On North Korea, Obama Leads From Behind

On November 24, the news broke that Sony Pictures’ computer system had been hacked. Today, 25 days later, President Obama finally addressed the issue in one of his rare press conferences. In the meantime, Sony had already announced that it is killing the movie that was the apparent cause of the intrusion, “The Interview;” showings of another film, “Team America,” had been canceled, and production of a third film that referenced North Korea was canceled. This is what Obama had to say:

Q. North Korea seems to be the biggest topic today. What does a proportional response look like and did Sony make the right decision in pulling the movie, or does that set a dangerous precedent?

A. Let me address the second question first. Sony is a corporation. It suffered significant damage. There were threats made against its employees. I am sympathetic to the concerns they faced. Having said all that, yes, I think they made a mistake.

Knuckling under to terrorists, Obama said, is not the American way:

We cannot have a society in which some dictator starts imposing censorship here in the United States. Because if somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary they don’t like or news reports they don’t like. Or even worse, imagine if producers and distributors and others start to engage in self-censorship because they don’t want to offend the sensibilities of somebody whose sensibilities probably need to be offended. That’s not who we are. That’s not what America is about.

No one can listen to this without thinking about Benghazi. About how Obama and Hillary Clinton blamed a well-organized attack by terrorists armed with mortars on a YouTube video that no one saw, and then arrested the video maker. And about how taxpayers then paid for excruciating advertisements, played in Pakistan, where Clinton apologized for the otherwise-unknown video. That’s our Barry, the tireless defender of free speech! And if North Korea’s attempt to censor Sony is such an obvious affront to our democracy, then where has our president been for the last 25 days, while Sony has been twisting in the wind?

So, according to Obama, Sony made a mistake. What was it?

Again, I am sympathetic that Sony has worries about liability. I wish they had spoken to me first. I would’ve told them do not get into a pattern in which you’re intimidated by these kinds of criminal attacks.

Right. The idea that anyone would turn to Barack Obama for inspiration to stand up to terrorists is laughable. But, in any event, if Obama is so eager to preserve the American way of life, why does he have to wait for the phone to ring? Why couldn’t he call Sony’s CEO and tell him not to cave into the North Koreans–don’t worry, the government has your back?

Not only did Obama not do any such thing, Sony’s CEO promptly told reporters that his company did, in fact, reach out to the White House:

[Sony Pictures CEO Michael] Lynton reacted to Obama’s comment that he wished Sony had reached out to them. “We definitely spoke to a senior advisor in the White House to talk about the situation. The fact is, did we talk to the president himself? … The White House was certainly aware of the situation.”

That they didn’t connect with the president is not surprising. It has been obvious for a long time that there is no one home at the White House.

This whole episode is a classic example of Obama’s leading from behind. He lies low for nearly a month and is nowhere in sight when Americans, attacked by a foreign power, come looking for help. Isn’t this why we have a federal government? Then, when the dust has settled, Obama emerges from his hideout and points the finger of blame at others.

As for the “proportional response,” Obama offered no clue as to what it might be:

They caused a lot of damage, and we will respond. We will respond proportionally and in a place and time and manner that we choose. It is not something I will announce here today at a press conference.

We can only hope. But retaliation doesn’t seem to be in the forefront of Obama’s thinking. He continued:

More broadly, though, this should be cause to work with the international community to start setting up some very clear rules of the road in terms of how the internet and cyber operates. Right now, it is the Wild West.

Working with the “international community” to increase regulation of the internet–now there is something Obama can get excited about! I hope I am wrong, but I suspect the North Koreans won’t need to lie awake at night, worrying about Obama’s proportional response.

And, needless to say, no reporter asked whether it was the North Koreans, the Russians or someone else who hacked into the White House’s own computer system just two months ago.

On the Sony hack, a CTO speaks

Reader Jonathan F. writes in response to John’s post on our pathetic response to the Sony hack. Having worked in IT since 1996, Jonathan is the Chief Technology Officer at his company. He has been involved in the security side of IT at least part time since 2000. He is a Certified Information Systems Security Professional, the certification bestowed by (ISC)2. He also has a CompTia Security+ certification. His corporate responsibility includes cybersecurity for his company, and also as a contractor for some government projects. He is therefore focused on the defense side of cybersecurity. I think his comments add a context to events in the headlines that is worthy of consideration. He writes:

You raised a lot of questions in your post. Most of your questions can be summed up as “How bad is the cybersecurity situation?” and “What are we doing to prevent these attacks?” I am not going to delve into the political aspects of the “proportionate” response. I will leave that up to you.

The answer to the first question is as depressing as it is easy. We are under pervasive and constant attack. According to GAO testimony to Congress in April this year (GAO-14-487T), there were 61,214 cyber incidents, of which 46,160 were deemed cyberattacks (GAO-14-354). The remaining were not considered cyber-attacks. For instance, losing a PC would be an “incident,” but not an “attack.” Note that these are only the incidents that were noticed and reported to the government for tracking. Some incidents are unreported and others are unknown. So, these numbers are considerably lower than reality. Additionally, per the same reports, the attacks are rapidly increasing in number, rising over 100 percent between 2009 and 2013.

As for what we are doing, the answer to that question is more complicated. It also is somewhat depressing. The simple fact is, we can harden networks against most attacks, especially the amateur script-kiddies, but a really determined professional attacker likely will find a way in. To really secure your network, you need to disconnect from the Internet. Unfortunately, this isn’t an option for most entities.

Due to the above reality, really critical infrastructure (like nuclear power plants) is supposed to be completely disconnected from the Internet. I worked for a power company for several years and from personal experience I can tell you that they took this very seriously. I can also tell you that it is very easy to run a cable from one network switch to another and that this can be very hard to spot. In other words, while they are not supposed to have any critical infrastructure on the Internet, and there is a real effort to ensure this is the case, accidents can (and do) happen.

This Sony hack has been widely reported as the “first cyberwar,” which we have supposedly lost. This is utter nonsense. Has everyone already forgotten Stuxnet and Iran? You mentioned the Executive Office hack and Target. This is merely one more skirmish, one which was dealt with very poorly (or pathetically, as you suggest). Everything I have read about the Sony hack leads me to believe that they did not take security very seriously to start with, and they responded poorly. It’s always easy to be an armchair quarterback, especially with little information, so I will refrain from saying more about that.

The truth is that the black hats are winning right now. The white hats are playing a defensive game. We do what we can, but mostly it is monitoring the networks to hope we spot something in time. If we don’t, things like Target and Sony happen. Things like the White House attack (and thousands of others you are not even aware of) happen. For instance, did you know that 48,000 Federal employees recently had their information stolen?

Anti-virus software is no longer nearly as effective as it used to be. Why? Malware writers now have their programs modify themselves when they install. This means that the old method of running a static check (usually using something called an MD5 checksum) no longer works. It’s like a bank robber wearing a disguise – if it’s good, no one can tell the real identity of the perpetrator. While heuristic algorithms that can see through this disguise have been developed, they are still a few steps behind and tend to turn up false positives.

The Federal Government is better at cyber-security than most private enterprises, but even they admit that they are not well prepared for a full-scale cyber-attack. I recommend reading the entire article, as it is not technical, and provides some additional insights into the preparedness of our government for similar attacks. It also contains this gem, which I find very interesting; in light of the whole Lois Lerner lost emails farce: “Federal auditors have uncovered one bright spot in resiliency — at the Internal Revenue Service. The tax agency has processes in place to recover data, including up-to-date contingency plans it has rehearsed, according to an April Government Accountability Office report.”

As for your questions about how the White House and State department tried to suppress information on the breach in November, it probably wasn’t just politics. Indeed, it is easy to argue that it wasn’t even primarily politics. It is a good method for handling breaches like that, especially when you are able to glean useful information from them – or feed false information to the attackers. When a security breach happens, and is caught, a good practice is to isolate the breach, and then carefully monitor the hackers, their tools, and their methodologies. Then, when you have the information you want, you close it down.

If you suspect that the attackers are politically motivated (e.g., foreign government, espionage, etc.), you can also feed them false data, effectively turning your breach into a sort of double agent. It is also possible to present vast quantities of worthless information, thus slowing the hackers down. Their search goes from “needle in a haystack” to “sand grain in the Sahara.”

This article presents more information on the rationale behind delayed (or very subdued) reporting of incidents, and how they can be used against the attackers. It is presented in non-technical language, and provides a good overview of the issues involved in the decision of whether and when to go public with breach information.

I trust that other knowledgeable readers will weigh in in the comments.

In Today’s Mailbag. . .

Oh goody—a new journal dedicated to the holy trinity of race, class, and gender, because I’m sure there’s a shortage of outlets for scholarship in this field.  Here, in full, is an email communication I received today:

Dear Steven Hayward:

We are thrilled to announce that the Journal of Race, Ethnicity, and Politics (JREP) is now open for submissions and review! This moment has been years in the making, and is particularly meaningful as the REP section of APSA approaches its 20th anniversary.

Please find more information about the journal below. We encourage you to send your best work to JREP, and we very much appreciate your timely responses to review requests.

For future use, your user name is S——— and your password is ———–.

Thanks, and happy holidays!

The editorial team of JREP

Karthick Ramakrishnan, UC Riverside

Michael Javen Fortner, CUNY Graduate Center

Michael Jones-Correa, Cornell University

Sheryl Lightfoot, University of British Columbia

Dara Z. Strolovitch, Princeton University

Email contact: repjournal@gmail.com


Journal of Race, Ethnicity, and Politics (JREP) is the official journal of the Race, Ethnicity, and Politics section of the American Political Science Association. JREP highlights critical and timely research into the multiple junctures between politics and issues of race, ethnicity, immigration, and indigeneity, as well as their intersections with other axes of identity and marginalization. The journal publishes work that broadly focuses on racial and ethnic politics, from scholars across all subfields of political science and allied disciplines. The key distinguishing feature of the journal is its focus on politics, whether in a single country, across countries, or transnationally.

JREP is open with respect to areas of substantive focus, with methods and approaches ranging The journal will also provide opportunities for enhanced academic engagement, including a guest column section featuring perspectives from practitioners in political and policy worlds, specialized symposia on timely topics, and blog postings and media engagement by authors, reviewers, and editors.


Instructions for contributors can be found on the JREP website.


A reminder that we have also launched an official blog for the journal, Politics of Color (http://politicsofcolor.com/), featuring commentary and reflections by scholars of race, ethnicity, and politics.

If you are interested in submitting a piece, please read our submission guidelines (http://politicsofcolor.com/submission/).

As Squidward likes to say on Spongebob Squarepants, “Would that just be the best day ever?!”  I know I can’t wait to dig in.

Check Your Privilege copy

JOHN adds: Sick. Utterly sick. Where does the money for this sort of BS come from?


This has to be a gag, right?  (If not, I’m going to start a gang immediately, which I’ll call the “Fink-Nottle Newt-sters.”)

You’ve probably already heard about “Wodehousing,” a disturbing trend in which teenagers videotape themselves covering strangers’ homes with the full text of P.G. Wodehouse novels. . .

In case you need a bracer, though, here are some basic facts about the illegal new craze:

1. P.G. Wodehouse did not invent “Wodehousing”
Though the British author was an eminent jokester and wit, his pranks never included writing the entirety of his novels sentence-by-sentence on unsuspecting neighbors’ homes. The first documented instance of “Wodehousing” occurred in New Jersey in 2011.

2. Cleaning up after getting “Wodehoused” takes hours
Scrawling the entirety of Wodehouse’s 1938 book The Code Of The Woosters on someone’s house might seem like fun to the teens doing it, but to homeowners it’s anything but. It can take hours and cost hundreds of dollars to scrub away passages describing (often in spray paint!) the buffoonery of Bertie Wooster and his quick-thinking butler, Jeeves.

3. Three teens have died while “Wodehousing”
Two of them slipped while trying to “Wodehouse” a residence that overlooked a sheer cliff face. A third teen was struck by a drunk driver who’d accidentally veered onto the lawn of the home she and her friends were “Wodehousing.”

4. “Wodehousing” always involves a P.G. Wodehouse novel
Defacing someone’s walls with one of Wodehouse’s short stories (or short story collections) is considered a lesser form of “Wodehousing.” Works by Wodehouse contemporaries such as James Thurber and Raymond Chandler are similarly looked down on.

5. “Wodehousing” can happen to anyone
Even if you live in a typically “safe” neighborhood, you may be at risk of being “Wodehoused.” Be alert and on the lookout for groups of teenagers, usually Caucasian and dressed in tweed jackets and bowler hats, walking at night carrying stationery along with one or more copies of a P.G. Wodehouse novel. Report such activity to your local police immediately

Gruntled copy

Pinker Steps Up Against Harvard Anti-Israel BDS

Paul wrote yesterday about the mendacity of the Israel BDS (“Boycott, Divest, Sanctions”) movement at Harvard, where the presence of a water dispenser made by an Israeli-based company in Harvard dining halls was called a “microaggression” by the permanently aggrieved.

Late yesterday the widely noted psychologist Steven Pinker stepped up, writing to Harvard’s president Drew Faust and provost Alan Garber to protest in the strongest possible terms against capitulating to the mob on this issue. I’ve never known exactly what to make of Pinker, who is a liberal of some stripe. I’ve liked some of his work when I read it (especially parts of his book The Better Angels of Our Nature); other times, not so much. But here he deserves our three cheers.

Here are the best two paragraphs:

Equally foreign to the mission of a university is the idea that students are to be protected from “discomfort” or so-called “microaggression” when they are exposed to beliefs that differ from theirs, or when the university does not accede to demands that it prosecute their moral and political crusades. Discomfort is another word for tolerance. It is the price we pay for living in a democracy and participating in the open exchange of ideas.

Middle East politics above all is a subject on which thoughtful people disagree; it is certainly not one on which a university should decree the correct position. While I am sympathetic with many of the students’ objections to the current policies of the Israeli government, I object even more strongly to the policies of the governments of countries such as Russia, India, Pakistan, China, Turkey, and Saudi Arabia. In a world filled with governments with deplorable policies, it is pernicious for a university to single out one of them for opprobrium.

You can download a PDF of the whole letter here. And here’s a facsimile for readers with really good eyesight:

Pinker 1 copy

Pinker 2 copy

Where Did the Jobs Go?

Somewhat remarkably, given that it has presided over the worst recovery–by far–of the post-war era, the Obama administration tries to slice and dice employment numbers to portray itself as a champion of job creation. There are, indeed, a few more jobs today than there were six years ago. Yet for most Americans, the employment scene has gotten worse, not better. Why is that?

Senate Budget Committee staff offer data in explanation:

According to BLS data, in November of 2007 there were 23.1 million foreign workers in the United States with jobs. Today, the BLS reports, there are 25.1 million foreign workers in the United States with jobs – meaning 2 million jobs, on net, have gone to foreign workers since the recession. By contrast, BLS reports there were 124 million American-born workers with jobs in November of 2007 but only 122.5 million American-born workers with jobs today – a decline of 1.5 million for American workers.

Think about this: despite American workers accounting for 70 percent of all population growth among adults, they received, on net, none of the post-recession jobs gains. As a result, there are 11 million more American workers outside the labor force today than 7 years ago. So, despite the trillions spent, the enormous interventions, the years spent trying to climb out of the economic doldrums, the total number of American workers who are employed today is 1.5 million less than at this time in 2007. All employment growth during this time went to foreign labor imported from abroad at less cost.

This is not an inexplicable phenomenon but the plain result of Washington policy: each year the U.S. admits 1 million permanent immigrants (overwhelmingly low-wage) in addition to 700,000 foreign guest workers, 500,000 foreign students, and 70,000 refugees and asylees. The number of foreign-born has quadrupled since 1970. During that same time, the NYT reports: “More than 16 percent of men between the ages of 25 and 54 are not working, up from 5 percent in the late 1960s; 30 percent of women in this age group are not working, up from 25 percent in the late 1990s. For those who are working, wage growth has been weak, while corporate profits have surged.”

Here are the BLS data. You can check the numbers for yourself; click to enlarge:

BLS data

So Far, Response to Sony Hack Is Pathetic

North Korea, we are told, hacked into Sony Pictures’ computer system. The hackers made off with a vast number of emails, brought film production to a halt by disrupting Sony’s ability to pay bills, and stole passcodes governing entry into the studio’s headquarters so that employees had to line up to gain admission, one by one. The hackers then caused two movies to be withdrawn from circulation by threatening terrorist attacks on theaters, almost certainly an empty threat. In response to these acts of war–if it really was North Korea–our newspapers carried on gleefully about whether Angelina Jolie really is a moron, and whether it is “racist” to speculate in childish fashion about whether Barack Obama likes movies featuring black characters.

I would say that the administration’s response was equally lame, except that so far there hasn’t been one. White House spokesman Josh Earnest, who is ineffective on his best days, was asked about the Sony matter. Here is the exchange:

Earnest says that “this is something that’s been treated as a serious national security matter.” Not so far, it hasn’t been. This concerns me, too: “[T]hey would be mindful of the fact that we need a proportional response and also mindful of the fact that sophisticated actors when they carry out actions like this are often times, not always, but often, seeking to provoke a response from the United States of America.” I never understand the concept of a proportional response. What are we going to do, knock out part of North Korea’s film industry? The response to any terrorist act should not be proportionate, but rather, should be massive enough to deter any future actor from even considering doing anything similar.

The striking thing about the Sony attack is how much worse it could have been. The film industry is relatively unimportant. What if North Korea, or some other adversary, carried out a similar attack against J.P. Morgan Chase, Bank of America, Citigroup and so on? They could bring America’s banking system to its knees. Or how about hacking into the computer systems of America’s utilities? Could a hostile regime turn off power to homes in the northern U.S. in mid-winter? Or maybe a hacker could disrupt the traffic lights in a major American city, and bring traffic to a standstill. The possibilities are endless. And North Korea is by no means the last word in computer expertise. The Chinese have state of the art technological capacity. Russia is a basket case in many ways, but software is like chess and Russians are great at it.

Was Sony Pictures’ computer system uniquely inadequate and therefore vulnerable to intrusion? I haven’t heard anyone say that. It appears that many companies could be vulnerable to similar attacks; indeed, as we have recently seen, major retailers have been vulnerable to hackers who sought profit rather than disruption. But the potential for disruption is the national security threat.

And if companies are vulnerable, then how about government agencies? What if North Korea hacked into the White House’s or State Department’s computers?

Maybe they already have. In October, we wrote here, here, here and here about a mysterious intrusion that brought down computers in the Executive Office of the President (which includes the White House and much more) and the State Department. The Obama administration was close-mouthed about the incident and refused our several requests for comment. Despite our efforts, the story was barely covered in the press, and disappeared without a trace. To my knowledge, no one has ever reported on the source of the intrusion or the cause of the outage.

It seems likely that the Obama administration wanted to suppress the story, which threatened to break days before the midterm elections. News of a hostile power invading the White House’s own computer system, if that is what happened, or may have happened, would have reinforced the perception that the Obama administration is weak. It is easy to imagine the press staying away from the story on political grounds. So, for all we know, the North Koreans–or the Russians, the Chinese, or some independent group–may already have carried out a highly destructive attack on the federal government’s computer system.

Be that as it may, the central questions arising out of the Sony Pictures story are 1) how widespread is the vulnerability to sophisticated hackers among corporations and government agencies, and 2) what can be done to secure our systems so that catastrophic attacks do not take place in the future? President Obama is scheduled to give a speech on several topics, including the Sony hack, later today. It will be interesting to see whether he addresses these questions, and if so, how.