If Laos wants to be taken off the list of permitted targets then it can crack down on fraud. They have effectively allowed digital privateering against us by failing to crack down on fraud.

https://www.theguardian.com/technology/2025/dec/02/scam-stat...

- you don't know "who" you hit. The case in TFA is still rather simple (just send the "hack" as the response), but you will still most likely hit some residential proxy and nuke some random person instead of the responsible actor - (this is not too related to TFA but a point in discussions about hack-backs on a state-actor level) unless you're doing a very simple "attack", you need to have some sort of vuln ready to perform any kind of hack-back. Which leaves the ethical dilemma that actors are now motivated to keep vulnerabilities available, thus making the world more unsafe. And once you have used your vulnerability, your "enemy" probably knows it as well.

What about security researchers scanning for their research? What about scanners that notify you?

Its a bit trigger happy and I do something like change VPN, with my session, and it looks like I'm trying to probe with multiple IPs.

Boom, my devices all fall apart and my internet is offline until they stop DOS'ing me