On the Value of Honeypots to Produce Policy Recommendations

• Published date: 01 August 2017
• Date: 01 August 2017
• DOI: http://doi.org/10.1111/1745-9133.12315
• Author: Thomas J. Holt

POLICY ESSAY

SANCTION THREATS ON ONLINE

BEHAVIORS

On the Value of Honeypots to Produce

Policy Recommendations

Thomas J. Holt

Michigan State University

Alexander Testa, DavidMaimon, Bertrand Sobesto, and Michel Cukier (2017, this

issue), by examining illegal roaming and file manipulation by system trespassers,

consider the practices of active cybercriminals in simulated computer systems

called “honeypots.” The authors consider how individuals who access honeypots change

their behaviors in potential response to differential exposure to warning banners based

on an experimental design. Their findings suggest that intruders are not deterred by the

presence of a warning banner, particularly for those individuals who gained access to the

system with administrative privileges. This group comprised approximately 75% of Testa

et al.’s total sample and was more likely to change file permissions when presented with a

warning banner. The quarter of intruders who accessed the system without administrative

credentials entered fewer commands within the system when presented with a warning

banner, although they continued to interact with the system. Testa et al. interpret their

findings to mean that system administrators and security professionals should continue

to use warning banners but to modify them to be tailored to specific attacker scenarios.

For instance, intruders should be presented with more banners based on time spent in the

network or escalate the sanction threats elaborated in the banners to communicate risk.

Testa et al. (2017) should be lauded for their use of a methodology that is underused

in the social sciences. There are substantive benefits from the use of honeypots because

they allow researchers to understand the practical behaviors of actors within a live, but sim-

ulated, computer system. Honeypots have been primarily used by academics and computer

scientists to understand the technical practices of system intruders while interacting with an

active computing environment (Riebach, Rathgeb, and Toedtmann, 2005; Spitzner, 2002).

Criminologists have recently employed these resources to assess the somewhat hidden

Direct correspondence to Thomas J. Holt, School of Criminal Justice, Michigan State University, 655

Auditorium Road, 434 Baker Hall, East Lansing, MI 48824 (e-mail: holtt@msu.edu).

DOI:10.1111/1745-9133.12315 C2017 American Society of Criminology 739

Criminology & Public Policy rVolume 16 rIssue 3