This whitepaper introduces the Offensive Countermeasures. The Offensive Countermeasures is a security strategy that creates consequences for the attackers who hack our computers. We hold the tenet that if resources are not spent on tracking and disrupting the attackers, then we are, by omission, allowing them to try new ways to breach our defences and to come back later to steal even more from us.
At a high-level, the Offensive Countermeasures consists of a wide range of power instruments such as: negotiation, psychological warfare, cyberwarfare, economic warfare, information warfare and prosecution.
We’re showcasing an anonymised case study where our company used Offensive Countermeasure tactics to discover the individuals behind ongoing attack campaigns against one of our clients. We confirmed the identities of the adversaries using GPS tracking and social engineering techniques. In the end, we issued them a cease and desist letter with an expressed threat that legal and law enforcement actions would be taken if the attacks did not stop immediately. The Offensive Countermeasures aimed to stop their ongoing attack campaigns, and stop they did.
A common misconception about the Offensive Countermeasures is that it consists of illegally hacking back the hackers. In our case study, however, we show that none of the tactics employed were illegal. Furthermore, it cost our client significantly less to employ Offensive Countermeasures than investing in hiring more IT security personnel or purchasing new security technologies that most likely would have proven ineffective against a persistent adversary.
Therefore, we conclude that until worthwhile consequences are imposed by defenders and law enforcement onto the adversaries, computer hacking will continue.