A consortium of researchers dedicated to improving the understanding of the human causes and consequences of terrorism

Study finds that warning banners deter hackers

Hackers spend less time on computers that display warning banners than computers that do not

Using a warning banner on a computer’s login screen decreases the amount of time that hackers will stay on the computer, according to new cybersecurity research funded by the National Consortium for the Study of Terrorism and Responses to Terrorism (START). Using nearly 600 computers over two experiments, the researchers found that warning banners meant to deter unauthorized access to a computer or network increased the probability by more than 20 percent of the hackers’ terminating the trespassing session sooner than on computers with no warning banner.

David Maimon, a START researcher and the lead author of this study, said this is a significant finding for computer scientists and engineers.

“If you have a hacker on your system for five minutes instead of ten minutes, the damage the hacker potentially can do is very much different,” said Maimon, assistant professor of criminology and criminal justice at the University of Maryland.

“We believe that there’s a way for us to mitigate the effect of a trespassing incident and reduce the probability of serious damage on the system.”

Published in the field’s leading journal, Criminology, the study found no significant difference in the frequency of repeated system trespassing incidents between the two types of computers. The experiments also found that bandwidth and memory size does not significantly affect the hazard rate for system trespassing termination on both types of computers.

The research supports the National Institute of Standards and Technology’s recommendation to display a warning banner when any individual, including authorized users, logs in to a networked computer. In addition, the research supports using criminological theories, especially the deterrence perspective, for the study of computer-focused crimes. Using this research as a base, START is currently working to increase the presence of cybersecurity courses and programs at the University of Maryland, College Park in the near future.

Maimon said this research can be generalized to most computers or devices, except for computer networks for the government and financial institutions, because these networks tend to be infiltrated by more sophisticated hackers. Maimon plans to conduct more research on deterring cybercrime to expand on the findings in this study.

The study, “Restrictive Deterrent Effects of a Warning Banner in an Attacked Computer System,” completed by Maimon, Mariel Alper, Bertrand Sobesto and Michel Cukier, received funding from the SANS Institute, START and the National Science Foundation.

The full study can be read in Criminology here.