Offensive hacking: why western countries are reluctant

What is offensive hacking?

Offensive hacking—also called “hacking back” or “hacking back”—is actively attacking adversaries’ computer systems. This can involve states, organizations, or criminal groups carrying out a cyberattack. While defensive cybersecurity focuses on protecting and monitoring one’s own networks, offensive hacking aims to disrupt the source of an attack, gather information, or disable adversary systems.

Examples of offensive actions include penetrating servers to disable malware, destroying stolen data, or even shutting down infrastructure used to launch cyberattacks.

Why the reluctance in the West?

Although the technology is available, many Western countries and organizations are deliberately hesitant. There are several reasons for this:

1. Legal Limits – International law is unclear regarding the legality of hacking back operations. Attacks can quickly be seen as a violation of sovereignty or even an act of war.
2. Escalation Risk – An offensive hack could lead to retaliatory attacks, expanding or intensifying a conflict.
3. Collateral damage – Digital attacks are often difficult to contain. An attack against a criminal’s server can also affect innocent third-party systems, such as cloud providers used by multiple customers.
4. Ethics and reputation – Western democracies want to portray themselves as states that respect the rule of law and human rights. Offensive actions can clash with that image.
5. Complexity and attribution – It’s often difficult to determine with certainty who is behind an attack. A botched hackback can affect innocent parties.

Examples of countries that use offensive hacking

• United States – The US has one of the most advanced cybersecurity commands in the world. The U.S. Cyber ​​Command regularly conducts offensive operations. A well-known example is Stuxnet (2010), a joint operation with Israel that sabotaged Iranian nuclear facilities. In 2018, the US announced that it was also using offensive hacking against Russian troll factories attempting to influence elections.
• Israel – Israel is known for its extensive cyber capabilities. In addition to defensive measures, it also deploys offensive means, often targeting hostile states or groups in the Middle East. The collaboration with the US on Stuxnet is the most prominent example, but the company NSO Group – producer of the Pegasus spyware – also illustrates how Israeli technology enables offensive capabilities.
• United Kingdom – The United Kingdom has explicitly stated through its National Cyber ​​Force that it will conduct offensive cyber operations. Their goal: to digitally weaken hostile states, terrorists, and organized crime groups.

How the Netherlands deals with this

Since 2014, the Netherlands has had a Defense Cyber ​​Command, which has both defensive and offensive cyber capabilities. However, the policy is cautious: offensive means are only deployed in very exceptional circumstances, for example, in the event of a (potential) military conflict.

Furthermore, the Dutch government emphasizes that hackback by private companies is prohibited. Only the state may use such means, and always under democratic control. The National Cyber ​​Security Center (NCSC) and the Public Prosecution Service emphasize cooperation, information sharing, and the legal prosecution of cybercriminals, rather than digital retaliation.

How the EU deals with it

The European Union is opting for a multilateral and legal approach. Instead of offensive hacking by member states, the EU is focusing on:

• Sanctions against states, companies or individuals responsible for cyberattacks (for example, against Russian and Chinese hackers).
• International cooperation, such as through Europol’s European Cybercrime Centre (EC3).
• Legislation and standards, including the NIS2 Directive, which obliges Member States to increase their cyber resilience.

The EU views offensive hacking primarily as a risk of escalation and undermining the international rule of law. Therefore, the emphasis is on diplomacy, economic pressure, and collective resilience.

Arguments for offensive hacking

• Deterrence – Making it clear that attacks have consequences can discourage states or criminals.
• Proactive protection – Disabling malware infrastructure can prevent future attacks.
• Speed ​​– In some cases, offensive action can provide protection faster than waiting for legal or diplomatic action.
• Intelligence Advantage – By breaking into hostile systems, valuable data and insights can be gathered.

Arguments against offensive hacking

• International law – There is no clear legal basis, meaning hack back operations operate in a gray area.
• Unintentional Damage – Digital assets can spread beyond their original target.
• Escalation and retaliation – Every attack can lead to a counter-attack, further escalating the situation.
• Democratic oversight – Offensive operations are often secret, leaving little room for parliamentary or public oversight.
• Alternatives – Collaboration with the police, international partners and judicial instruments is often considered more effective and sustainable.

Conclusion

Offensive hacking remains a controversial tool in the digital world. Proponents see it as necessary to proactively combat attacks and deter adversaries. Opponents, however, point to the legal, ethical, and practical risks.

The Netherlands and the EU are opting for restraint and international cooperation. This approach aims to combat cyberattacks without the risk of uncontrolled escalation. Yet, the question remains: can a fully defensive posture provide sufficient protection in a world where cyberattacks are becoming increasingly complex and aggressive?