Home » Research » About » IT vs OT | When Facing The Insider Threat What Happend Free Software vs Open Source | ask me |

Insider threat tactics: this is a new web page

Insider threat tactics: The hacker speaks by Priscilla

· Priscilla Felicia Harmanus · 1993 from the Netherlands · Last update: 21 aug 2020    

How I discovered Free Software and met RMS 

How To Install Proprietary Closed Software In Ubuntu 
Your Grandma on linux - explain...

No one knows who I am yet and what kind
of content I produce. So why not focus on a topic that 
people are 
already searching for, right?

This is a new web page

Insider threat tactics 

  1000: 1000 Comics (talk | history)
  1000: 1000 Comics/1000 characters (talk | history)
  1077: Home Organization (talk | history)
  1162: Log Scale (talk | history)
  1206: Einstein (talk | history)
  1286: Encryptic (talk | history)
  12: Poisson (talk | history)
  1305: Undocumented Feature (talk | history)
  1323: Protocol (talk | history)
  1348: Before the Internet (talk | history)
  1388: Subduction License (talk | history)
  139: I Have Owned Two Electric Skateboards (talk | history)
  1423: Conversation (talk | history)
  1428: Move Fast and Break Things (talk | history)
  1448: Question (talk | history)
  149: Sandwich (talk | history)
  1508: Operating Systems (talk | history)
  15: Just Alerting You (talk | history)
  163: Donald Knuth (talk | history)
  1683: Digital Data (talk | history)
  1685: Patch (talk | history)
  1688: Map Age Guide (talk | history)
  1692: Man Page (talk | history)
  1700: New Bug (talk | history)
  1737: Datacenter Scale (talk | history)
  1746: Making Friends (talk | history)
  1820: Security Advice (talk | history)
  1912: Thermostat (talk | history)
  1917: How to Make Friends (talk | history)
  1926: Bad Code (talk | history)
  1938: Meltdown and Spectre (talk | history)
  1976: Friendly Questions (talk | history)
  198: Perspective (talk | history)
  201: Christmas GPS (talk | history)
  2138: Wanna See the Code? (talk | history)
  2174: First News Memory (talk | history)
  2196: Nice To E-Meet You (talk | history)

  2176: How Hacking Works (talk | history)  
  225: Open Source (talk | history)
  2305: Coronavirus Polling (talk | history)
  239: Blagofaire (talk | history)

  256: Online Communities (talk | history)  
  272: Linux User at Best Buy (talk | history)
  273: Electromagnetic Spectrum (talk | history)
  289: Alone (talk | history)
  327: Exploits of a Mom (talk | history)
  344: 1337: Part 4 (talk | history)
  345: 1337: Part 5 (talk | history)
  364: Responsible Behavior (talk | history)
  36: Scientists (talk | history)
  404: Not Found (talk | history)
  416: Zealous Autoconfig (talk | history)
  424: Security Holes (talk | history)
  426: Geohashing (talk | history)
  434: xkcd Goes to the Airport (talk | history)
  440: Road Rage (talk | history)
  456: Cautionary (talk | history)
  463: Voting Machines (talk | history)
  493: Actuarial (talk | history)
  526: Converting to Metric (talk | history)
  556: Alternative Energy Revolution (talk | history)
  565: Security Question (talk | history)
  566: Matrix Revisited (talk | history)
  5: Blown apart (talk | history)
  619: Supported Features (talk | history)
  676: Abstraction (talk | history)
  722: Computer Problems (talk | history)
  743: Infrastructures (talk | history)
  74: Su Doku (talk | history)
  792: Password Reuse (talk | history)
  806: Tech Support (talk | history)
  873: FPS Mod (talk | history)
  885: Recycling (talk | history)
  926: Time Vulture (talk | history)

  936: Password Strength (talk | history)
  947: Investing (talk | history)
  975: Occulting Telescope (talk | history)
  981: Porn Folder (talk | history)
  Hairy (talk | history)
  Little Bobby Tables (talk | history)
  Megan (talk | history)
  Thing Explainer (talk | history)
  White Hat (talk | history)

  xkcd (talk | history)  

  1864: City Nicknames (talk | history)

  Category:1337 (talk | history)
  Category:Characters (talk | history)
  Category:Characters with Hats (talk | history)
  Category:Code Quality (talk | history)
  Category:Comics by characters (talk | history)
  Category:Comics featuring Cueball (talk | history)
  Category:Comics featuring Hairy (talk | history)
  Category:Comics featuring Megan (talk | history)
  Category:Comics featuring Richard Stallman (talk | history)
  Category:Comics featuring real people (talk | history)
  Category:Computer security (talk | history)
  Category:Cueball Computer Problems (talk | history)
  Category:Distinctive comics (talk | history)
  Category:First day on xkcd (talk | history)
  Category:Internet (talk | history)
  Category:Linux (talk | history)
  Category:My Hobby (talk | history)
  Category:Protip (talk | history)
  Category:Public speaking (talk | history)
  Category:Research Papers (talk | history)
  Category:Romance (talk | history)
  Category:Social interactions (talk | history)

PRISCILLA F. HARMANUS: You buy a new smartphone or computer, and you take your old one to a local recycler. It’s the green thing to do, right. Well, it turns out a lot of those devices may not be getting recycled at all.

Construction industry sectors

In general, there are three sectors of construction: buildings, infrastructure and industrial.[4] Building construction is usually further divided into residential and non-residential. Infrastructure, also called heavy civil or heavy engineering, includes large public works, dams, bridges, highways, railways, water or wastewater and utility distribution. Industrial construction includes offshore construction (mainly of energy installations), mining and quarrying, refineries, chemical processing, power generation, mills and manufacturing plants.


In telecommunications, structured cabling is the design and installation of a cabling system that will support multiple hardware uses and be suitable for today's needs and those of the future. With a correctly installed system, current and future requirements can be met, and hardware that is added in the future will be supported. Structured cabling design and installation is governed by a set of standards that specify wiring data centersoffices, and apartment buildings for data or voice communications using various kinds of cable, most commonly category 5e (Cat 5e), category 6 (Cat 6), and fiber optic cabling and modular connectors.

Cloud vulnerabilities

Clouds are affected by malicious attacks and failures of the infrastructure, e.g., power failures. Such events can affect the Internet domain name servers and prevent access to a cloud or can directly affect the clouds. For example, an attack at Akamai on June 15, 2004 caused a domain name outage and a major blackout that affected Google, Yahoo, and many other sites. In May 2009, Google was the target of a serious denial of service (DNS) attack which took down services like Google News and Gmail for several days.

Lightning caused a prolonged down time at Amazon on June 29–30, 2012; the AWS cloud in the East region of the US which consists of ten data centers across four availability zones, was initially troubled by utility power fluctuations, probably caused by an electrical storm. Availability zones are locations within data center regions where public cloud services originate and operate. A June 29, 2012 storm on the East Coast took down some of Virginia based Amazon facilities and affected companies using systems exclusively in this region. Instagram, a photo sharing service, was one of the victim of this outage according to http://mashable.com/2012/06/30/aws-instagram/.

The recovery from the failure took a very long time and exposed a range of problems. For example, one of the ten centers failed to switch to backup generators before exhausting the power that could be supplied by UPS units. AWS uses “control planes” to allow users to switch to resources in a different region and this software component also failed. The booting process was faulty and extended the time to restart EC2 and EBS services.

Could this happen to you? | Insider threat tactics

The Signs Of Suspicious Activity | You are here: e-waste | If You SEE Something - SAY Something | There is no cloud - it's just someone else's computer - switched to linux | GNU is not Unix by Priscilla

This website focuses on human knowledge and cyber security awareness in the Industrial control systems and explains the gap and the differences between IT and OT environments and why this information is critical and important. This study focuses on the threat to Industrial Cyber Control Systems in small businesses and startup companies in the digital information age of today.  GPL open source software in self driving cars  Read the full story: How It Is When Facing The Insider Threat.

The original Stuxnet worm, which is more than one year old, only jumped from system to system via USB sticks. That seems primitive, but it is intentional. Almost all SCADA systems are — for safety reasons — standalone: not connected to a network, let alone the Internet.

Technology exists to make our lives easier. 

At least, that is what we should be using technology for. Time and time again I come across devices or software that completely fail in this regard, either by poor design, or even intentionally. Devices these days seem to be designed to market to people, to limit what you can do with a device because some big company wants it that way, or just hacked together.

politics, free software, community, proprietary communication systems, licenses, distributors, proprietary producers, vendors, developers, manufactures, source code, programmers, compiler, critical infrastructure, transportation, crucial, information, piping and switches, a, b, who gets what, where, when, how and what price, job, power, knowledge, monopoly, measuring, improvement, stand alone, network, services, political purposes built computer user program freedom free speech open closed trust openness

Energy Sectors | Attack | Government Sectors | exploits | Insiders | Financial Sectors | Social Engineering | Spear Phishing | Critical Infrastructure Security and Resilience | Cyber Systems | IT/OT convergence to start-up companies and small business | IoT | Telecom | Data | Information | Networking | Communication | Threat | Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams | Terrorism | the Defense Industrial Base | Zero day exploit | Emergency Services, Energy, Financial Services | Big Data | Food and Agriculture | Stuxnet aanval | Government Facilities, Healthcare and Public Health, Information Technology, Transportation Systems, Water and Wastewater Systems and Nuclear Reactors, Adversary, Materials, and Waste | Advanced Persistent Threat | IT - OT | ICS/SCADA | Human error | proprietary | free software movement | open source movement | ubuntu developers | license agreement | Critical Infrastructure includes utilities like gas, water, electricity, oil, communication and finance -  Financial -  Multinationals Intelligence - Telecom -  Water -  Nuclear -  Energy -  Harbour -  Airport -  Managed Service Providers -  Health -  Insurance - Information Diving - Identity Theft


Insider threat tactics - attacks for ICS/SCADA IT/OT    YouTube



Intelligence Agencies | Crypto Museum | Overview of intelligence and law-enforcement agencies

This page contains an non-exhaustive overview of the various intelligence and law-enforcement agencies in the world. If possible, a link to their website or to Wikipedia is provided. The list is by no means complete and is only intended as a placeholder for information about agencies that are of interest in relation to cryptography or to other subjects featured on this website.

Home » Research  |  IT vs OT |  When Facing The Insider Threat What Happend | Free Software vs Open Source

World's Biggest Data Breaches & Hacks   Information is Beautiful
Select losses greater than 30,000 records
Last updated: 1st April 2020

Cisco » Securing IoT | IoT beveiligen 
Fortinet » Solutions » Security » Securing Critical Infrastructure with Fortinet | Security Solutions for Industrial Control Systems
IBM » Security » Operational Technology | Operational technology security in the age of digital transformation |
SCADA and industrial control systems are increasingly vulnerable to cybersecurity attacks as they become more connected
NIST » Information Technology Laboratory » Computer Security Research Center » TOPICS » APPLICATIONS » industrial control systems ICS
 » Industrial Control Systems On The Internet | ICS

International Electrotechnical Commission (IEC)
International Standards and Conformity Assessment for all electrical, electronic and related technologies
Technology Sectors » EMC explained | Electromagnetic Compatibility

Ubuntu » Ubuntu on public cloudsUbuntu is the world’s most popular cloud operating system across public clouds

Recommended publications

Insider threat


Home » Research  |  IT vs OT |  When Facing The Insider Threat What Happend | Free Software vs Open Source | ask me |

Microsoft » Europe » Industry » Retail » News » WINDOWS 2000 BEATS LINUX - Comparative test of Microsoft Windows 2000 and Linux as network operating systems | 22 januari 2001
Microsoft Business » Linux in Retail and Hospitality - What Every Retailer Should Know - White Paper - Microsoft Corporation | February 2001
Rod Dixon 
» Open Source Software Law | 2004
Eric S. Raymond 
» catb.org » Terminology Wars: A Web Content Analysis | 27 oktober 2004
Tweakers » nieuws » Veiligheidsfout Ubuntu onthult password | 13 maart 2006
Economides and Katsamakas: Two-Sided Competition of Proprietary vs. Open Source Management Science 52(7), pp. 1057–1071, © 2006 INFORMS

Tweakers » nieuws » Ubuntu plant 'ultravrije' distro | 13 april 2007
» support » accounts » Google Accounts Help » Does creating A Google Account give me a Gmail account? | 2004 - 2007
» blogs » Education IT » Will the latest Ubuntu distro finally provide a mainstream Windows alternative? | 17 april 2007
ZDNet » blogs » Ubuntu 17.04 is linux voor dummies! | 17 april 2007
» Nieuws » Software » Beschuit met muisjes voor Ubuntu 7.04 Feisty Fawn | 19 april 2007
Engineerings Online
» Kennis » EMC/ESD » Wurth en Dare organiseren EMC-seminar | 29 januari 2008
D.A.R.E!! :: » learning center 
» nieuwsbrief » EMC-seminar Würth Elektronik en DARE!! groot succes | woensdag 6 maart 2008 | donderdag 7 maart 2008
Ars Technica » information technology » Free Software Foundation lawsuit at Cisco at first | 12 december 2008
» nieuws » Cisco en FSF schikken rechtszaak over GPL | 23 mei 2009
Ars Technica » Gaming and Culture » It no longer does everything: no more Linux on Playstation 3 | 29 maart 2010
Electronic Frontier Foundation 
» Deep links » Sony Steals Feature From Your Playstation 3 | 30 maart 2010
Ars Technica 
» Gaming and Culture » Hacker vows to fight Sony's PS3 update, restore linux | 30 maart 2010

GOVCERT » Computer Emergency Response Team » Factsheet Stuxnet - een geavanceerde en gerichte aanval - versie 2.4 | 21 januari 2011
Webwereld » Nieuws » Business news » Waarom de GPL altijd wint van de commercie | 19 maart 2011
ICT recht » Nieuws en Blogs » Wanneer geldt de GPL bij opensource webapplicaties? | software | 5 april 2012

GNU » philosophy » Ubuntu Spyware: What to Do? | 7 december 2012
The Register » Stallman: Ubuntu spyware makes it JUST AS BAD as WINDOWS | 7 december 2012
» nieuws » Een derde van aangetroffen kinderporno staat op Nederlandse servers | 9 april 2013
Globalsign Internet Group » en » blog » IT vs OT industrial internet | IT and OT - What's the difference? | 27 april 2016

Brian W. Kernighan » Princeton University Press » Understanding the Digital World: What You Need to Know about Computers, the Internet, Privacy, and Security. The basics of how computer hardware, software, and systems work, and the risks they create for our privacy and security | 9 januari 2017

NOS » NIEUWS » BUITENLAND » TECH » Waarschuwing voor industroyer het virus dat stroomnet kan platleggen | 12 juni 2017
Techzine » be » nieuws » security » gevaarlijke malware richt zich op platleggen stroomnetwerken | 12 juni 2017
Eset » news-room » IT-Beveiliger ESET ontdekt Industroyer, de gevaarlijkste malware gericht op industriele systemen sinds Stuxnet | 12 juni 2017 **
CBS » nieuws » Oplopende personeelstekort in vergrijzende industrie | 8 december 2017
NU » ECONOMIE » Personeelstekort in industrie wordt nijpender | 8 december 2017
RTL » NIEUWS » ECONOMIE » Industrie komt mensen tekort, groot deel personeel vergrijst | 8 december 2017

Emerge » Fortinet lanceert beveiligingsoplossingen voor de Operationele Technologie | Industry Wire | Geplaatst door Fortinet | donderdag 21 december 2017
Omroep Flevoland » Nieuws  Almere » Almeerse bedrijven tonen interesse in bouw Floriade-wijk | donderdag 28 december 2017
Automation » articles » 2018 » feature » For Many, Insiders Pose The Biggest Threat To Industrial Security3 juli 2018
Techzine » Goede IT security begint niet bij technology maar bij de mens | 2 oktober 2018
Tweakers » Nieuws » Nederlandse servers hosten meeste beelden van seksueel misbruik | 24-4-2019 *
Tweakers » Nieuws » Onderzoekers: zestig slecht beveiligde Nederlandse SCADA systemen op internet | 5 augustus 2019
Dutch IT Channel » AIVD betrokken bij Stuxnet-aanval op Iraanse nucleaire programma | 3 september 2019
Info Security Magazine 
» News » Dutch Insider deployed Stuxnet: report | 4 september 2019

ZDNet » article » free software advocate Richard Stallman spoke at Microsoft this week | 5 september 2019
Kennis Platform CROW
 » Gemeente Almere wint prijs voor meest duurzame mobiliteit | 28 december 2019 *

Techzine » be » nieuws » infrastructure » Cisco verenigt IT en OT in security-architectuur voor industriële IoT | 28 januari 2020
Techzine » be » nieuws » security » Cyberaanvallen op kritieke OT-infrastructuur nemen explosief toe | 12 februari 2020 *
Techzine » be » blogs » security » Cyberaanvallen verschuiven van IT naar OT Security moet ook mee | 9 maart 2020 * 

Siemens » News » Operational Guidelines for Industrial Security
Siemens has released an updated version 2.1 of the Operational Guidelines for Industrial Security. The guidelines provide recommendations for the secure operation of plant and machinery in industrial environments, including a 'Defense-in-Depth' security concept | Referenced in Siemens Security Advisories related with Siemens Industrial Products18 maart 2020


Botch companies like Siemens and ABB are big on the Dutch ICS market and are also key-players worldwide. For Siemens the real ICS Security wake-up call was StuxnetStuxnet was malware developed to target ICS. Stuxnet was especially developed to target PLC’s and other ICS devices from Siemens at nuclear plants in Iran. After Stuxnet not only the ICS device designs were changed but also the way Siemens was working themselves. On all devices with an Ethernet connection there is the possibility to configure a firewall. But also when the firewall is available it is still the customer/end-user or system integrator who is responsible for the configuration. Although Stuxnet was a Siemens devices orient malware also ABB took action after Stuxnet.

To get more ICS Security awareness at the end-users and also at the system integrators, Siemens sets up ICS Security awareness courses. During this training, that is not specifically setup for Siemens devices, they also teach a little bit of forensics. The problem remains that for most users it has to be “plug and play”. They also have an ICS Security Awareness training for their own system integrators with a simulated model. Siemens also tries to inform their customers with product manuals and whitepapers. When looking at the industrial plants at this moment there is almost no knowledge on IT

In 2006 the Dutch National Police started with The National High Tech Crime Unit (NHTCU). The NHTCU was initiated for complex digital cases where automated systems attack other automated systems, the social importance is high and the technology used by these criminal activities is complex. So the NHTCU is, although existing for almost eight years, a relative new come unit at the Dutch National PoliceCases that are handled by the NHTCU are, for example, complex banking frauds where new malware is used to do the fraud, hacking of important vital servers where social importance is high (companieshospitals, banks, etc) and complex botnet infrastructures that are attacking Dutch computer systems. All above mentioned examples are attacks on “normal” computer infrastructures. A other segment about which was a lot to do sometime ago was the segment of Industrial Control Systems (ICS). Stuxnet was the most known catalyst for this. Where there is a lot of knowledge about the “normalcomputer infrastructures, there is less knowledge about ICS at the NHTCU. Not only about the devices used like SCADA, PLC’s, SoftPLC’s, HMI’s,, Industrial Computers and Remote inputs and outputs but also about the way the companies manage these systems. So at this moment ICS and Police are two different worlds. The question what do we need to know as Police about these systemshttps://fhi.nl/app/uploads/sites/37/2014/09/politie3.pdf

Recommended readings > Industrial Control System Security Awareness now-a-day and the role of law enforcement in it.  “Are the bad guys already in?”      Ton Maas      A minor thesis submitted in part fulfillment of the degree of M.Sc. in Forensic Computing and Cyber Crime Investigation with the supervision of Prof. Dr. Mohand-Tahar Kechadi.    School of Computer Science and Informatics.  University College Dublin.  09 March 2015

Het oorspronkelijke doel van Stuxnet leek bedrijfsspionage. Wanneer een proces controlesysteem door Stuxnet is besmet is het echter eveneens mogelijk de besturing van industriële processen te beïnvloeden en te verstoren, waaronder de aansturing van apparatuur zoals pompen en motoren. Stuxnet is daarom te beschouwen als een uiterst serieus te nemen waarschuwing ten aanzien van de uitbuiting van de kwetsbaarheid van proces controlesystemen. Nationale trendrapport cybercrime en digitale veiligheid 2010 - overheid

NCTV » actueel » nieuws » Reactie NCTV op sabotage en brandstichting zendmasten Nederland10 april 2020


Autism and the technical security industry |  2017 | CREST

to be continued



Insider Threat - an overview | ScienceDirect Topics

Insider Attack - an overview | ScienceDirect Topics

Anomaly Detection - an overview | ScienceDirect Topics

Classification of Security Threats in Information Systems

Detect Anomaly - an overview | ScienceDirect Topics

Insider Attacker - an overview | ScienceDirect Topics

Handbook on Securing Cyber-Physical Critical Infrastructure | ScienceDirect

Internal Attack - an overview | ScienceDirect Topics

Malicious Attack - an overview | ScienceDirect Topics

Backup Generator - an overview | ScienceDirect Topics

Proprietary System - an overview | ScienceDirect Topics

Electric Grids - an overview | ScienceDirect Topics

Securing the Smart Grid | ScienceDirect

Attacking Smart Meters - ScienceDirect

Open-Source Security Testing Methodology Manual - an overview | ScienceDirect Topics

Open Source License - an overview | ScienceDirect Topics

Practical Open Source Software for Libraries | ScienceDirect

Malicious Input - an overview | ScienceDirect Topics

Operating System Command - an overview | ScienceDirect Topics

Temporary Internet File - an overview | ScienceDirect Topics

Obfuscation Technique - an overview | ScienceDirect Topics

Electronic Control Unit - an overview | ScienceDirect Topics

Handbook on Securing Cyber-Physical Critical Infrastructure | ScienceDirect

Activex Control - an overview | ScienceDirect Topics

Wireless Access Point - an overview | ScienceDirect Topics

Hacking Wireless Access Points | ScienceDirect

The Basics of Web Hacking | ScienceDirect

Hardware Security | ScienceDirect

Electronics Supply Chain - ScienceDirect

Computers as Components | ScienceDirect

Hacking Wireless Access Points: Governmental Context - ScienceDirect

Internet of Things | ScienceDirect


Home » Research » About » IT vs OT | When Facing The Insider Threat What Happend Free Software vs Open Source | ask me |