Home » Research » About » IT vs OT | When Facing The Insider Threat | What Happend | Free Software vs Open Source | ask me |
The leftovers | Insider threat tactics
· Priscilla Felicia Harmanus · 1993 from the Netherlands · Last update: 25 juli 2020
No one knows who I am yet and what kind
of content I produce. So why not focus a topic that
people are already searching for, right?
Part of this web page is translated by Priscilla F. Harmanus from Dutch the origin into English. This is a new web page.
Insiders are without a doubt the largest threat. They know where the crown jewels are. They know the processes on the inside. They already have logins. If they have something to gain, there's not much to prevent them from doing the wrong thing. ★
Because a skilled attacker might simply walk through the front door of a facility, physical security also needs to be addressed. The attacker might carry in a laptop or CD or floppy diskettes and install Trojans or network sniffers. Once inside, the attacker might also gather more intelligence or mount a social engineering attack. Physical security can be implemented in many different ways.
According to Methods of Hacking: Social Engineering, a paper by Rick Nelson, the three parts of reverse social engineering attacks are sabotage, advertising, and assisting. The hacker sabotages a network, causing a problem arise. That hacker then advertises that he is the appropriate contact to fix the problem, and then, when he comes to fix the network problem, he requests certain bits of information from the employees and gets what he really came for. They never know it was a hacker, because their network problem goes away and everyone is happy.
PRISCILLA: For insider threat tactics, believe it or not, I have a message to share(it’s free). If a pretender could be ANYONE... then you could have so many and interesting episodes that the show could last for a long time. To achieve something in the cyber security industry such as creating awareness for her fixation target. This is what the story would be about. I want to convey a good clear message with the aim that "Insider threat tactics" are easily and quickly understood and recognized. This message may have a meaning consisting of a combination of Hardware vs Software, Ubuntu / Linux "GNU is Not Unix, ICS / SCADA, Free Software vs Open Source, IT / OT, physical and analog/digital and social/reverse engineering tricks which reveals sophisticated high level skilled advanced operating techniques that includes practical knowledge and hands on experience is required. This is my message for Insider threat tactics, human error for your company, coding the law within our government and gmail beta for grandma’s home/small office. It takes place in the present, past and back to the future. Where certain ethics decisions have been made ecologically and will sooner or later have big consequences.
Methods of Hacking:
By Rick Nelson
Social engineering: ★
Reverse engineering: The user has control by providing information.
The user controls the program
-- Richard Stallman
Characters matter. What is Character Development? | Insider threat tactics ★
Character development is the process of creating a believable and realistic fictional character by
Character Development Definition in Two Parts
Character development comes in two parts: internal and external.
You can think of internal character development as your character's fundamental goals and
How about Cueball’s grandma from the office? | Insider threat tactics
When we meet grandma, she’s comfortable slacking in her job. She might also be
To save money, and that’s one way of looking at it, however…
Why would you ever stick a non computer literate person like grandma on linux?
Once linux is installed and running, Cueball is using it exactly like using windows.
Cueball help them to keep their files under closed/proprietary formats and
Cueball isn’t concerned
What's more; Cueball's grandma building their workflow upon it. To be continued
Unraveling The Map - Do you have an opening scene that defines Insider threat tactics?
What's driving my quest?
There has to be a reason to get to the end of the road.
When you're trying to come up with a character or
A System is Compromised
Regardless if it is done by a script kiddie, a skilled attacker or a trusted user. Gaining control of just a single machine on the network is a big first step for an attacker to gain control of the entire network. No firewall, policy, procedure or physical security plan in the world is going to stop the intruder from doing greater harm. Systems need to be hardened, intrusion detection systems need to be in place, access control measures need to be strong, anti-virus software needs to be running with current definitions and users and system administrators need to be on the look out for unusual activities on their systems. But all of this is not enough. There need to be still more layers of defense in place to protect the network.
The attacker who has free access to the network may do more intelligence gathering. For instance, the attacker may sniff the network for data or passwords or the attacker might probe other machines for vulnerabilities. With this information, the attacker may mount attacks on other machines. The attacker who has gained access to the network has gained a significant edge, but there are still measures that can be taken to protect the network. Sniffing and hijacking can be prevented or made much more difficult by using a switched Ethernet network where collision domains are broken up and the threat created by a network interface card in promiscuous mode is greatly diminished. Implementing a secure authentication and transmission method such as Kerberos can prevent the theft of passwords and data on the network. Backups are also a critical defense that need to be in place in the event that a system is compromised. If all other layers of defense have not been adequate and a system is compromised, it is likely that the system will need to be rebuilt and restored. Without a proper backup strategy, data may be lost.
The Skilled Attacker
Attacks by skilled attackers happen with less frequency but are successful much more frequently.
The skilled attacker is able to be more successful by researching the company being attacked, utilizing additional methods of attack, and being more aggressive with the same tools as the script kiddie. It is even more important to use properly configured firewalls, secure each individual system, employ intrusion detection systems and antivirus software but additional methods also need to be employed.
Stuxnet - 2011 ★
more governments developed the Stuxnet worm to sabotage and delay Iran’s nuclear program. Stuxnet was designed to target the PLC controllers that directly controlled the approximately 7,000 centrifuges used to process uranium within Iran’s atomic research facilities. Stuxnet relied on the use of outdated operating systems and certain specific versions of Siemens® control software.
The Stuxnet attack was extremely successful. The attack supposedly damaged over 20% of Iran’s nuclear centrifuges and set their programs back well over a year. Imagine, in the worst case, the centrifuges spinning out of control, breaking, and spreading radioactive material within the local area. It is important to note that Stuxnet worked via infected USB drives. As the internal network, the Siemens PLC’s and the centrifuges were “air-gapped” to protect activity, the plan for the propagation of the attack was carefully targeted to several contractors that regularly visited the facility. Then the use of USB drives would propagate the intended attack to the internal networks. Note that Stuxnet was designed to cause no harm unless you had a very specific model of Siemens PLC and the associated software. In short, it was targeted and designed to destroy Iran’s nuclear program.
Volkskrant » nieuws achtergrond » AIVD speelde cruciale rol bij sabotage kernprogramma Iran | Huib Modderkolk en Kim Zetter | 2 september 2019
DCS, SCADA, PLCs (Programmable Logic Controllers) and other legacy control systems have been used for decades in power plants and grids, oil and gas refineries, air traffic and railroad management, pipeline pumping stations, pharmaceutical plants, chemical plants, automated food and beverage lines, industrial processes, automotive assembly lines, and water treatment plants. ★
"Some of these damaging exploits were kept secret for years."
A Short Chronological List of Widely Reported Incidents of Hacking and Disruption
Highly evasive Conficker/Downadup worm infects 12 million computers, stealing information. - BBC
"Security Hole Exposes Utilities to Internet Attack" - Associated Press
SCADA vulnerability...control software used by one-third of industrial plants. - SC Magazine
Emergency 2-day shutdown of Hatch nuclear plant from software update on one business computer.
Retail Chinese digital picture frame virus steals passwords and financial info. - SF Chronicle
Hackers turn out the lights in multiple cities and demand extortion payments." - Associated Press
DOE Idaho National Lab video shows the remote destruction of a large SCADA controlled generator.
Hackers compromise Homeland Security computers, moving information to Chinese websites. - CNN
3Com's security division demonstrates how SCADA system flaws can be exploited.
"Insider Charged with Hacking California Canal System" - ComputerWorld
"Solar Sunrise" - Three teenagers penetrate USAF logistic systems at Middle East support bases.
"Hackers Take Down the Most Wired Country in Europe" for two weeks. - Wired Magazine
"Information on SCADA systems can be found by a determined attacker." - US-CERT
Homeland Security Conference - SCADA systems are vulnerable to intrusion. - UrgentComm
"SCADA Security & Terrorism: We're Not Crying Wolf" conference presentation. - Xforce Security
175 companies including Caterpillar, General Electric, UPS and DaimlerChrysler attacked by Zotob worm.
Undetected for 2 years, Chinese Army downloads 10-20 terabytes data from Pentagon, DOE, others.
CSX loses signaling & dispatch control over 23 state railroad due to a worm virus. - InformationWeek
"Cyber War" - PBS Frontline documents penetration of US utilities using commonly known methods.
Davis-Besse nuclear plant safety monitoring system knocked offline 5-hours by the Slammer worm.
"Slammer" worm infects 300,000 computers in the first 15 minutes, interrupting 911 and airlines.
"Nimda" worm infects millions of computers causing billions of dollars in damage. Originator unknown.
"Code Red" worm infects 300,000 computers in a month and then launches attack on White House web.
Hackers succeeded in gaining control of the world's largest natural gas pipeline network (GAZPROM).
Hacker uses a SCADA system to dump millions of gallons of sewage onto hotel grounds for 3 months.
"Moonlight Maze" - For two years, hackers penetrated the Pentagon, NASA, DOE, university labs.
A 12-year-old hacks into Roosevelt Dam, with complete SCADA system control of massive floodgates.
"Eligible Receiver" - DOD & Joint Chief Command hacked in 48 hours with publicly available methods.
A teenager hacks into NYNEX and cuts off air/ground communication to Worchester Airport for 6 hours.
PLC-Backup & Virusdetectie, Stuxnet en meer…
Wat ga je als machine / installatie bouwer doen om sneller service te kunnen verlenen aan je eigen “geleverde machines en of producten” maar ook meer service en support te verlenen aan de klant om stilstand te verminderen en eventueel zelfs geld te verdienen aan service verlening!★
The it-ot.nl project. Threat and risk analysis on communication networks in ICS/SCADA. Common vulnerabilities and sample attack scenario's.
According to automation.com » For Many, Insiders Pose the Biggest Threat to Industrial Security. Be that as it may,
Almere Municipality wins prize for most sustainable mobility. On November 27, Almere was named the municipality with the most sustainable mobility in 2019. This happened during the conference Network City Netherlands of Platform31 and CROW. The municipality thus takes the place of honor from the previous winner, the municipality of Utrecht. CROW is the organizer of this biennial award ceremony.
Every year, CROW makes a ranking with the most sustainable municipalities in the field of mobility. “The municipality will be assigned a score based on a number of criteria around the mobility system, such as charging points and shared cars, and a number of criteria around the effects, such as climate and air quality,” says Jurgen de Haan, project manager mobility at CROW. "Based on this, we make a ranking."
The score yielded the following top 10 in 2019:
- Almere .nl
- Nijmegen .nl
- Groningen .nl
- Utrecht .nl
- Culemborg .nl
- Delft .nl
- Oegstgeest .nl
- Leidschendam-Voorburg .nl
- Doesburg .nl
- the Hague .nl
The fact that Almere is doing so well in 2019 is mainly due to the accessibility of the train station and the quality of public transport. The number one municipality scores a whopping 9.4 near a train station. In addition, they also score well on the other goals (climate, air, noise and road safety). The 108 buses that circulate in Almere are relatively clean with an environmental score of 5.4. There is also relatively much use of the bus in Almere.
“Almere has traditionally had an infrastructure that is focused on buses and bicycles,” says De Haan, “you can see the effects of this in this score. After all, this ensures that relatively few people use the car. ”
Government policy is aimed at promoting sustainable mobility. This aims to balance growing mobility and the effects on the environment, health and the economy. CROW-KpVV therefore supports municipalities in implementing this policy. By awarding this prize, CROW-KpVV wants to encourage municipalities to improve their score in the field of sustainable mobility.
Sustainability Score tool
CROW-KpVV has developed the 'Sustainability Score' for municipalities. With this tool, a municipality can easily and objectively benchmark itself against 12 underlying indicators. The tool is useful to find new sustainable policies.
View sustainability score tool?
> VIEW TOOL
The brochure on sustainable mobility will also be published shortly, through which more information and the complete rankings can be viewed.
Commissioned by the joint authorities, CROW-KpVV implements a Multi-Year Program, with the aim of contributing to making the government more competent in the field of mobility.
Home » Research » About » IT vs OT | When Facing The Insider Threat | What Happend | Free Software vs Open Source | ask me |
Norman reageert op het nieuws van vandaag dat grote infrastructuren serieus risico lopen en dat terroristen de controle kunnen overnemen.
The project conceived by Priscilla F. Harmanus gathers resources related to sophisticated APT insiders to raise awareness in the industrial cyberspace environment of today. "Als we hacktests uitvoeren bij bedrijven in de energiesector, komen we altijd wel het kantoornetwerk binnen." Vanuit dat netwerk zou een aanvaller kunnen doorstoten naar het netwerk waarop de aansturing van energiesystemen is aangesloten.