| This already exists to some degree. It’s the “Brand Protection” industry and they’ve been doing it for years. Our clients were all Blue Chips that need additional help and or want plausible deniability. Having worked in the space, the normal flow would look something like: 1. Random WordPress blog is hacked, hosts a fake iCloud page, the is linked to in phishing emails.
2. We find it, either by direct reporting or by our internet crawling
3. We reach out to the hacked company, their hosting provider, and their DNS. The goal being take this site offline no matter how. This worked for the vast majority of hacks. Some random plumbing company has no clue their marketing site is compromised and happily works with us. Or maybe they host at GoDaddy and we have a privileged relationship with them and they disabled the site. Last resort the DNS company will just delete their records. Sometimes, though, we get a compromised site on a host in a foreign land that won’t cooperate. Then what? Well, it’s a legal grey area that our in-house counsel felt was perfectly fine: hack the site and take it down the hard way. We didn’t advertise or document when we did this. It was an open-secret inside the company however. All this does is legitimize the sadly necessary work we face in a modern world. |