Test whether the presence of a surveillance message on an attacked computer system influences system trespassers’ active engagement with the compromised system (i.e., entering computer commands). The hypothesized restrictive deterrent effect is tested both in the context of a first system trespassing incident and in the progression of repeated trespassing incidents in an attacked computer system.

We designed a randomized controlled trial and deployed a series of virtual target computers with known vulnerabilities into the computer network of a large public university in the United States. The target computers were set to either display or not display a surveillance banner once system trespassers infiltrated them.

We find that the presence of a surveillance banner in the attacked computer systems reduced the probability of commands being typed in the system during longer first system trespassing incidents. Further, we find that the probability of commands being typed during subsequent system trespassing incidents (on the same target computer) is conditioned by the presence of a surveillance banner and by whether commands have been entered during previous trespassing incidents.

These findings offer modest support for the application of restrictive deterrence in the study of system trespassing.