Rep. Mike Rogers, On His Way Out Of Congress, Slams Obama For Not Launching Premature Cyberwar Against North Korea
from the and-for-not-giving-his-precious-nsa-your-data dept
Rep. Mike Rogers is just about out of Congress, but the NSA's biggest defender (despite his supposed role in "overseeing" the agency) is using his last days on Capitol Hill to keep pushing his favorite causes. Over the weekend, he complained that President Obama basically should have gone to "cyberwar" with North Korea over the Sony hack.“Unfortunately, he’s laid out a little of the playbook,” Rogers said. “That press conference should have been here are the actions.” ...And I can tell you that Mike Rogers is full of bluster with little basis. First off, there is still some fairly strong skepticism in the actual computer security field that North Korea was behind the hack. Launching an all out attack without more proof would seem premature. Second, Rogers is simply wrong or clueless. We don't have the capability to "cripple" anyone's "cyberattack capabilities" unless he means taking out the entire internet. There are always ways around that. Even the reports that we've seen that do blame North Korea don't seem to think the full attack came from North Korea, so doing something like taking the few internet connections in North Korea off the map wouldn't do much good if the actual attack came from, say, China or Eastern Europe or somewhere else.
Without discussing specifics, Rogers said the U.S. has the capability to cripple North Korea’s cyberattack capabilities, which have been rapidly improving over the last few years.
“I can tell you we have the capability to make this very difficult for them in the future,” he said.
Third, can we just get over this ridiculous idea that a hack of one company, which may or may not have been by actors working for a government, is an act of either "terrorism" or "war." It's not. It's a hack. Tons of companies get hacked every day. Some have good security and still get hacked. Some, like Sony, appear to have terrible security and get hacked very easily. It's not terrorism. It's not war. It's a hack. We shouldn't be talking about retaliation or destroying countries over a hack. We should be talking about better security. Jim Harper does a good job explaining why an overreaction is a bad idea:
The greatest risk in all this is that loose talk of terrorism and “cyberwar” lead nations closer to actual war. Having failed to secure its systems, Sony has certainly lost a lot of money and reputation, but for actual damage to life and limb, you ain’t seen nothing like real war. It is not within well-drawn boundaries of U.S. national security interests to avenge wrongs to U.S. subsidiaries of Japanese corporations. Governments in the United States should respond to the Sony hack with nothing more than ordinary policing and diplomacy.But, no, not Mike Rogers. Instead, he's using this as his opportunity to push for his favorite bad law: giving the NSA more power to sift through your data:
Rogers, who is retiring from Congress in just a few days, made a final plug for his bill to facilitate cybersecurity information sharing between the private sector and National Security Agency (NSA). The measure passed the House, but stalled in the Senate, held up by privacy concerns.He's talking, of course, about his beloved CISPA, which would effectively remove any liability from companies for sharing your private data with the NSA (and the rest of the government). But, as per usual with Rogers, he's wrong about nearly all of the details. There is nothing in CISPA that would have made it so the NSA could have "protected" Sony. Sony's problem here was Sony's terrible computer security. So, no, we don't need CISPA or other cybersecurity legislation to better protect the internet.
It’s necessary, Rogers argued, if the U.S. wants to protect itself from similar attacks in the future. Because of laws on the books, the NSA is limited in its ability to protect private critical infrastructure networks.
“This isn’t about reading your email, it’s about reading malicious source code,” Rogers said.
And is Mike Rogers really trying to argue that Sony's private intranet is "critical infrastructure"?
Finally, there's nothing in the law today that stops a company from sharing "malicious source code" with the government or others. We already have a good way for dealing with that that doesn't require a new law that gives the NSA more access to everyone's data.
Either way, it looks like Rogers is going out in typical fashion -- shooting his mouth off in favor of his friends and pet projects, without actually understanding or caring about the details. No wonder he's going into AM talk radio. He'll be a perfect fit.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cispa, cyber terrorism, cyberwar, exaggerations, mike rogers, north korea, sony hack, terrorism, war
Reader Comments
Subscribe: RSS
View by: Time | Thread
Nothing in the law?
Ahem. Except perhaps copyright. Even if it's malicious, it's still covered by copyright... I'm waiting for the day one of these hackers comes forth and claims statutory damages from reverse-engineered malware.
[ link to this | view in chronology ]
Re: Nothing in the law?
[ link to this | view in chronology ]
Re: Re: Nothing in the law?
IANAL, but I am pretty sure the federal government cannot be sued unless the federal government allows someone to sue them, and there is a very limited number of reasons the government can be sued.
A person claiming copyright on malware would have to submit their complaint within three years to the United States Court of Federal Claims. I suspect that would seriously cut back the number of claimants.
[ link to this | view in chronology ]
Re: Re: Re: Nothing in the law?
[ link to this | view in chronology ]
Re: Re: Re: Re: Nothing in the law?
Yeah, but that party probably wouldn't have as much money as the government. In tort lawsuits, you don't sue the person who did you wrong...you sue the one that has the deepest pockets, right?
Besides, it may be extremely difficult figuring out what party gave the government the malware, considering the anonymity and secrecy of the process. You'd have to deal with FOIA and/or suing the agency to get the name of the party that gave the government the malware. I believe an active/ongoing legal investigation and/or national security are valid reasons to reject a FOIA request.
[ link to this | view in chronology ]
True, but how many hacks are accompanied with threats of physical violence against innocent persons?
Clearly you do not like Rogers, but that is no good reason to take his comments and present them with a spin that does not reflect the context of what was actually said. You are sounding much, much more like an partisan advocate than a journalist.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
This looks for all the world like Rogers (and, presumably, the cadre he runs around with) looking for any possible excuse to get into a war.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
So, yes, I think it is reasonable to read into those comments a negative outcome.
[ link to this | view in chronology ]
Re:
This is a private company that was hacked and nothing more. the rest is just empty threats unless there is some kind of evidence to the contrary.
Masnick may have a beef with Rodgers, but his article is on point.
[ link to this | view in chronology ]
Re:
If we're talking about totally bullshit, almost certainly without the capability to back it up, threats associated with hacks? An awful lot.
Clearly you do not like Rogers, but that is no good reason to take his comments and present them with a spin that does not reflect the context of what was actually said.
Feel free to put them back into context, because I'm pretty sure I've accurately represented them.
[ link to this | view in chronology ]
Re: Re:
As for accuracy, perhaps you can point to something said by Rogers that openly advocated for a "cyber war". I could find any such comment. I did read a comment by him critical of "proportionate response", but anyone who has followed international issues of late understands it is a term that has been used in the past to express anger with no subsequent overt act to hold the wrongdoer accountable in any meaningful manner.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Personally, I certainly would have. The only thing more stupid than the threats was than anyone paid attention to them at all.
[ link to this | view in chronology ]
Re: Re: Re:
I for one absolutely would have played the movie. This is supposed to be the land of the free and home of the brave.
Unfortunately, it seems to be neither.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Nobody believes you, Slonecker. It's obvious you're really just in it to rag on Masnick.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
If that's truly the case, then the entire security theater we're spending ridiculous amounts of money on SUCKS, and everyone involved needs to be fired for gross incompetence.
I go back to my original comment - this is CLEARLY not the land of the free and home of the brave if you're so ready to let North Korea dictate what we can and cannot show in theaters.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
It would appear that many theater owners disagree with you. And they do own theaters. A few examples:
http://www.vox.com/2014/12/23/7441153/alamo-drafthouse-interview
http://www.theguardian.com/ books/2014/dec/22/george-rr-martin-the-interview-sony-pictures-hack-north-korea
http://variety.com/20 14/film/news/the-interview-christmas-day-screenings-new-release-1201386144/
http://adage.com/article/ media/independent-theaters-offer-show-sony-s-interview/296407/
Of course, getting you to admit that you were full of shit will never happen, because it never does. As always, you put in enough weasel words to weasel your way out of being proven wrong, so go ahead, weasel away about how you never said what you clearly implied.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
“Sony Pictures CEO Michael Lynton 'We did not cave' ”, CNN, Dec 21, 2014
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Now please feel free to cite in yet another invective-laden comment more articles that did not exist at the time I happened to first comment.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Tell me, did it hurt your back to move those goalposts all by yourself?
Now please feel free to cite in yet another invective-laden comment more articles that did not exist at the time I happened to first comment.
Actually, both Tim League and George RR Martin had made their comments wishing to show the movie prior to your comments, but I don't expect you to bother with facts as you dig deeper into the muck insisting that you were right when, in fact, you were wrong.
Do you ever get tired of playing this game. Just once, it would be grand for you to admit being wrong so frequently in your attempts to discredit us.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re:
“I say to Creighton Sahib, ‘This is not a lawsuit, that we go about to collect evidence.’ ” ——Hurree Chunder Mookerjee
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re:
Says the guy who REGULARLY makes assertions of fact that turn out to be flat out wrong. Including in this thread.
Don't make me laugh.
[ link to this | view in chronology ]
Re: Re: Re:
Says you based on what numbers/evidence?
[ link to this | view in chronology ]
Re: Re: Re: Re:
Importantly, my comment was directed to a comment by the author of this article. It is such an easy thing to say without equivocation what one would do when one is not in a position where their neck is on the line, legally or otherwise. An honest answer would have been "I likely would have shown it had I had a copy of the film in hand, but to be honest I do not have all the relevant information in hand that would let me assess the pros and cons of showing the film for my customers and my business." Yes, this is not a utopian ideal answer. It is, however, a reality of competing interests that every business owner must consider.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
I actually think that we do have all the relevant information to assess the pros and cons. I would have shown the movie, and I think that the theaters that balked are not only cowardly, but engaged in yet another small act of degradation of our society.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
No, what you have is a personal opinion that reflects a utopian ideal. This does not mean your opinion is without merit, but only that criticizing others who apparently did not act in accordance with your opinion is not good form.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
"No, what you have is a personal opinion that reflects a utopian ideal."
A personal opinion, certainly. A utopian ideal, not even close.
"that criticizing others who apparently did not act in accordance with your opinion is not good form."
So if my opinion is that the theater operators are behaving in a cowardly fashion that is counter to the public interest, it's bad form to speak that opinion? That's an interesting perspective.
[ link to this | view in chronology ]
OMG! Cyberattack
(H/T “North Korea's internet appears to be under mass cyber attack”, by Max Fisher, Vox, Dec 22, 2014)
[ link to this | view in chronology ]
The war to end all wars was fought twice.
The war on drugs has done nothing but enrich a few.
The war on terror has shown that we can be worse than those we call terrorist.
A cyberwar will do nothing but funnel more money and resources into something endless that will serve no actual purpose. It will escalate from tit for tat, until someone decides that isn't enough and there must be blood shed to prove they are the best.
He is a moron, he will not be missed. His desire for a more fearful populace beholden to the snake oil saviors, paying them protection money for the magic rock that repels tigers, made the entire world worse off. He is a prime example of someone more beholden to corporate bottom lines than representing those who elected him to make their lives better. He would burn allow the public to be crushed in his rush to shovel more money into the corporate coffers.
I look forward to seeing which corporate sponsor takes him on, so we can see how little it cost to subvert the ideals of a nation.
[ link to this | view in chronology ]
The revolution will not be televised.
Cyberwar is more like espionage than conventional warfare.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
What we call the First World War was billed as "the war to end all wars". Who called the Second World War a war to end all wars?
[ link to this | view in chronology ]
Re:
I accidentally a phrase in there. The mind, it moves faster than the hands.
And yes, I am angry.
I am angry that a loudmouth elected leader is so selfcentered that he has to push his pet project as being the be all end all of it.
Congress has done fuckall, beyond give themselves another entitlement for $1000 a month so they can ride in luxury, while people are homeless, starving, dying of illnesses, and a whole host of issues that they can't bring themselves to address because the soundbite looks bad... but have no problems blaming the poor for being poor and asking for help.
Meh war to end all wars, it sounded good at the time.
We have imprisoned more people to enrich corporations, society is falling apart as more and more people are funneled into jail.
[ link to this | view in chronology ]
Re: Re:
You should point your anger at the sheeple that put these idiots in office. They are the crooks.....Republicans, Democrats, all crooks...
Politicians in the U.S. are doing at least one of three things with your money at all times. 1. taking your money and giving it to corporate interests. 2. taking your money and giving it to someone less fortunate (preferably one registered to vote) 3. taking your money and putting it in their pocket.
Power corrupts, we say this all the time, but we never do anything about it. We've centralized the power base to a collection of politicians that can't get to where they are without either being corrupt, or being corruptible. Both the people and business demand it, an honest man doesn't stand a chance.
So basically, IMHO, you have two choices. You can either get rid of them (short term solution.. till the next crook shows up) or change the system so this stops happening... either way we get the Government we deserve.
[ link to this | view in chronology ]
Election fraud
The election fraud in USA is massive. And it have been a scam for a long time. Even the nomination elections is scams, with telepromted live results, slanting curves based on district size (to avoid a negative number of votes as result of the scam), and so on. They are not sheeple for voting stupid (though that is bad enough), they are sheeple because the entire election is just a joke.
Notice what happened when delegates from Maine discovered just how corrupt the RNC were ... nothing. And what happened when the earlier scam system produced negative votes ... nothing. And what happend when it were proved to be a systematic pattern ... nothing.
The population is played.
Much in the same way that it is played to not focus on attorney general Jim Hood and Sony/MPAA wrongdoings. It is enough to point at North Korea and they happily go brain-dead.
To take their democracy back the citizens must organize elections. Though in USA even post-polls meet resistance. So I predict the US populace do what they do best ... nothing. And perhaps pay Sony money to endure a movie so the perpetrators can have someone to laugh at.
[ link to this | view in chronology ]
- Mike Roger's Internal Monologue
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
SONY has terrible security, refuses to improve it, and practically invites crackers in.
Worse, Sony has committed massive numbers of rootkit attacks, on audio CDs played on computers, against Americans and others. If everybody whose computer was damaged by Sony, attacked in return, Sony could give up computers for ever.
War doesn't work well for the losers or the winners. Talking, no matter how inane, is a far better solution than destruction, maiming and death.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
“Graphic: North Korea’s Conventional Arms”, by Richard Johnson, Andrew Barr and Jonathon Rivait, National Post, April 10, 2013
[ link to this | view in chronology ]
Re: Re: Re:
North Korea not only has weapons and allies, they have ground based forces trained and disciplined under conditions that 1st world nation forces would not be able to function under.
South Korea left its capital within artillery range of NK -- possibly one of the stupidest strategic decisions since the invasions of Afghanistan by the USSR and the US.
A US Vet.
[ link to this | view in chronology ]
Re: Re: Re: Re:
True
But they may be lost because of stupidity. As in supporting the "opposition" in Syria and the "government" in Irak, in a common war zone where the "opposition" is the same.
And as USA have a history in the region things can turn badly unpredictably. A history with such things as spraying civilian population with napalm and white phosphorus, spraying rice fields with agent Orange, and so on.
Both the South- and North-Korea does a lot of posturing. The posturing will end if they believe the war has begun. This will be very bad.
To really point to the significance of this; this was the sole reason for the war between Soviet and Finland during the second world war. Leningrad (/St. Petersburg) is close to the Finnish border.
Soviet demanded control over sufficient territory to prevent shelling of Leningrad from Finland. Finland refused to cede any land at all and Soviet attacked as it desperately needed a buffer zone. This caused Finland to be allied with Nazi Germany, and Finnish Jews to fight alongside the Nazis.
The Finnish military never crossed into previous Soviet terretory but the Germans shelled and attacked Leningrad, and when the Germans lost, Soviet chose to not attack Finland again. If Soviet had not tried to prevent Leningrad to be shelled from Finland, it might not have been shelled!
The war also caused a lot of confusion about whom to consider the enemy in Scandinavia, as Norway were occupied by the Nazi, and Finland attacked by Soviet. People were considered war criminals for fighting on both sides! (Against Soviet in Finland, and with Soviet against the Nazi in Norway).
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
“State Dept. Says North Korea Should Pay Back Sony for Cyberattack”, by Pete Kasperowicz, The Blaze,Dec. 22, 2014
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
(H/T GovExec)
Extra tidbit, fwiw: NBC News earlier had a story with some unnamed government official denying that the U.S. had anything to do with the DPRK outage.
[ link to this | view in chronology ]
Hold on...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Communism was once China's highest ideal, while in the US it was democracy, capitalism and citizens' rights. They've apparently agreed to meet half-way at authoritarian capitalism.
The attack on Sony is an attack on the emerging political system of both countries.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
i assume everyone else at the station has agreed to take reductions in air time, so Rogers can say what he wants? i mean he wouldn't be able to in just a normal slot, would he!
[ link to this | view in chronology ]
You cannot attack what doesn't exist, so the joke is on you. hahaha.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
What I meant is, North Korea doesn't really have a "internet" to speak of.
So you can't launch a cyber attack on a non-existing network.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
DDoS
[ link to this | view in chronology ]
DDoS'em all and let God Sort Them Out
[ link to this | view in chronology ]
[ link to this | view in chronology ]
An alternative...
"You know guys, since we're pulling troops out of Iraq and Afghanistan, we have all these troops that we're using."
"And people are getting tired of hearing about ISIS, Putin, and Iran. Is there anyone else we can turn into a bad guy and rally behind?"
"How about Cuba? They've always been a good fall-back. But now Obama's making friends with them."
"Has anyone used North Korea recently? Bingo- our new boogeyman, out to destroy our freedoms with their cyberattacks on American companies!"
"Um, Sony is a Japanese company."
"Don't bother me with the details! Let's get this war started."
[ link to this | view in chronology ]
Or was it the same as with the Syrian gas attacks? Remember that they had "credible evidence" that they refused to share then a few months later it turned out to be bullshit.
[ link to this | view in chronology ]
Re:
“China reluctant to join U.S. in punishing North Korea over cyberattacks”, by Simon Denyer, Washington Post, Dec 23, 2014
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Because distributing even more information makes it easier to keep secrets?
Because hiring even more consultants to sift through information for NSA makes it easier to keep secrets?
Because by sharing any information with the private sector such as Sony, the information would be safe?
If USA really wanted to harm its opponents it should export Rogers!
[ link to this | view in chronology ]
Re:
bat shit crazy !
Facepalm
By sharing all your secrets, all your secrets is shared!
[ link to this | view in chronology ]
I'm throwing the BS flag on this one
When you've built an entire economy on the kind of rickety "security" infrastructure that Sony epitomizes, it would be unwise to engage an enemy which hasn't...since you are vastly more vulnerable than they are. Particularly if there's no proof on the table -- and thus far, there is ZERO PROOF -- that they're actually the ones behind it.
Note: any claim on North Korea's part that they did it still leaves us with zero proof. Any threats on North Korea's part still leave us with zero proof. They claim stuff and make threats six times before breakfast, often involving things everyone knows they didn't do and things they couldn't possibly do.
If Mike Rogers disagrees, then I, for one, am perfectly happy to see him strike a blow for freedom. Let him be given a uniform, a parachute, and a rifle, and air-dropped into North Korea. Go get 'em, tiger!
[ link to this | view in chronology ]
Re: I'm throwing the BS flag on this one
Especially as North Korea has a minimum use of the Internet, and the US has foolishly let large parts of its infrastructure be connected to the Internet.
[ link to this | view in chronology ]
Mike Rogers is an expert on hacks!!!
Takes one to know one.
[ link to this | view in chronology ]
DPRK Cyber Capabilities
This article links to an HP Security Briefing, “Profiling an enigma: The mystery of North Korea’s cyber threat landscape”, August 2014
[ link to this | view in chronology ]
Title
[ link to this | view in chronology ]
I'm loosing hope this Congress was going to be better than the last. They are all clueless.
[ link to this | view in chronology ]
No one is blaming Sony for having a hand in this with lax security even though they've had problems before.
That's equal to asking people to not think, not to figure out, not to challenge - which in my mind is more like a "cyber tryanny" which is far more frightening than any "terror attack" that a small poor country could do.
Somehow people in Congress have got to figure out this "internet-thing".
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Attribution
[ link to this | view in chronology ]
Re: Attribution
[ link to this | view in chronology ]
Re: Re: Attribution
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]