The plan was to hack the hackers. Cybercriminals had targeted a global bank’s customers with phishing emails to break into their accounts. The legal option—waiting for law enforcement to investigate and perhaps apprehend the hackers—would have taken too long. So the bank was willing to try something else, and a team of security consultants offered to strike back.
The idea, one member of the team said, “was full breach. Collect intel on suspects; who possibly had been caught [by the hackers’ attacks],” and then destroy any stolen data. The Daily Beast granted anonymity to the source, who worked with the hacking team on behalf of the bank, to discuss sensitive industry practices. They did not name the bank.
The bank’s team broke into the hackers’ infrastructure on a selection of overseas servers, and found a list of who exactly the attackers had phished, as well as clues on their location.