The National Consortium for the Study of Terrorism and Responses to Terrorism (START) placed warning banners on compromised systems to better understand how a hacker responds to such a message. The study found that the banners reduced commands from hackers by 8 percent.
START, a Homeland Security Department-funded program through the University of Maryland, examined a type of cyber defense called restrictive deterrence. Such defenses use warnings or suggestions to compel attackers toward a certain action.
With this study, the banners popped up when an attacker targeted in on the relevant system, and read, "This system is under continuous surveillance. All user activity is being monitored and recorded." A group of almost 700 compromised systems was randomly assigned whether to display the message or not, then the researchers let the hackers freely snoop.
The banner did not help prevent attacks in the first place, but the researchers did find that actions taken after a breach were significantly altered by the appearance of a warning.