Predictably Deterrable? The Case of System Trespassers
Can computing environments deter system trespassers and increase intruders’ likelihood to cover their tracks during the progression of a system trespassing event? To generate sufficient empirical evidence to answer this question, we designed a series of randomized field trials using a large set of target computers built for the sole purpose of being infiltrated. We configured these computers to present varying levels of ambiguity regarding the presence of surveillance in the system, and investigated how this ambiguity influenced system trespassers’ likelihood to issue clean tracks commands. Findings indicate that the presence of unambiguous signs of surveillance increases the probability of clean tracks commands being entered on the system. Nevertheless, even when given clear signs of detection, we find that intruders are less likely to use clean tracks commands in the absence of subsequent presentations of sanction threats. These results indicate that the implementation of deterring policies and tools in cyber space could nudge system trespassers to exhibit more cautiousness during their engagement in system trespassing events. Our findings also emphasize the relevance of social-science models in guiding cyber security experts’ continuing efforts to predict and respond to system trespassers’ illegitimate online activities.
Maimon D., Testa A., Sobesto B., Cukier M., Ren W. 2019. Predictably Deterrable? The Case of System Trespassers. In: Wang G., Feng J., Bhuiyan M., Lu R. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2019. Lecture Notes in Computer Science, vol 11637. Springer, Cham.