The Effect of Sanctions on Trespassers’ Online Behaviors

David Maimon
Associate Professor of Criminology & Criminal Justice, University of Maryland

Key Findings

  • Intruders who used administrative credentials to hack computer systems had the highest rate of infiltration.
  • The presence of a warning banner on an attacked computer system did not have a statistically significant effect on the probability of either navigation or change in file permission.
  • The presence of a warning banner did not impact the probability or average rate of navigation commands entered on computers where hackers used administrative credentials.


In the article, “Illegal Roaming and File Manipulation on Target Computers: Assessing the Effect of Sanction Threats on System Trespassers’ Online Behaviors,” Maimon and his co-authors examined how intruders adapt to security measures and if the behavior is consistent among other intruders. Intruders can access computers by seeking out vulnerabilities at random or as specific targets. Either way, they often encounter deterrence mechanisms. The researchers collected data from 300 public IP addresses from a large American university in a randomized experiment with 16 conditions. The results showed that warning banners on attacked computers had a significant impact on how intruders navigated the system and changed file permissions. The researchers also found that warning banners did not impact the amount of commands hackers used when they used administrative credentials to infiltrate a computer.

View Full Research