Could you also have an empty shell of your site and allow them to enter some information? The more info they enter and the longer the time they spend on your site the more evidence you collect in case of court proceedings or such. Also just a thought/theory.

If you wanted to spend the time to make a fake site then that would also slow them down.

Not sure how much this would help a case. The thing that a case would hinge on would mainly be the fact that they broke into (or tried to break into) a system. I guess they may enter in some of their personal details into your "fake" site but they would probably use fake information anyways.

It is pretty rare that these people get pursued unfortunately. Most attackers will launch attacks through another compromised system (or systems) to get at yours. Most likely this would involve three countries now (yours, the attackers, and the compromised intermediary). This means that law enforcement from each country would have to work to track the person down which is unlikely to happen depending on the severity/damage of the attack and the countries involved.

The unfortunate reality is that building something like this has a cost that is often offset by delivering other business value. Protecting data, sadly, often loses.

Best idea EVER!

And then execute a script that loops 400 times to send them to multiple web sites that spawn many more websites on close. And make those websites g@y Pr0n!!!

True story. I did this with a forum once. You should have seen the amount of reduced spam the forum got AFTER I implemented that feature.