Home » Research » About » IT vs OT | When Facing The Insider Threat What Happend Free Software vs Open Source | ask me |

PRISCILLA: For insider threat tactics, believe it or not, I have a message to share. If a pretender could be ANYONE... then you could have so many and interesting episodes that the show could last for a long time. To achieve something in the cyber security industry such as creating awareness for her fixation target or choosing computer user freedom. This is what the story would be about. I want to convey a good clear message with the aim that "Insider threat tactics" are easily and quickly understood and recognized. This message may have a meaning consisting of a combination of Hardware vs Software, Ubuntu / Linux "GNU is Not Unix, ICS / SCADA, Free Software vs Open Source, IT / OT, physical and analog/digital and social/reverse engineering tricks which reveals sophisticated high level skilled advanced operating techniques that includes practical knowledge and hands on experience is required. This is my message for Insider threat tactics, human error for your company, coding the law within our government and private sectors, schools and universities and gmail beta for grandma’s home/small office. It takes place in the present, past and back to the future. Where certain ethics decisions have been made ecologically and will sooner or later have big consequences. The Netherlands is a target of economic espionage. After all, the Dutch economy is high developed, innovative and internationally oriented. Espionage activities are aimed, for example, at improving their own economic development or to gain knowledge from countries that are facing sanctions.  A skilled attacker might simply walk through the front door of a facility, physical security also needs to be addressed. One inside, the attacker might also gather more intelligence or mount a social engineering attack. Physical security can be implemented in many different ways.  Many more incidents go unreported for reasons of national security or corporate embarrassment. Even more go undetected. Properly executed, successful hacks are hard to detect and most of the times untraceable.

★ This is a new web page

The leftovers | Insider threat tactics

Insider threat tactics: The hacker speaks by Priscilla

· Priscilla Felicia Harmanus · 1993 from the Netherlands · Last update: 21 aug 2020    

How I discovered Free Software and met RMS 

How To Install Proprietary Closed Software In Ubuntu 
Your Grandma on linux - explain..

No one knows who I am yet and what kind
of content I produce. So why not focus on a topic that 
people are 
already searching for, right?


Methods of Hacking:
Social Engineering

By Rick Nelson

Social engineering: 

Reverse engineering: The user has control by providing information.
Reverse social engineering: The hacker has complete control.

The user controls the program
The program controls the user

-- Richard Stallman

Characters matter. What is Character Development? | Insider threat tactics 

Character development is the process of creating a believable and realistic fictional character by
giving them emotional depth. This does not matter if your character is human, an
animal, or an anthropomorphized object (think Toy Story). 

Character Development Definition in Two Parts 

Character development comes in two parts: internal and external.

You can think of internal character development as your character's fundamental goals and
motivations for their actions. And external development as the struggles and scarring or
transformative experiences that make them who they are on the outside. 

How about Cueball’s grandma from the office? | Insider threat tactics 

When we meet grandma, she’s comfortable slacking in her job. She might also be
optimistically underestimating how much additional work will be required since at each point Linux does at
least offer potential solutions due to its customizability. Finally there could be an element of 
Target fixation, in that the grandma has
become so focused on the problem, she has forgotten about her original plans for the computer or that Windows is still an option. 

To save money, and that’s one way of looking at it, however…
Cueball later cobbled together a computer for his mother, grandma and ex-girlfriend out of cast-offs left over
from his own upgrades. Grandma doesn't need a cutting-edge computer because she's not a power user, but she does need a
reliable machine to run a few basic applications and to access the Internet. So Cueball moved his
grandma from Windows to Linux, and the experience was a surprisingly smooth one.

Why would you ever stick a non computer literate person like grandma on linux?
All Cueball doing is creating a tech support dependence on him and dooming hisself to endless discussions of "no you can't do XYZ that
everyone else can because of me" Then Cueball goes back to visit her. Since grandma is going to value the ability to
call someone to help her with her new computer. If she get’s stuck in her office.

Once linux is installed and running, Cueball is using it exactly like using windows.
You click on an icon and the program starts. There is very little for end users to learn, it just looks a bit different.

In meanwhile 

Cueball help them to keep their files under closed/proprietary formats and
communicate through closed/proprietary protocols
, then, 
why on the earth do you want them to use a free operating system?

Cueball isn’t concerned
about the amount of proprietary software that seems to be part of Ubuntu now
. I've noticed
quite a few apps that in the software center are listed  
as "License: proprietary" Obviously there's the
partner stuff, like Skype that in 2013 Cueball installed  both windows and GNU/linux machines

(although that's not good example as it doesn't work in the Software Center) but there
seems to be a fair load of other stuff creeping in, too.

What's more; Cueball's grandma building their workflow upon it. To be continued

Unraveling The Map - Do you have an opening scene that defines Insider threat tactics?

  1. Unraveling The Map - Introduce us to your characters in the beginning and show us who they start the screenplay as and what are their personality traits. 
  2. The Launch Point - Put your character in a situation where their shortcomings are evident. Show us how their problems will be exposed. 
  3. The First Leg -  Put your character in situations where they learn to be different - ease them into it. 
  4. Change Course - Let your character embrace this new version of themselves and see how it can help them. 
  5. The Foot of the Mountain - What can the new and improved person accomplish? 
  6. Climbing The Side - As they go through the story show pushback on who they are versus who they used to be. Should they continue to change? 
  7. Through The Cave -  Shed some light on the new person and how these new traits change the world.  
  8. Reassess the Problem - Is there a way for the new version of the character to confront old problems? Or will they revert to who they used to be? 
  9. Try and Fail - Let the arc put the character in new and terrible situations. Let them fail at things where they used to succeed. 
  10. The Fall - How does their new self completely ruin what they wanted? Did they go too far? What can they learn? 
  11. The Hidden Clue - What personal conclusion did their emotional journey lead to that they need to embrace now? 
  12. Race To the Finish - Now, as their fulfilled self, they can tie the plot up. 
  13. The Treasure Chest - Do they change? 
  14. Where We Go From Here - Keep your options open for how that person can continue to change in the future. 

What's driving my quest?

There has to be a reason to get to the end of the road

When you're trying to come up with a character or
trying to continue their growth over the course of a story, it can be hard to track.

A System is Compromised

Regardless if it is done by a script kiddie, a  skilled attacker or a trusted user. Gaining control of just a single machine on the network is a big first step for an attacker to gain control of the entire network. No firewall, policy, procedure or physical security plan in the world is going to stop the intruder from doing greater harm. Systems need to be hardened, intrusion detection systems need to be in place, access control measures need to be strong, anti-virus software needs to be running with current definitions and users and system administrators need to be on the look out for unusual activities on their systems. But all of this is not enough. There need to be still more layers of defense in place to protect the network.

The attacker who has free access to the network may do more intelligence gathering. For instance, the attacker may sniff the network for data or passwords or the attacker might probe other machines for vulnerabilities. With this information, the attacker may mount attacks on other machines. The attacker who has gained access to the network has gained a significant edge, but there are still measures that can be taken to protect the network. Sniffing and hijacking can be prevented or made much more difficult by using a switched Ethernet network where collision domains are broken up and the threat created by a network interface card in promiscuous mode is greatly diminished. Implementing a secure authentication and transmission method such as Kerberos can prevent the theft of passwords and data on the network. Backups are also a critical defense that need to be in place in the event that a system is compromised. If all other layers of defense have not been adequate and a system is compromised, it is likely that the system will need to be rebuilt and restored. Without a proper backup strategy, data may be lost.

The Skilled Attacker

Attacks by skilled attackers happen with less frequency but are successful much more frequently.

The skilled attacker is able to be more successful by researching the company being attacked, utilizing additional methods of attack, and being more aggressive with the same tools as the script kiddie. It is even more important to use properly configured firewalls, secure each individual system, employ intrusion detection systems and antivirus software but additional methods also need to be employed.

Stuxnet - 2011 


Stuxnet is perhaps the most famous and recent attack on industrial control infrastructure. It is believed that one or

more governments developed the Stuxnet worm to sabotage and delay Iran’s nuclear program. Stuxnet was designed to target the PLC controllers that directly controlled the approximately 7,000 centrifuges used to process uranium within Iran’s atomic research facilities. Stuxnet relied on the use of outdated operating systems and certain specific versions of Siemens® control software.


The Stuxnet attack was extremely successful. The attack supposedly damaged over 20% of Iran’s nuclear centrifuges and set their programs back well over a year. Imagine, in the worst case, the centrifuges spinning out of control, breaking, and spreading radioactive material within the local area. It is important to note that Stuxnet worked via infected USB drives. As the internal network, the Siemens PLC’s and the centrifuges were “air-gapped” to protect activity, the plan for the propagation of the attack was carefully targeted to several contractors that regularly visited the facility. Then the use of USB drives would propagate the intended attack to the internal networks. Note that Stuxnet was designed to cause no harm unless you had a very specific model of Siemens PLC and the associated software. In short, it was targeted and designed to destroy Iran’s nuclear program.

Volkskrant » nieuws achtergrond » AIVD speelde cruciale rol bij sabotage kernprogramma Iran | Huib Modderkolk en Kim Zetter | 2 september 2019

DCS, SCADA, PLCs (Programmable Logic Controllers) and other legacy control systems have been used for decades in power plants and grids, oil and gas refineries, air traffic and railroad management, pipeline pumping stations, pharmaceutical plants, chemical plants, automated food and beverage lines, industrial processes, automotive assembly lines, and water treatment plants.  

"Some of these damaging exploits were kept secret for years."

A Short Chronological List of Widely Reported Incidents of Hacking and Disruption

Feb 2009

Highly evasive Conficker/Downadup worm infects 12 million computers, stealing information. - BBC

Jun 2008

"Security Hole Exposes Utilities to Internet Attack" - Associated Press

May 2008

SCADA vulnerability...control software used by one-third of industrial plants. - SC Magazine

Mar 2008

Emergency 2-day shutdown of Hatch nuclear plant from software update on one business computer.

Feb 2008

Retail Chinese digital picture frame virus steals passwords and financial info. - SF Chronicle

Jan 2008

Hackers turn out the lights in multiple cities and demand extortion payments." - Associated Press

Sep 2007

DOE Idaho National Lab video shows the remote destruction of a large SCADA controlled generator.

Sep 2007

Hackers compromise Homeland Security computers, moving information to Chinese websites. - CNN

Jul 2007

3Com's security division demonstrates how SCADA system flaws can be exploited.

Nov 2007

"Insider Charged with Hacking California Canal System" - ComputerWorld

Nov 2007

"Solar Sunrise" - Three teenagers penetrate USAF logistic systems at Middle East support bases.

Aug 2007

"Hackers Take Down the Most Wired Country in Europe" for two weeks. - Wired Magazine

Jun 2006

"Information on SCADA systems can be found by a determined attacker." - US-CERT

Jan 2006

Homeland Security Conference - SCADA systems are vulnerable to intrusion. - UrgentComm

Jan 2006

"SCADA Security & Terrorism: We're Not Crying Wolf" conference presentation. - Xforce Security

Aug 2005

175 companies including Caterpillar, General Electric, UPS and DaimlerChrysler attacked by Zotob worm.


Undetected for 2 years, Chinese Army downloads 10-20 terabytes data from Pentagon, DOE, others.

Aug 2003

CSX loses signaling & dispatch control over 23 state railroad due to a worm virus. - InformationWeek


"Cyber War" - PBS Frontline documents penetration of US utilities using commonly known methods.

Jan 2003

Davis-Besse nuclear plant safety monitoring system knocked offline 5-hours by the Slammer worm.

Jan 2003

"Slammer" worm infects 300,000 computers in the first 15 minutes, interrupting 911 and airlines.

Sep 2001

"Nimda" worm infects millions of computers causing billions of dollars in damage. Originator unknown.

Jul 2001

"Code Red" worm infects 300,000 computers in a month and then launches attack on White House web.

Apr 2000

Hackers succeeded in gaining control of the world's largest natural gas pipeline network (GAZPROM).

Apr 2000

Hacker uses a SCADA system to dump millions of gallons of sewage onto hotel grounds for 3 months.


"Moonlight Maze" - For two years, hackers penetrated the Pentagon, NASA, DOE, university labs.


A 12-year-old hacks into Roosevelt Dam, with complete SCADA system control of massive floodgates.


"Eligible Receiver" - DOD & Joint Chief Command hacked in 48 hours with publicly available methods.


A teenager hacks into NYNEX and cuts off air/ground communication to Worchester Airport for 6 hours.


Many more incidents go unreported for reasons of national security or corporate embarrassment. Even more go undetected. Properly executed, successful hacks are undetectable and untraceable.


PLC-Backup & Virusdetectie, Stuxnet en meer…

Wat ga je als machine / installatie bouwer doen om sneller service te kunnen verlenen aan je eigen “geleverde machines en of producten” maar ook meer service en support te verlenen aan de klant om stilstand te verminderen en eventueel zelfs geld te verdienen aan service verlening!

The it-ot.nl project. Threat and risk analysis on communication networks in ICS/SCADA. Common vulnerabilities and sample attack scenario's. 

According to automation.com » For Many, Insiders Pose the Biggest Threat to Industrial Security. Be that as it may, 

Almere Municipality wins prize for most sustainable mobility. On November 27, Almere was named the municipality with the most sustainable mobility in 2019. This happened during the conference Network City Netherlands of Platform31 and CROW. The municipality thus takes the place of honor from the previous winner, the municipality of Utrecht. CROW is the organizer of this biennial award ceremony.

Top 10

Every year, CROW makes a ranking with the most sustainable municipalities in the field of mobility. “The municipality will be assigned a score based on a number of criteria around the mobility system, such as charging points and shared cars, and a number of criteria around the effects, such as climate and air quality,” says Jurgen de Haan, project manager mobility at CROW. "Based on this, we make a ranking."

The score yielded the following top 10 in 2019:

  1. Almere .nl
  2. Nijmegen .nl
  3. Groningen .nl
  4. Utrecht .nl
  5. Culemborg .nl
  6. Delft .nl
  7. Oegstgeest .nl
  8. Leidschendam-Voorburg .nl
  9. Doesburg .nl
  10. the Hague .nl


The fact that Almere is doing so well in 2019 is mainly due to the accessibility of the train station and the quality of public transport. The number one municipality scores a whopping 9.4 near a train station. In addition, they also score well on the other goals (climate, air, noise and road safety). The 108 buses that circulate in Almere are relatively clean with an environmental score of 5.4. There is also relatively much use of the bus in Almere.
“Almere has traditionally had an infrastructure that is focused on buses and bicycles,” says De Haan, “you can see the effects of this in this score. After all, this ensures that relatively few people use the car. ”

Sustainable policy

Government policy is aimed at promoting sustainable mobility. This aims to balance growing mobility and the effects on the environment, health and the economy. CROW-KpVV therefore supports municipalities in implementing this policy. By awarding this prize, CROW-KpVV wants to encourage municipalities to improve their score in the field of sustainable mobility.

Sustainability Score tool

CROW-KpVV has developed the 'Sustainability Score' for municipalities. With this tool, a municipality can easily and objectively benchmark itself against 12 underlying indicators. The tool is useful to find new sustainable policies.

View sustainability score tool?
The brochure on sustainable mobility will also be published shortly, through which more information and the complete rankings can be viewed.

Commissioned by the joint authorities, CROW-KpVV implements a Multi-Year Program, with the aim of contributing to making the government more competent in the field of mobility.

Home » Research » About » IT vs OT | When Facing The Insider Threat What Happend Free Software vs Open Source | ask me |

Terroristen kunnen nu al reversed engineered supervirus Stuxnet gebruiken

Norman reageert op het nieuws van vandaag dat grote infrastructuren serieus risico lopen en dat terroristen de controle kunnen overnemen.


Hoofddorp, 26 november 2010 – Het supervirus Stuxnet dat recentelijk in het nieuws was als aanval op een Iraanse Bushehr kerncentrale is inmiddels op de Engelse zwarte markt verkocht nadat het reversed engineered was (bron: Sky News).



Cybercrime specialisten beschrijven deze malware als de eerste in een a.s. cyberoorlog gericht op landen en cruciale instituten zoals energiecentrales, water- en elektriciteitscentrales, ziekenhuizen maar ook gericht op verkeersregelsystemen en transportnetwerken. Van origine wordt aangenomen dat het Stuxnet virus ontworpen is door een zeer groot team van experts dat in opdracht van een regering werkte.




The project conceived by Priscilla F. Harmanus gathers resources related to sophisticated APT insiders to raise awareness in the industrial cyberspace environment of today. "Als we hacktests uitvoeren bij bedrijven in de energiesector, komen we altijd wel het kantoornetwerk binnen." Vanuit dat netwerk zou een aanvaller kunnen doorstoten naar het netwerk waarop de aansturing van energiesystemen is aangesloten.

1. Introduction

Target Audience


Home » Research » About » IT vs OT | When Facing The Insider Threat What Happend Free Software vs Open Source | ask me |