System trespassing by computer intruders is a growing concern among millions of Internet users. However, little research has employed criminological insights to explore the effectiveness of security means to deter unauthorized access to computer systems. Drawing on the deterrence perspective, we employ a large set of target computers built for the sole purpose of being attacked and conduct two independent experiments to investigate the influence of a warning banner on the progression, frequency, and duration of system trespassing incidents. In both experiments, the target computers (86 computers in the first experiment and 502 computers in the second) were set either to display or not to display a warning banner once intruders had successfully infiltrated the systems; 1,058 trespassing incidents were observed in the first experiment and 3,768 incidents in the second. The findings reveal that although a warning banner does not lead to an immediate termination or a reduction in the frequency of trespassing incidents, it significantly reduces their duration. Moreover, we find that the effect of a warning message on the duration of repeated trespassing incidents is attenuated in computers with a large bandwidth capacity. These findings emphasize the relevance of restrictive deterrence constructs in the study of system trespassing.System trespassing, which is defined as "illegally gaining access to one or more computer systems after exploiting security vulnerabilities or defeating a security barrier" (McQuade, 2006: 83), is one of the fastest growing areas of cybercrime (Furnell, 2002). According to a recent survey of more than 580 information technology (IT) practitioners employed by large organizations and governmental agencies, 90 percent of U.S.
This practical experience report presents the results of an experiment aimed at building a profile of attacker behavior following a remote compromise. For this experiment, we utilized four Linux honeypot computers running SSH with easily guessable passwords. During the course of our research, we also determined the most commonly attempted usernames and passwords, the average number of attempted logins per day, and the ratio of failed to successful attempts. To build a profile of attacker behavior, we looked for specific actions taken by the attacker and the order in which they occurred. These actions were: checking the configuration, changing the password, downloading a file, installing/running rogue code, and changing the system configuration.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.