your dime.
—
For a non american Citizen
Since the rest of the world is under costant cyberattack from the USA, this law rather seems like a provocation. I guess a war somewhere not on US Soil would come in handy, wouldn’t it?
a new purse
75% of the drug war victory (read: profit) was from marijuana-related forfeiture, and two things are happening. 1) Forfeiture from unproven charges and suspicions are getting nixed finally. Only persons proven of committing crimes will be able to be, robbed and 2) Marijuana enforcement is going the way of the dodo and the laws are right behind it.
This EO is the govt’s replacement purse. Simple as that.