Cyber Private Eyes Go After Hackers, Without Counterattacking

Striking back against hackers directly might be off limits but some former spies and cyber cops say that disrupting an attack in progress is a different story, as long as defenders follow the letter of the law. That often means persuading a hacker to give consent to access the computer or database being used in the suspected cyberattack, for instance by posing as a customer for stolen data.

Max Kelly,

the chief executive of security-services provider Redacted Inc., advocates proactively going after digital criminals. Businesses hire Redacted to manage their security, but the company can also take on hackers, he said.

Redacted’s employees, 60% of whom are former intelligence officers, will engage with cybercriminals such as ransomware operators, those offering his clients’ data for sale on the dark web, or serial online harassers, he said.

Mr. Kelly’s team builds a profile of the attackers by gathering information about them from the public internet and hidden hacker forums on the dark web. The investigators can often find out which hacking tools were used and where they were bought and can trace emails to identify a culprit, he said.

A direct confrontation often can be enough to get them to back off, said Mr. Kelly, who previously worked at the Federal Bureau of Investigation, the National Security Agency and

Facebook Inc.

“[The attackers] think they’re impervious and can’t be touched,” he said. “As soon as you come and poke at them, and they’re able to connect that to the activity they’re involved with, they disappear.”

The idea…