London-based plastic surgery clinic London Bridge Plastic Surgery (LBPS), which caters to high-profile celebrities, reportedly hacked back hacker group The Dark Overlord (TDO). In October, TDO hackers stole a massive trove of confidential photos from the plastic surgery clinic, threatening to leak them publicly. It appears that LBPS retaliated by attempting to hack the cybercriminals back, in efforts to gain some information about them.
The attack allegedly involved a malicious email sent to the hackers by LBPS chief surgeon Chris Inglefield, The Daily Beast reported. The email reportedly contained a file with no text, which when clicked was designed to grab TDO's IP address. However, TDO hackers reportedly claim that the attack was not successful in gaining any information about them.
"We've encountered a few petty, yet brazen, attempts to collect intelligence about us," a TDO member told The Daily Beast. "We confronted Christopher about his attempt to de-anonymize us, and he denied it vehemently. Although, we'll point out that this attempt was located on his user share of his own company's server. We punished Christopher accordingly."
It is still unclear, however, what form this "punishment" took. Last month, the hackers had threatened to publicly leak the stolen photos from LBPS, some of which they claimed, included pre and post-op photos of high-profile celebrities and members of unspecified royal families. However, no reports of such a leak have appeared yet.
"Any threat actor group worth their salt has built systems to safely interact with these attempts. While any attempt is concerning, it's extremely unlikely the potential client is sitting on an abundance of unknown exploits," the hackers told The Daily Beast. "In all cases, it amounts only to a fair bit of chuckling around the office."
TDO hackers have previously hacked and stolen data from a slew of Hollywood production houses as well as US-based hospitals. The group also recently shut down an entire school district threatening the staff and students with extremely graphic messages along with a ransom demand.
Hacking back against malicious cybercriminals is not yet the norm, although some tech firms have allegedly previously employed such counterattacks to defend and protect themselves. However, the legalities surrounding hack back attacks remain murky at best.
As of now, Britain and the US have no set legislation relating to hacking back. However, US lawmakers are now increasingly pushing for such counter attacks to be made legal, despite concerns raised by the infosec community. Former NSA director Keith Alexander told reporters that hacking back could "escalate conflict" and even possibly start wars, Motherboard reported.