A threat actor installing software specifically designed to log and monitor attacks from threat actors would be considered a blunder, no?