This comment shows the disconnect between many comments I read on this forum[0] and the real world, frankly.
Whenever Apple or Samsung release an update for their smartphones, I have a to help family members click through dialogs to install them. How are they supposed to assess and implement security for an IP camera they bought at a department store?
How would they do it anyway? Is the expectation that they fire up Wireshark, identify traffic flows to and from their device, then configure the firewall on their consumer-grade router to limit this traffic?
[0] previously read just '... disconnect between this forum ...'
I'm not sure how that would help the problem. When you're talking about thousands or more devices, counterattacking them individually wouldn't be feasible.
Also I imagine many botnet owners secure the devices they take over so that others can't steal them for their own botnet.
This is a Bad Idea, because you have no way of knowing whether the devices you are "counter-hacking" are simple IoT devices or if they perform a critical function of some sort. The last thing you want to do is accidentally take offline/brick an Internet-connected medical device or computer at a hospital ER room, for instance, since it might literally result in someone's death.
That sounds like a "but think of the children" argument to me. We can conjure up ways how anything can go wrong.
But should we really worry about that scenario? If you have internet-exploitable and already-exploited devices in the ER room, haven't the horses left the barn already?
That would shift incentives back to the owners to some extent, since they're basically acceptable targets as long as their devices are insecure.