Would it be possible to set up a honeypot that doesn’t just defend, but also counterattacks? For example, it could be a piece of malware that is propagated to the attacker’s computer when the honeypot is tripped. The attacker would not be able to accuse the defender of giving him malware without revealing his own complicity in the attempted cyberattack.
Of course, if CFAA prohibits this, then that’s the big reason why this isn’t done. Perhaps we need to legalize more active cyber defenses rather than force sysadmins to rely on passive defenses.