Incident responders from Beyond Security published an interesting report explaining their involvement in a recent defacement of an Israeli Web site. I was surprised to not see any mention of shutting down access to the Web site upon discovering the intrusion. No wonder the intruders were active — the defenders were visiting a potentially hostile Web site: If the victims were visiting an intruder’s Web site during the incident response, that’s an easy way to tip off the attackers that defense is taking place. I think some basic rules were violated during this scenario.”]
Source: https://taosecurity.blogspot.com/2006/07/israeli-incident-response-report.html