Scarecrow for data security

What is claimed is: 1. A computer-implemented method comprising: receiving information pertaining to network data traffic being communicated between a protected resource that is network accessible and a plurality of computers, including a first computer that is at least partially under the control of a user; determining, by machine logic performed by a machine, and based at least in part on a set of detection rules, and the information, that the plurality of computers are acting in concert to perform a hacking transaction with respect to the protected resource; and in response to determining that the plurality of computers are acting in concert to perform the hacking transaction: generating, by machine logic performed by a machine, a plurality of scarecrow messages, respectively corresponding to the plurality of computers, designed for display in human understandable form and format, sending the plurality of scarecrow messages, through a network communication channel, to respectively corresponding computers of the plurality of computers, and sending, by machine logic performed by a machine, a security alert to a security product; wherein: the set of detection rules enables detection of at least one indicator of a hacking transaction where the indicator of the hacking transaction is any set of communication(s) from the first computer that tend to indicate that the first computer is engaged in subverting security of the protected resource; and each respective scarecrow message is a customized warning message, the content of which comprises an element that is selected from the group consisting of: an internet protocol (IP) address associated with the respectively corresponding computer; a phantom background process; and a log-in chain associated with the respectively corresponding computer. 2. The computer-implemented method of claim 1 wherein an indicator of a hacking transaction is based on information associated with the user's access to the protected resource and a set of access rules defined for access to the protected resource, and the indicator is selected from the group consisting of: (i) an indication that the user has previously engaged in a hacking transaction; (ii) the protected resource receives a plurality of requests from the user's computer at a rate that exceeds a pre-determined threshold; (iii) data access attempts received by the protected resource, and from the first computer, generate errors at a rate exceeding a pre-defined threshold; and (iv) a hostname associated with the first computer exists in more than a pre-defined threshold number of sessions with the protected resource. 3. The computer-implemented method of claim 1 further comprising: determining that the first computer is attempting to access data from the protected resource; in response to determining that the first computer is attempting to access data from the protected resource: receiving, from the protected resource, the data, altering the data to generate altered data, and sending, through a network communication channel, the altered data to the first computer. 4. The computer-implemented method of claim 1 wherein: the scarecrow message is sent to the first computer in a form and format that is displayable by software running on the first computer. 5. The computer-implemented method of claim 3 wherein altering the data includes an action selected from the group consisting of: (i) adding an electronic watermark to the data; (ii) preventing transmission to the first computer of at least a portion of the data; and (iii) substituting transformed data in place of at least a portion of the data. 6. A computer program product comprising a computer readable storage medium having stored thereon: first program instructions programmed to receive information pertaining to network data traffic being communicated between a protected resource that is network accessible and a plurality of computers, including a first computer that is at least partially under the control of a user; second program instructions programmed to determine, by machine logic performed by a machine, and based at least in part on a set of detection rules, and the information, that the plurality of computers are acting in concert to perform a hacking transaction with respect to the protected resource; and in response to determining that the plurality of computers are acting in concert to perform the hacking transaction: third program instructions programmed to generate a plurality of scarecrow messages, respectively corresponding to the plurality of computers, designed for display in human understandable form and format, fourth program instructions programmed to send the plurality of scarecrow messages, through a network communication channel, to the respectively corresponding computers of the plurality of computers, and fifth program instructions programmed to send a security alert to a security product; wherein: the set of detection rules enables detection of at least one indicator of a hacking transaction where the indicator of the hacking transaction is as any set of communication(s) from the first computer that tend to indicate that the first computer is engaged in subverting security of the protected resource; and each respective scarecrow message is a customized warning message, the content of which comprises an element that is selected from the group consisting of: an internet protocol (IP) address associated with the respectively corresponding computer; a phantom background process; and a log-in chain associated with the respectively corresponding computer. 7. The computer program product of claim 6 wherein an indicator of a hacking transaction is based on information associated with the user's access to the protected resource and a set of access rules defined for access to the protected resource, and the indicator is selected from the group consisting of: (i) an indication that the user has previously engaged in a hacking transaction; (ii) the protected resource receives a plurality of requests from the user's computer at a rate that exceeds a pre-determined threshold; (iii) data access attempts received by the protected resource, and from the user's computer, generate errors at a rate exceeding a pre-defined threshold; and (iv) a hostname associated with the user's computer exists in more than a pre-defined threshold number of sessions with the protected resource. 8. The computer program product of claim 6 further comprising: sixth program instructions programmed to determine that the first computer is attempting to access data from the protected resource; in response to determining that the first computer is attempting to access data from the protected resource: seventh program instructions programmed to receive, from the protected resource, the data, eighth program instructions programmed to alter the data to generate altered data, and ninth program instructions programmed to send, through a network communication channel, the altered data to the first computer. 9. The computer program product of claim 6 wherein the scarecrow message is sent to the first computer in a form and format that is displayable by software running on the first computer. 10. The computer program product of claim 8 wherein altering the data includes an action selected from the group consisting of: (i) ninth program instructions programmed to add an electronic watermark to the data; (ii) tenth program instructions programmed to prevent transmission to the first computer of at least a portion of the data; and (iii) eleventh program instructions programmed to substitute transformed data in place of at least a portion of the data. 11