Despite a recent report that suggests\u00a0businesses are increasingly engaging in cyber counter-attacks, I won't\u00a0believe it until I see more than anecdotal evidence. Here's why.\n\tAs\u00a0is the case with most\u00a0aspects of\u00a0business these days, the first issue is cost.\u00a0If a company doesn't already have a lot of "black hatters" on staff, it's either going to have to hire some or outsource the jobs. I intend\u00a0no offense to people (like my brother) in the security-for-hire business, but I have my doubts about this kind of contracting. Machiavelli described consultants like this:\n\t\n\t\t\u201cDisunited, ambitious, without discipline, unfaithful; gallant among friends, vile among enemies; no fear of God, no faith with men; and one defers ruin insofar as one defers the attack; and in peace you are despoiled by them, in war by the enemy.\u201d \n\n\tHe was referring specifically\u00a0to mercenaries, but I think the rule holds true.\n\tWhile contract law has come a long way since Niccolo\u2019s day,\u00a0such a scenario is akin to giving someone with a profit motive a \u201csend me to jail free\u201d card. Best case scenario there? A\u00a0major expose by the press and a knock on the door by one or more law enforcement agencies.\n\tAnd if a company\u00a0had to do this work\u00a0in house,\u00a0would it\u00a0really be prepared to build\u00a0its own war machine?\n\t\u201cDesigning, implementing and launching a successful cyberattack against a high value target (i.e. not Grandma's home computer) is a non-trivial task, requiring months or years of effort by highly specialized talent,\u201d according to Nate Kube, founder and CTO of Wurldtech Security Technologies.\n\tIf you believe offense is\u00a0the best defense then\u00a0these sort of attacks would be an ongoing expense. \u00a0\n\tNow let\u2019s assume\u00a0such an\u00a0attack is successful. A company would have to be absolutely dead-certain\u00a0it has\u00a0the right source of the attack. (Or it would have to be\u00a0run by\u00a0sociopaths who really don\u2019t care about anyone else.) Spoofing, masquerading and multi-national server hopping make it very easy for the innocent to\u00a0appear guilty.\n\tEven if\u00a0a\u00a0company could somehow get all\u00a0that right (and it doesn\u2019t turn out that\u00a0it's going up against the Russian or Chinese governments) it would have to be ready for an attack to boomerang.\n\t\u201cContainment of an attack is next to impossible,\u201d says Kube. \u201cMore commonly either the attack gets into the wild accidentally and damages the originator too like Stuxnet did; or a target discovers the attack and repurposes it for its own use, as has happened with Flame.\u201d\n\tSo the worst outcome may be if a counter-attack\u00a0effort succeeds.\n\tFinally and probably most importantly I don\u2019t believe this happens a lot (if at all) because it\u2019s impossible to see what the company gets out of it. Revenge is a powerful motive but good luck selling it to the CFO. War\u00a0gets a lousy\u00a0ROI. That\u2019s why we leave it up to governments.