Abstract
Can computing environments deter system trespassers and increase intruders’ likelihood to cover their tracks during the progression of a system trespassing event? To generate sufficient empirical evidence to answer this question, we designed a series of randomized field trials using a large set of target computers built for the sole purpose of being infiltrated. We configured these computers to present varying levels of ambiguity regarding the presence of surveillance in the system, and investigated how this ambiguity influenced system trespassers’ likelihood to issue clean tracks commands. Findings indicate that the presence of unambiguous signs of surveillance increases the probability of clean tracks commands being entered on the system. Nevertheless, even when given clear signs of detection, we find that intruders are less likely to use clean tracks commands in the absence of subsequent presentations of sanction threats. These results indicate that the implementation of deterring policies and tools in cyber space could nudge system trespassers to exhibit more cautiousness during their engagement in system trespassing events. Our findings also emphasize the relevance of social-science models in guiding cyber security experts’ continuing efforts to predict and respond to system trespassers’ illegitimate online activities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Furnell, S.: Cybercrime: Vandalizing the Information Society. Addison-Wesley, Boston (2002)
Online Trust Alliance: Data Protection and Breech: Readiness Guide. Online Trust Alliance (2014)
Storm, D.: MEDJACK: hackers hijacking medical devices to create backdoors in hospital networks. Computer World (2015). http://www.computerworld.com/article/2932371/cybercrime-hacking/medjack-hackers-hijacking-medical-devices-to-create-backdoors-in-hospital-networks.html
Riffkin, R.: Hacking Tops List of Crimes Americans Worry about Most. Gallup Poll News Service (2014). http://www.gallup.com/poll/178856/hacking-tops-list-crimes-americans-worry.aspx
The Comprehensive National Cybersecurity Initiative. The White House. www.whitehouse.gov
Becker, G.: Crime and punishment: an economic approach. J. Polit. Econ. 76, 169–217 (1968)
Gibbs, J.: Crime, Punishment, and Deterrence. Elsevier Scientific Publishing Company, New York (1975)
Harknett, R.: Information warfare and deterrence. Parameters 26, 93–107 (1996)
Harknett, R., Callaghan, J., Kauffman, R.: Leaving deterrence behind: war-fighting and national cybersecurity. J. Homel. Secur. Emerg. Manag. 7(1), 1–24 (2010)
Denning, D., Baugh, W.: Hiding crimes in cyberspace. In: Thomas, D., Loader, D. (eds.) Cybercrime: Law Enforcement, Security and Surveillance in the Information Age, pp. 105–132. Routledge, London (2000)
Goodman, W.: Cyber deterrence: tougher in theory than in practice? Strategic Studies Quarterly Fall, pp. 102–135 (2010)
Welsh, B., Farrington, D.: Making Public Places Safer: Surveillance and Crime Prevention. Oxford University Press, New York (2009)
Welsh, B., Mudge, M., Farrington, D.: Reconceptualizing public area surveillance and crime prevention: security guards, place managers and defensible space. Secur. J. 23, 299–319 (2010)
Nagin, D.: Deterrence in the twenty-first century. Crime Justice 42(1), 199–263 (2013)
Sherman, L.: Police crackdowns: initial and residual deterrence. In: Tonry, M., Morris, M. (eds.) Crime and Justice: An Annual Review of Research, vol. 12, pp. 1–48. University of Chicago Press, Chicago (1990)
Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. NIST Special Publication 800:30 (2002)
Png, I., Wang, Q.: Information security: facilitating user precautions vis-à-vis enforcement against attackers. J. Manag. Inf. Syst. 26, 97–121 (2009)
Maimon, D., Alper, M., Sobesto, B., Cukier, M.: Restrictive deterrent effect of a warning banner in an attacked computer system. Criminology 52, 33–59 (2014)
Jacobs, B., Cherbonneau, M.: Auto theft and restrictive deterrence. Justice Q. 31(2), 1–24 (2014)
Jacobs, B.: Crack dealers’ apprehension avoidance techniques: a case of restrictive deterrence. Justice Q. 13, 359–381 (1996)
Wright, R., Decker, S.: Burglars on the Job. Northeastern University Press, Boston (1994)
Clarke, R.V.: Situational crime prevention. Crime Justice 19, 91–150 (1995)
Cozens, P., Love, T.: A review and current status of crime prevention through environmental design (CPTED). J. Plann. Lit. 30(4), 393–412 (2015)
Ellsberg, D.: Risk, ambiguity, and the Savage axioms. Q. J. Econ. 75(4), 643–669 (1961)
Kahneman, D., Tversky, A.: Prospect theory: an analysis of decision under risk. Econometrica 47(2), 263–291 (1979)
Trautmann, S., Vieider, F., Wakker, P.: Causes of ambiguity aversion: known versus unknown preferences. J. Risk Uncertain. 36(3), 225–243 (2008)
Becker, S., Brownson, F.: What price ambiguity? Or the role of ambiguity in decision-making. J. Polit. Econ. 72(1), 62–73 (1964)
Jacobs, B.: Deterrence and deterrability. Criminology 48(2), 417–441 (2010)
Baillon, A., Bleichrodt, H.: Testing ambiguity models through the measurement of probabilities for gains and losses. Am. Econ. J. 7(2), 77–100 (2015)
Engebretson, P.: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy. Elsevier, Waltham (2013)
National Institute for Standards and Technology: Recommended Security Controls for Federal Information Systems and Organization (U.S. Department of Commerce) (2009)
Acknowledgements
This research was conducted with the support of the National Science Foundation Award 1223634.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Maimon, D., Testa, A., Sobesto, B., Cukier, M., Ren, W. (2019). Predictably Deterrable? The Case of System Trespassers. In: Wang, G., Feng, J., Bhuiyan, M., Lu, R. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2019. Lecture Notes in Computer Science(), vol 11637. Springer, Cham. https://doi.org/10.1007/978-3-030-24900-7_26
Download citation
DOI: https://doi.org/10.1007/978-3-030-24900-7_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24899-4
Online ISBN: 978-3-030-24900-7
eBook Packages: Computer ScienceComputer Science (R0)