Actually, I’m being too kind to the FBI. If you call 911 to report a home invasion, at least the police will send someone to your house who is armed and ready to take on the intruder. (Whether they’ll arrive in time is a different question, leading to the familiar saying, “When seconds count, the police are just minutes away.”)
If you call the FBI to report a network intrusion, though, you’ll get a stifled yawn and a request to meet with your CEO for relationship building purposes. Given the government’s feeble capabilities against cyberespionage, discouraging corporate self-help is particularly irresponsible.
Not everything the bureau said was wrong. Shutting down third party servers probably is illegal under the Computer Fraud and Abuse Act. In contrast, I doubt that companies are acting unlawfully when they delete their own files from a hackers’ computer, though I recognize that Orin Kerr has a different view, and the Justice Department may be closer to Orin than to me on this.