They should add up the total cost that hackers incur to computer users in a year. Divide that sum amongst the number of hackers caught, and don't set them free until they have paid their share.