Restrictive deterrence and the scope of hackers' reoffending: Findings from two randomized field trials

Abstract Extensive criminological research has investigated the effectiveness of law enforcement efforts to prevent offenders' reoffending and effect changes in criminal behavior patterns. However, no research has quantified the influence of gossip regarding law enforcement operations and its effect on repeat offending. Moreover, only scant research has studied these relationships in the cyber-environment. The current work addresses this gap by studying the effect of online messages sent to active hackers that describe law enforcement efforts against website defacement activity. In two field experiments, we randomly assigned self-identified hackers with active Facebook accounts into control and treatment groups. We then sent subjects in the treatment group a gossip message (via Facebook) alerting them to law enforcement efforts in cyberspace. Following the intervention, we compared the control and treatment groups in terms of changes in the proportion of reoffending, number of website defacements, and severity of website defacements. Findings reveal that when the gossip was sent to a hacker's private inbox, it prompted a reduction in the proportion of hackers who reoffend, the frequency at which they reoffend, and the severity of attacks they generate. However, posting similar gossip on the hacker's Facebook wall was ineffective in restricting malicious hacking activity. Theoretical implications and practical recommendations for law enforcement operations in cyberspace are discussed.

[1]  Daniel S. Nagin,et al.  Deterrence: A Review of the Evidence by a Criminologist for Economists , 2013 .

[2]  Heith Copes,et al.  Advancing restrictive deterrence: A qualitative meta-synthesis , 2016 .

[3]  Laurence Steinberg,et al.  Peer influence on risk taking, risk preference, and risky decision making in adolescence and adulthood: an experimental study. , 2005, Developmental psychology.

[4]  D. Reynald,et al.  The Offenders’ Perspective on Prevention , 2012 .

[5]  Orrin E. Klapp,et al.  Heroes, villains and fools, as agents of social control. , 1954 .

[6]  Kelly Klima,et al.  Estimating the Global Cost of Cyber Risk , 2018 .

[7]  M. Banton The policeman in the community , 1965 .

[8]  Ronald V. Clarke,et al.  Situational Crime Prevention: Theoretical Background and Current Practice , 2009 .

[9]  Will Goodman,et al.  Cyber Deterrence: Tougher in Theory than in Practice? , 2010 .

[10]  Robert G. Morris,et al.  CRACKING THE CODE: AN EMPIRICAL EXPLORATION OF SOCIAL LEARNING THEORY AND COMPUTER CRIME , 2009 .

[11]  John Braithwaite,et al.  Crime, Shame, And Reintegration , 1989 .

[12]  David G. Rand,et al.  Who falls for fake news? The roles of bullshit receptivity, overclaiming, familiarity, and analytic thinking. , 2020, Journal of personality.

[13]  David Maimon Deterrence in Cyberspace: An Interdisciplinary Review of the Empirical Literature , 2020 .

[14]  Rebecca Birch Stirling Some Psychological Mechanisms Operative in Gossip , 1956 .

[15]  Richard Bellamy,et al.  Crimes and punishments. , 1963, The Hastings Center report.

[16]  Michael Cherbonneau,et al.  Auto Theft and Restrictive Deterrence , 2014 .

[17]  Bruce A. Jacobs,et al.  DETERRENCE AND DETERRABILITY , 2010 .

[18]  John K. Cochran,et al.  System Trespasser Behavior after Exposure to Warning Messages at a Chinese Computer Network: An Examination , 2017 .

[19]  Kp Suresh An overview of randomization techniques: An unbiased assessment of outcome in clinical research , 2011, Journal of human reproductive sciences.

[20]  R. Wright,et al.  Gossip, Decision-Making and Deterrence in Drug Markets , 2015 .

[21]  Michael Cherbonneau,et al.  ‘Drive it like you Stole it’ Auto Theft and the Illusion of Normalcy , 2006 .

[22]  David Fernández,et al.  Enabling an Anatomic View to Investigate Honeypot Systems: A Survey , 2017, IEEE Systems Journal.

[23]  B. Nijstad,et al.  Gossip as a resource: How and why power relationships shape gossip behavior , 2019, Organizational Behavior and Human Decision Processes.

[24]  Alex Kigerl Email spam origins: does the CAN SPAM act shift spam beyond United States jurisdiction? , 2018 .

[25]  George W. Burruss,et al.  Self-perceptions of English and Welsh constables and sergeants preparedness for online crime , 2019 .

[26]  J. Gibbs Crime, punishment, and deterrence , 1975 .

[27]  Fangzhou Wang,et al.  Website Defacer Classification: A Finite Mixture Model Approach , 2021, Social Science Computer Review.

[28]  Paul A. Taylor,et al.  Hacktivism and Cyberwars: Rebels with a Cause? , 2004 .

[29]  A. Bossler Need for Debate on the Implications of Honeypot Data for Restrictive Deterrence Policies in Cyberspace , 2017 .

[30]  E. Sutherland,et al.  The Professional Thief , 1988 .

[31]  Steven N. Durlauf,et al.  Imprisonment and crime , 2011 .

[32]  John E. Eck,et al.  DOES CRIME JUST MOVE AROUND THE CORNER? A CONTROLLED STUDY OF SPATIAL DISPLACEMENT AND DIFFUSION OF CRIME CONTROL BENEFITS* , 2006 .

[33]  Thomas J. Holt,et al.  Examining Ideologically Motivated Cyberattacks Performed by Far-Left Groups , 2019, Terrorism and Political Violence.

[34]  Olga Babko-Malaya,et al.  On the relevance of social media platforms in predicting the volume and patterns of web defacement attacks , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[35]  Marc G. Gertz,et al.  A test of a micro-level application of shaming theory , 2003 .

[36]  G. Burruss,et al.  Datasets for Analysis of Cybercrime , 2019, The Palgrave Handbook of International Cybercrime and Cyberdeviance.

[37]  L. Sherman Police Crackdowns: Initial and Residual Deterrence , 1990, Crime and Justice.

[38]  Lawrence W. Sherman,et al.  Defiance, Deterrence, and Irrelevance: A Theory of the Criminal Sanction , 1993 .

[39]  Maryann Ayim Knowledge through the grapevine: Gossip as inquiry. , 1994 .

[40]  Greg Pogarsky,et al.  Identifying “deterrable” offenders: Implications for research on deterrence , 2002 .

[41]  Thomas J. Holt,et al.  An Examination of Motivation and Routine Activity Theory to Account for Cyberattacks Against Dutch Web Sites , 2020 .

[42]  David Maimon,et al.  Website defacement and routine activities: considering the importance of hackers’ valuations of potential targets , 2019, Journal of Crime and Justice.

[43]  T. Holt subcultural evolution? examining the influence of on- and off-line experiences on deviant subcultures , 2007 .

[44]  W. F. Skinner,et al.  A Social Learning Theory Analysis of Computer Crime among College Students , 1997 .

[45]  Alexander Vetterl,et al.  Honeypots in the age of universal attacks and the Internet of Things , 2020 .

[46]  Michel Cukier,et al.  Illegal Roaming and File Manipulation on Target Computers: Assessing the Effect of Sanction Threats on System Trespassers’ Online Behaviors , 2017 .

[47]  Joseph R. Dominick,et al.  Hackers: Militants or Merry Pranksters? A Content Analysis of Defaced Web Pages , 2004 .

[48]  J. Eck,et al.  What Can Police Do to Reduce Crime, Disorder, and Fear? , 2004 .

[49]  Bruce A. Jacobs,et al.  CRACK DEALERS AND RESTRICTIVE DETERRENCE: IDENTIFYING NARCS* , 1996 .

[50]  Michel Cukier,et al.  The Effect of a Surveillance Banner in an Attacked Computer System , 2015 .

[51]  Michel Cukier,et al.  RESTRICTIVE DETERRENT EFFECTS OF A WARNING BANNER IN AN ATTACKED COMPUTER SYSTEM , 2014 .

[52]  Kyle J. Thomas,et al.  Peer Influence and Delinquency , 2019, Annual Review of Criminology.

[53]  Ekaterina V. Botchkovar,et al.  Crime, shame and reintegration in Russia , 2005 .

[54]  R. Agnew The Origins of Delinquent Events: An Examination of Offender Accounts , 1990 .

[55]  Ivan P. L. Png,et al.  Information Security: Facilitating User Precautions Vis-à-Vis Enforcement Against Attackers , 2009, J. Manag. Inf. Syst..

[56]  T. Holt,et al.  Exploring the Correlates of Individual Willingness to Engage in Ideologically Motivated Cyberattacks , 2017 .

[57]  D. Weisburd,et al.  Focused Deterrence Strategies and Crime Control , 2018 .

[58]  Seung-Hyun Kim,et al.  Do Hackers Seek Variety? An Empirical Analysis of Website Defacements , 2012, ICIS.

[59]  Ekaterina V. Botchkovar,et al.  Delineating the scope of Reintegrative Shaming theory: An explanation of contingencies using Russian data , 2008 .

[60]  Richard J. Harknett,et al.  Journal of Homeland Security and Emergency Management Leaving Deterrence Behind : War-Fighting and National Cybersecurity , 2011 .

[61]  M. Kilger Social Dynamics and the Future of Technology-Driven Crime , 2011 .

[62]  Ryan Seebruck,et al.  A typology of hackers: Classifying cyber malfeasance using a weighted arc circumplex model , 2015, Digit. Investig..

[63]  Bruce A. Jacobs,et al.  UNDERCOVER DECEPTION CLUES: A CASE OF RESTRICTIVE DETERRENCE* , 1993 .

[64]  Mark Stockman,et al.  An Open-Source Honeynet System to Study System Banner Message Effects on Hackers , 2015, RIIT.

[65]  George W. Burruss,et al.  Assessing the Mediation of a Fuller Social Learning Model on Low Self-Control’s Influence on Software Piracy , 2013 .