President Obama Signs Executive Order Saying That Now He's Going To Be Really Mad If He Catches Someone Cyberattacking Us

from the oh-come-on dept

This, apparently, is not an April Fool's joke. This morning, President Obama signed an executive order [pdf] allowing the White House to issue sanctions on those "engaging in significant malicious cyber-enabled activities." I'm sure the Chinese state hackers behind the Github DDoS are shaking in their boots.

To make this work, the President officially declared foreign hacking to be a "national emergency" (no, really) and basically said that if the government decides that some foreign person is doing a bit too much hacking, the US government can basically do all sorts of bad stuff to them, like seize anything they have in the US and block them from coming to the US. Because that won't be abused at all.

Look, everyone agrees that there's a lot of online hacking and computer attacks going on. So much of what we do in the world has moved online, so of course that's going to be a target. But giving a general "ARRRRRGGH! HACKING BAD! WHITE HOUSE MAD!" executive order seems incredibly pointless and counterproductive. It seems like yet another example of politicians feeling the need to do something because there's a problem -- but not having any good ideas on what to actually do that will help solve the problem. So they just do something to say they did something, never mind how toothless it is -- or (more importantly) how the broad and vague definitions set forth in the "something" they do can (and will) be used in the future against perfectly reasonable actions and actors.

It's stories like these that make actual computer security folks shake their heads in confusion at politicians. You don't solve cybersecurity issues with vague executive orders. You do it with better security practices (and not undermining those practices with backdoors and stockpiling zero days).

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    wallow-T, 1 Apr 2015 @ 11:54am

    protecting intellectual property

    The executive order should be sufficient to vaporize the assets of all known cyberlockers, as well as the assets of anyone who can be tied to a BitTorrent indexer, or any other sort of indexer.

    SOPA would have allowed point-and-remove-from-Internet; what the copyright industry gets instead is point-and-bankrupt, which is likely to be almost as good.

    We can expect open source developers of "tools which might enable piracy" to be thrown into the asset seizure mix.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Apr 2015 @ 11:57am

    The King has spoken

    O thinks pretty highly of himself so I am sure he thinks he accomplished something.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Apr 2015 @ 12:01pm

      Re: The King has spoken

      Thanks for point this out to me now it is blindly simple to know what "O's" problem is. He thinks he is Oprah.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Apr 2015 @ 5:24am

      Re: The King has spoken

      "I am sure he thinks he accomplished something."


      We can not have any of that sort of thing occurring on our watch.

      - Congress

      reply to this | link to this | view in chronology ]

    • icon
      GEMont (profile), 2 Apr 2015 @ 2:55pm

      Re: The King has spoken

      That should read "The Korporate King has spoken"

      And He has accomplished something all right.

      You're not gonna like what was accomplished though, as its pretty much the exact opposite of what he has claimed publically - as usual.

      Life in the USA is about to become one step closer to Hell.

      ---

      reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 1 Apr 2015 @ 11:58am

    Hypocrisy, thy name is the USG

    To make this work, the President officially declared foreign hacking to be a "national emergency" (no, really) and basically said that if the government decides that some foreign person is doing a bit too much hacking, the US government can basically do all sorts of bad stuff to them, like seize anything they have in the US and block them from coming to the US. Because that won't be abused at all.

    Keep in mind, this is the exact same government where multiple government agencies have argued that they should be allowed to hack any computer or network, no matter where on the planet it's located. So apparently hacking is only a bad thing when someone other than the USG is doing it.

    reply to this | link to this | view in chronology ]

  • icon
    Adam Wood (profile), 1 Apr 2015 @ 11:59am

    Dumb dumb DUMB!

    I have a small, still under construction website. Almost from day one my logs have been continuously splashed with hack attempts... this is a daily occurrence, 100s of hits per day. The IP's trace back to a few places but China is a huge part of it. All of them "testing" my security by trying to access various known exploits of products such as wordpress (which isn't even installed on my server) or submitting too much data to see if they can cause some sort of overrun. My site on my server is a nowhere kind of site with very little exposure and certainly no kinds of major publicity or usage. I get less than a handfull of real "impressions" per day... yet, here I am under full onslaught to try and break my security. I have to think that if me, a nobody in the internet world, is getting hammered then every other nobody and even more sites who are somebody are getting hammered just as hard and harder. One might consider this "engaging in significant malicious cyber-enabled activities" don't you think? Tens of thousands of nobodies multiplied by this effort.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Apr 2015 @ 1:03pm

      Re: Dumb dumb DUMB!

      Why are you allowing Internet traffic from China to get anywhere near your web site?

      Unless you have an operational need to do so -- and you almost certainly don't -- firewall out the entire country. And Korea, while you're at it. Well-curated lists of all of their network allocations are available here:

      http://okean.com/asianspamblocks.html

      I find it useful to update my firewalls about once a week with those and to enjoy the peace and quiet that results as every single packet originating there is dropped on the floor without so much as an acknowledgment.

      reply to this | link to this | view in chronology ]

    • identicon
      John B, 4 Apr 2015 @ 4:29am

      Re: Dumb dumb DUMB!

      I have done a significant amount of work in the field since the 90s, and I can tell you something about those "Chinese hackers" you see in your server logs.

      Most of them are hacked Chinese machines in the control of western (largely American) hackers in the form of botnets. In USA, people don't and wont get charges (IMO, for good reason) for hacking Chinese assets or property, and this is the result.

      People do not just randomly scan the internet using assets that can be linked to them, or can be shut down by their ISP. They use hacked stuff that wont get searched by their own government.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Apr 2015 @ 12:05pm

    Punishing people that break the law is so counterproductive.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Apr 2015 @ 12:12pm

    So it's (apparently) OK for the US government to hack foreign computers and create destructive malware like Stuxnet to unleash on the so-called "rogue nations" of the world, but if the victims of these cyber-attacks were to respond in kind, then that means war!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Apr 2015 @ 12:12pm

    Finally, some accountability for the U.S OF A, oh wait, let me guess

    Except us

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Apr 2015 @ 12:17pm

    How about a common sense executive order beefing up defensive security instead of yet MORE offensive weapons.......transparency of threats, so that companies that care can update/upgrade/patch, and those that dont can go fking bankrupt

    reply to this | link to this | view in chronology ]

  • identicon
    twinsdad9901, 1 Apr 2015 @ 12:21pm

    Wait until the NSA...

    I can't wait until the NSA stretches and deforms this executive order like they did to XO12333.

    reply to this | link to this | view in chronology ]

  • identicon
    Whoever, 1 Apr 2015 @ 12:57pm

    House of cards

    To make this work, the President officially declared foreign hacking to be a "national emergency"
    Obama has been watching the latest season of House of Cards, in which President Underwood declares "unemployment" to be a national emergency and starts using FEMA funds to create and subsidize jobs.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Apr 2015 @ 1:01pm

    One of These Things Is Not Like the Other

    So exactly which hacking incident(s) does Barack Obama find to be equivalent to 9/11?

    I, BARACK OBAMA, President of the United States of America, find that the increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States. I hereby declare a national emergency to deal with this threat.

    Executive Order on Terrorist Financing (Sep. 24, 2001)
    I, GEORGE W. BUSH, President of the United States of America, find that grave acts of terrorism and threats of terrorism committed by foreign terrorists, including the terrorist attacks in New York, Pennsylvania, and the Pentagon committed on September 11, 2001, acts recognized and condemned in UNSCR 1368 of September 12, 2001, and UNSCR 1269 of October 19, 1999, and the continuing and immediate threat of further attacks on United States nationals or the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States, and in furtherance of my proclamation of September 14, 2001, Declaration of National Emergency by Reason of Certain Terrorist Attacks, hereby declare a national emergency to deal with that threat.

    reply to this | link to this | view in chronology ]

  • icon
    DocGerbil100 (profile), 1 Apr 2015 @ 1:30pm

    National Emergency

    I'm not too familiar with all the various bits and bobs of Americas innumerable anti-terrorism laws and executive orders, but if memory serves, some parts of these only apply during times of National Emergency.

    This order is presumably intended to - in effect - preemptively reclassify all major hacking incidents as terrorism. Individuals and organisations identified are now subject to surveillance and response under the terms set by the Patriot Act and other rules, rather than normal due process.

    The order also functionally makes the acquisition of "trade secrets" into terrorism. "[...] any person determined [...] to be responsible for or complicit in, or to have engaged in, the receipt or use [...] of trade secrets misappropriated through cyber-enabled means [...] just became subject to Patriot Act rules.

    This, logically, must include everyone involved in the last big Sony hack, every file-sharing-site where the movies appeared, everyone who downloaded copies and - you're going to love this, I just know it - every journalist who received and wrote about the various leaked emails.

    Congratulations everyone, the President of the United States of America just declared all of us to be de facto terrorists, subject to unlimited surveillance and attack, at the whim of any branch of the US government that wants to do so.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Apr 2015 @ 1:47pm

    He may want to take a look at what the NSA is up to first before drafting such legislation....

    reply to this | link to this | view in chronology ]

    • icon
      Eponymous Coward (profile), 2 Apr 2015 @ 9:56am

      Re:

      Considering the level of data theft (err, "gathering") that the NSA has accomplished, along with their physically tampering with hardware, insisting on backdoors in otherwise secure systems, etc., I would say that we know where this order should first be applied.

      We have met the enemy, and they are us.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Apr 2015 @ 1:49pm

    A national emergency you say?

    Well then, we're just one cyber pearl harbor away from a third-term Obama.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Apr 2015 @ 2:44pm

    For what purpose?

    Given the likelihood that the USG could impose all the sanctions it wanted without an EO, it's hard to see the point of this other than carving out another unilateral power grab. And because this is ostensibly about security, don't expect it to be undone by a future president. It's 12333 for the 21st century.

    reply to this | link to this | view in chronology ]

  • identicon
    wallow-T, 1 Apr 2015 @ 3:29pm

    via a USA Today story from October 2014: President Jimmy Carter declared the oldest state of emergency still in force, in 1979, to implement a trade embargo against Iran.

    The five following presidents declared about 50 emergencies, and about 30 of those emergencies remain in effect (as of Oct. 2014). The emergency powers give the President the ability to enforce economic sanctions on his own say-so.

    (Background.)

    reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 1 Apr 2015 @ 5:17pm

    reads as a "I dare you to attack us, because you called us out on us declaring we can attack anyone we want to"

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Apr 2015 @ 9:30pm

    Does this mean Germany is going to issue sanctions against the US for hacking into Angela Merkel's cellphone? Or does it mean Iran is going to issue sanctions against the US for launching Stuxnet against their nuclear energy program? Maybe it means China will start issuing sanctions against the US for the NSA intercepting Cisco router shipments and implanting backdoors onto them via a process known as interdiction.

    Has the US even thought this sanction policy through all the way? The US will more sanctions levied against it than any other country on the planet! Thanks NSA!

    reply to this | link to this | view in chronology ]

  • icon
    GEMont (profile), 2 Apr 2015 @ 2:49pm

    Welcome to the New War.... same as the Old War.

    "ARRRRRGGH! HACKING BAD! WHITE HOUSE MAD!"

    That is merely the "public perception ploy", that allows this new "War On ____" to get full tax-traction and support of law.

    In this case, its a "War On Hackers", and once you start to realize exactly what this particular "War On" allows the Feds to do, you will be seeing this legislation in a whole new light.

    You do remember the recent kerfuffle about letting Corporate America - other-wise known as the Billionaire Fascist Club - run "attack wares" - called "defense wares", legally against "perceived" cyber assaults.

    Well, now they have an executive order that will nicely immunize them against any repercussions, should they, say, fry the computers of an on-line chess club by mistake, in their retaliations against some unknown hackers or an Anonymous DDOS attack on their network.

    And I'll betcha they now have access to tax-payer funding for research and development of new and better attack, errrr... defense wares, as well, and maybe even access to NSA Brand(TM) anti-cyber tools.

    And ya'all should by now, know exactly what total immunity from all consequences of one's actions lead to.

    If not, look no further than the CIA, FBI, NSA, NYPD, and all the other so-called public-servants of the USG, who are now laws unto them-selves, answering only to... well.... not you, that's for sure.

    If you're having difficulty still, you might want to simply see this new executive order as the declaration of the War on Hackers, which will now be waged like the War on Drugs, and the War on Terror.... that is, forever and on your dime.

    ---

    reply to this | link to this | view in chronology ]

  • identicon
    Isabelle, 3 Apr 2015 @ 10:31am

    For a non american Citizen

    Since the rest of the world is under costant cyberattack from the USA, this law rather seems like a provocation. I guess a war somewhere not on US Soil would come in handy, wouldn't it?

    reply to this | link to this | view in chronology ]

  • identicon
    John B, 4 Apr 2015 @ 4:16am

    a new purse

    75% of the drug war victory (read: profit) was from marijuana-related forfeiture, and two things are happening. 1) Forfeiture from unproven charges and suspicions are getting nixed finally. Only persons proven of committing crimes will be able to be, robbed and 2) Marijuana enforcement is going the way of the dodo and the laws are right behind it.

    This EO is the govt's replacement purse. Simple as that.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.