Restrictive Deterrence and the Severity of Hackers' Attacks on Compromised Computer Systems

Abstract

There is a lack of consensus within the literature assessing whether surveillance is effective in reducing the seriousness of criminal events, with almost no prior study investigating its operation in cyberspace. This thesis seeks to address both of these domains while drawing on the deterrence perspective. Data were obtained from an experiment conducted over seven months at a large, public university within the United States. Specifically, a series of virtual computers with known vulnerabilities were deployed into the university's computer network as part of a randomized controlled trial. This thesis seeks to examine 1) whether a surveillance banner reduces the severity of offending through inhibiting hackers from escalating to active engagement with the system upon gaining access on the first session and 2) whether the deterrent effect of a surveillance banner persists beyond the first session. This surveillance banner produced a restrictive deterrent effect for the first and second sessions.