CYB 6040 Wilmington University Week 2 OSINT & SCADA Systems Powerpoint Week 2 Assignment: OSINT & SCADA Systems PowerPoint (TEAM) Download DHS National I

CYB 6040 Wilmington University Week 2 OSINT & SCADA Systems Powerpoint Week 2 Assignment: OSINT & SCADA Systems PowerPoint (TEAM)

Download DHS National Infrastructure Protection Plan & see page 19 (29/188) for 12 sectors at: Link

Don't use plagiarized sources. Get Your Custom Essay on
CYB 6040 Wilmington University Week 2 OSINT & SCADA Systems Powerpoint Week 2 Assignment: OSINT & SCADA Systems PowerPoint (TEAM) Download DHS National I
Just from $13/Page
Order Essay

READ Executive Summary. CIKR = Critical Infrastructure & Key Resources

Choose ONE of 12 National Critical Infrastructure Sectors (NCIS) defined by DHS that uses SCADA systems (they all do) and document the 5 top SPECIFIC threats to that sector. See the CIS Interrelationships Figure uploaded previously to get an idea of the cyber and SCADA inter-dependencies. We are expanding our target vector space from SCADA networks (Assignment W1) to much large game, National Critical Infrastructure. (Assignment W2)

Use: Link to clarify NCIS interrelationships.

Provide a brief description of the threat, parties involved, and reason why the threat is one of the top five. Include any maps,diagrams, charts, etc. that would enhance the readers understanding of group, target, and/or attack. USE the RN equation format *** shown in the Week 1 individual assignment to present your case. In addition, Pick 3 OSINT sources that you used to develop your case. This would diminish confirmation bias in sources. Ideally, every threat team reviewed would have 1 or more OSINT source.

This assignment should be a minimum 25-40 slides, BUT 50 slides would be better (including references in APA format to do justice).

Philosophy note: Don’t stick to the minimums. Students who think minimum performance generally settle for minimum salaries at job time. Think bigger. Get out of your comfort zone. A little extra goes a long way. Students in this class use their final team preparation as a point of differentiation on their resumes. It always starts a “warm conversation with recruiters.” That is what you want – show your talent is better than others in the game. You are a Dragon / Dragoness and your training is much better! You can negotiate for more when the time comes and it will be worth your effort. The “others” will be sucking their thumbs as they watch you get the job First!


Please proceed as follows:

1. NCIS Sector
Kolawole Oyekanmi (XO) will select the NCIS Sector for the project.

2. NCIS Sector Top 5 Threats
Kolawole Oyekanmi (XO) will determine what the top 5 threats are in order from the highest to lowest threat.

3. NCIS Sector Threat Group Member Assignment
Kolawole Oyekanmi (XO) will inform Panagou, Imassi, Muller, and Nguyen which particular threat to research.

4. NCIS Sector Threat Research
Each group member prepares the following for their assigned threat:

NCIS Sector Threat:
A. Threat Description
B. Parties Involved
C. Why is it a top 5 threat to the chosen NCIS Sector?
1. Vulnerabilities
2. Impact
3. Countermeasures
D. R/N Equation (based upon the vulnerabilities/impact/countermeasures)
E. Include at least one figure (map, chart, etc.)
F. One OSINT used in your research (Three OSINT for the top threat)
G. List of References

The information does not have to be in any particular format. Just make sure that everything is included that is listed in number 4 above.



Group Member.


Parties Involved

Reason why top 5




At least 1 figure (map, chart, etc)

R/N Equation for threat SLIDE TOPIC
Assigned to
Otto (TL)
Otto (TL)
Oyekanmi (XO)
Group Member – George PANAGOU
Parties Involved
Reason why top 5
At least 1 figure (map, chart, etc)
R/N Equation for threat
Group Member. – Billy NGUYEN
Parties Involved
Reason why top 5
At least 1 figure (map, chart, etc)
R/N Equation for threat
Group Member. Kattie OTTO
Parties Involved
Reason why top 5
At least 1 figure (map, chart, etc)
R/N Equation for threat
Group Member. Abdellah IMASSI
Parties Involved
Reason why top 5
At least 1 figure (map, chart, etc)
R/N Equation for threat
Group Member Raymond MILLER
Parties Involved
Reason why top 5
At least 1 figure (map, chart, etc)
R/N Equation for threat
Otto (TL)
Otto (TL)
Otto (TL)
Otto (TL) / ALL group members
* Each member sends references to Otto (TL)
PPT Creation
PPT Prof. Review
PPT Revision
PPT Submission
Otto (TL)
Design & consolidate info. for
Receive/Input NCIS Sector
Receive/Input Threats from
group members
Send PPT to Prof. for review
(prior to final submission)
Revisions for final submission
Final Submission for grade
Oyekanmi (XO)
ALL group members
Otto (TL)
Otto (TL) / group members
Otto (TL)
CIS “Shared Threats”
Infrastructure Interdependencies
Peerenboom, Fisher, and Whitfield, 2001
OSINT Sources & Privacy
Randall K Nichols, Professor of Practice, Director
Unmanned Aircraft Systems (UAS) – Cybersecurity, KSU
Professor Emeritus – Cybersecurity, Utica College
Adjunct Professor – Wilmington University
Self Pre-Assessment
Identify standard information available about you within
search engines
More than the standard Google search – Make a list of
descriptives in quotes
“name” “zip code”
“name” “professor”
“name variation” “business address”
Alternative Search engines
Google, Bing, Yandex, Exalead, Google Groups, Google
news, Google Images, Bing Images, Baidu (Chinese),
Qwant (Social networks), Duck go (Anonymous search)
Self Pre-Assessment
Use Duck Duck Go ( for those who do
not trust Google
Use Firefox or Safari browser not Chrome or IE5
All in one tool by Michael Bazzell:
Make notes on your searches
Date, Result, Engine, Description, Follow-up
Self Pre-Assessment
Ancestry Records
? are a major vulnerability to your privacy
Full Name, DOB, Parent’s Names, Children’s Names,
Sibling’s Names, City Of Current Residence, City Of
Birth – all clues to online passwords and accounts
Ancestry, Family search, Mocavo, Roots Web, Geneanet,
My Heritage, One Great family, World Records, My
Trees, Find My Past
Again keep notes of results for data removal process
Self Pre-Assessment
Search on your EMAIL addresses associated with your
Search on your User Names – tool (user
names database)
Search on your location or location –based services
(social networks use the location of the upload and
embedded GPS)
Use Echosec application to zoom in on location to query
social network posts (
Self – Background Check
Public Websites, People Directories, Telephone & Address Directories
Search on name, address, telephone number, and user name,
potentially children’s names
People Directories:
Spokeo, Pipl, Yasni, Thatsthem, Zabasearch, Intelius, Zoominf,
Infospace, PeepDB, Radaris,WebMII, Genie, Peekyou
Telephone Directories:, whitepages, yellowpages, addresses, Infospace, SuperPages,, Searchbug, Genie, Detective, Reverse Genie, PhoneTracer,
PrivacyStar, Truecaller, Peekyou, Whocalld, Thatsthem,
NumberGuru, MrNumber, 10 Digits
Social Networks:
Facebook, Twitter, LinkedIn, Google+, Tumbler
Find FB User number; search on every like! Places, photos, videos,
apps-used, friends, events, stories-by, groups, relatives
Before you start removing personal data from internet, you must
evaluate how your information became accessible to the public.
Stop Giving Out Your Information!
Reward Cards & Loyalty Programs
Send Utility Bills not to your home. Anonymous Mail receipt
Open Credit Cards in Alternative Name – it will be associated with
your address
****Everybody collects and sells your information , So let them BUT
Use Anonymous Information & Disinformation
? Fake Address and Telephone Number
? Government 10 –> 987-65-4320 to 4329 (used in SSA ads and not
assigned to a human)
? Create two anonymous email addresses. Never give them your real
? Create a permanent completely anonymous mail forwarding
Self – Background Check
Custom Facebook Search Tool all-in-one
Use your FB user name and number in above.
Private Databases:
Annual Credit reports (free) Check quarterly and correct
LexisNexis (legal & personal)
Westlaw / Clear / Thompson Reuters ( detailed personal content) Frauds
or ID theft in your name
Acxiom (fraud detection and returned merchandise)
Sterling (employment related)
Core Logic (real estate & mortgage)
Self – Background Check
Sage Stream ( Consumer credit & denials of credit of most forms)
Insurance Service Office ( loss history)
Tenant Data (rental histories)
Experian rent Bureau ( rental history and profiles)
Chex Systems (ID Theft & financial fraud, check fraud)
TeleCheck (check irregularities report)
Retail equation (return product to store or online, your on it)
Medical Information Bureau (medical insurability and new coverage)
Milliman Intelliscript ( prescription drug history)
National Consumer Telecom and Utilities Exchange (fraud,
delinquencies involving utilities and related services)
Social Security Administration (SS & Representative payee reports)
Not Sharing My Info (
33 Mail (
Blur ( – not free)
Anonymous Telephone Number
Google Voice ( – VOIP and forward voicemail to an
Anonymous email account
Never associate anything with your personal number or real address
Drivers License (DL)
In order to complete data removal, companies may ask for your DL.
Legally you need only give your name, address and DOB.
Create a good digital image of your DL using your phone.
Use PAINT to brush out any other information and save.
Prepare a Basic Opt-out Form
Date: Submission date
Company: official name that owns the database
Request: “ I request to have my name removed from your public &
private databases. Here is the information you asked me to include in
my request.”
Name: Full name as it appears on the online database ( include
Mailing Address: all that you want removed
SSN: only if absolutely required (most do not)
DOB: required
Direct URLs of personal information: specific to your case
Drivers License. Use redacted image saved from PAINT
Facsimile (fax) Service. Outdated but if required use
Online Protection:
? Antivirus programs (two) Super Antispyware, Windows Defender
Malware Bytes
? System Updates (regularly)
? Glary Utilities (use the check disk and daily maintenance)
? Ccleaner with wipe = 7 followed by Directory Snoop (DS) to purge
everything wiped
? Spybot or Malwarebytes but not both
? Firefox with extensions – Ghostery, Panic, Disconnect, Noscript,
Adblock Plus, no internet history retained or suggested
? Activate Google Opt-out with advertising cookie opt-out plug-in
? Activate MS custom ads based on internet history
? Use a VPN service every time you connect through Internet. [ traffic
is encrypted and originating IP address not associated with you] PIA
is recommended at $40/year.
? Consider using the TAILs (TOR) live operating system and boot it up
from CDROM. No traces, crypto, no session data, encrypts files, mail
and messages
? Consider using a Virtual Machine with Virtual Box or professional
Credit Companies
Under Fair Credit reporting Act (FCRA) companies may offer
services that you did not request
Action: Opt-out for 5 years
Heavy –Duty Actions:
Fraud Alert (90-days)
Credit Freeze – better and cheaper than LifeLock or Identity Guard
Easy and reversible – locks the data at the big 3 until you unfreeze
it. -> prevents any new accounts in your name by any institution (
does not affect current accounts or credit score)
Action – close old unused accounts on your credit report
In case of a Breach notification, NEVER give more information to
protect the same data
Credit companies share big time your home address. Action: Use PO
Box or a Commercial Mail receiving Agency ( CMRA)
Credit Companies
Hotels share big-time. Use the Alternative Name Credit Card (which
is legal because your charging to your own real account) and no
picture ID ( it in the car). Make reservations under the alternative
name card.
Safety. Not trackable / stalkable by social engineering
Legalities on using a Alternative name on a Credit Card:
? Never use it with LEO
? Never use it to open a new credit line
? Never associate any social security number with your alternative
? Never use it generate income unless you are a DBA or company or
legal entity
? Never receive government benefits or community benefits under
the alternative name
? Only use to protect your privacy in scenarios where a credit card
is needed.
Credit Companies
Alternative Credit Card Options
Prepaid Credit Cards
Amex Customizable gift-card options
Vanilla Visa / MasterCard
Virtual (temporary Credit cards)
Anonymous Purchases
Rule: Never associate your real name to your address or purchases, if
you do not want that association to be public!
Amazon (create a new account with…)
Name: Alias, or former resident, or landlord
Email address: Forwarding email address like
Credit Card: Use alternative CC with number, expiration date
and security code or Blur account (masked) with Boston HQ
Address: PO Box, or real as long as shipping information is alias
Credit Companies
Anonymous Purchases (Continued)
Use Amazon Gift Cards up to $2000
Do NOT use Kindle or E-Book Readers – They share with everyone
including LEO, civil litigation attorneys, and Amazon servicers for
targeted advertising.
Do NOT use E-Bay or PayPal. They leak data like a sieve and are
Internet Services
Best in terms of privacy, information sharing & full credit check
? EarthLink, Charter, Comcast, Cox, CenturyLink
Worst in terms of privacy, information sharing & full credit check
Dish net, ATT, Verizon, Frontier
Anonymous Telephones
Cellular telephones track every thing we do, our health, our habits,
contacts our locations, and send data to outside companies beyond our
If your publicly known number is your cellular telephone number, you
have created a link (IMEI #) to your cellular account.
IPhone Strategy
Partial strategies:
Buy a used Device and do a factory restore
Consider T-Mobile Hidden Plan
Install Burner – creates semi-anonymous, disposable phone numbers
Install Google Hangout Dialer app –allows free calls from your device
Install Line2 – permits a 2nd phone line on VOIP
NEVER backup anything to Cloud.
Do not share contacts. Highly restrict them and delete old.
Use dynamic VOIP methods for communication
Consider Mini Card Cell Phones for calls and texts only
Encrypted Communications
Apps like Google Voice, & Whatsapp encrypt data in storage only and
protect from public viewing but providers see everything
3 Apps where providers encrypt end-to-end, LEO can not read the
Signal Private Messenger ) ( –free, supports both
voice calls and text messaging, easy, uses your phones Wi-Fi or data
connection. Use Google Voice for verification. Contacts with signal
will be accessible. Uses Challenge – Response 2 words to prevent
MIM attack
Silent Phone ( paid service unlimited encrypted voice
& text w/ 2 levels of service to other silent phone users via Silent
Circle server
Wickr ( free, desktop, mobile, no personal information,
send texts, voice, pictures, videos, voice messages & attachments.
Deletes messages from both sender & receiver. Vulnerable to screen
Personal Data Removal
Send out Removal Letters to EVERYONE, every service, every
program, every advertiser, every provider, EVERYONE
Service: Name & address
Website: the website of the service (usually specified)
Removal Link: direct link to remove your data , if available
Privacy Policy: Quote their own detailed instructions
Email address: email of employee of service responsible for
Requirements: copy of Id or written request
Date: date of request
Duration of request: for ever!
Response: response received
Verify: you confirm removal
Social networks
Privacy is not their priority & they lie about using your content
“LIKEs” violate your privacy and trigger all kinds of tracking
Twitter: Use Twit wipe. ( to remove all messages
Google: Delete components first – Google Photos, Google +, YouTube,
Google contacts, then delete Google account
FB: Delete my account (only partially does the job. They keep images)
Instagram: Delete permanent
MySpace: Delete account
Linkedin: Account closure, Delete, and make sure confirmed
Use Exiftool to remove meta-data from all photos.
Delete HP & other photo sharing sites
“Your house” on Google maps – find it, “report a problem,” Cite
Privacy Concerns and request it be “blurred” Other reasons: “Photo
identifies home of police officer targeted by violent criminals,” “Home
schooling,” identifies “physical security vulnerabilities.”
Life Purchases
Plan on Buying a Home, Boat or Vacation Package?
Chance to change the game…
Purchase an official LLC from a registered agent in New Mexico –
Never associated with your real name, but you own the business
Purchase your new house using the LLC as the owner. The LLC
can also purchase vehicles and other property
Never associate your name or real telephone number with the
house you live in. Personal mail should be addressed to a PO Box.
Utilities and services should be in the name of the LLC.
Object: To make the Internet think you are Dead, Homeless or in
Name Disinformation
Address Disinformation
Telephone Disinformation
Name Disinformation
Focus on many different names to be associated with your real
address and real telephone number to make it difficult to identify the
true owner of each.
? Stop all real name associations with magazines, trade publications,
house repair, newspapers, surveys, political mailings
? Make a name that is nowhere close to your own – not even the
starting or ending syllables.
? Use cultural differences to reduce profiling. Become French or
German or take a name that is very common in another culture or
? Never use a name variation of someone you know (even slightly)
Remember Absolutely Everyone is Profiling you for some reason: to sell
you something, to disagree with your religion or politics, to set you up
for something in the future, to scam you, to check you out as a date…
The First Amendment and every State Privacy Law protects you, so lets
gum up the works of the profilers who don’t respect them .. And have a
little fun a long the way….
Address Disinformation
Use Google search to find “new construction” in a town in another
county at least 50 miles from your real address
Look for a cookie cutter brand new neighborhood
Use to locate the highest number visible on a chosen
street. Increase the address by 25 digits
Search on Google to confirm that this address does not exist
Document the new address and use it for disinformation
If advanced checking is in place, then use an emergency shelter or
temporary address
Address Disinformation Continued – GPS Location Spoof / Emulation
Rule: Never use a false number that associates with a real person or
Locate a number that is fun to give out but not an 800 or 900 variety
Kris Kringle: 951-262-3062
Dial-a-Prayer: 214-985-2703
Dial-a-Murder Mystery in TX: 210-408-1120
OR Capture the number of the surveyor, scam artist, trick salesman and
use it back on them
Use a NON-working Number: Choose your AC, say KS at 785, then
785-980-0000 through 785-980-9999 all announce “non-working number”
OR use a constant Busy signal number: ()(-661-0001 through 909-6610090.
I personally like Dial –a-Ghost at 000-000-0000 ?
Privacy & OSINT
Bazzell, M. (2016) Hiding from the Internet: Eliminating Personal Online
Information,3rd ed, ISBN: 978-1522914907
Bazzell, M (2016) Open Source Techniques: Resources for Searching and
Analyzing Online Information, 5th ed. ISBN: 978-1530508907
Bazzell, M & Carroll, J. (The Complete Privacy & Security Desk Reference,
Volume I: Digital, ISBN: 9781522778905
Luna, J.J (2012) How to be Invisible: Protect your Home, Your Children, Your
Assets, and Your Life, Thomas Dunne Books, ISBN:1250010454
Nichols, R. K. (2019) Unmanned Aircraft Systems in Cyber Domain:
Protecting USA Advanced Air Assets, 2nd Ed. Manhattan, KS: NPP Press.
Available as Fee e-book from
Attack Tools
Clark, B. (2013) Red Team Field Manual, ISBN 1494295504
Defense Tools
White, A. & Clark, B. (2017) Blue team Field Manual Version 1.0, ISBN: 9781541016361
Salina, Kansas
Randall K Nichols Professor of Practice, Director
Spring 2020 2018 CYB 6040 Blocks 1 & 2
National Infrastructure
Protection Plan
Partnering to enhance protection and resiliency
Risk in the 21st century results from a complex mix of manmade and naturally occurring threats and hazards, including terrorist attacks, accidents,
natural disasters, and other emergencies. Within this context, our critical
infrastructure and key resources (CIKR) may be directly exposed to the events
themselves or indirectly exposed as a result of the dependencies and interdependencies among CIKR.
Michael Chertoff
Within the CIKR protection mission area, national priorities must include
preventing catastrophic loss of life and managing cascading, disruptive impacts
on the U.S. and global economies across multiple threat scenarios. Achieving
this goal requires a strategy that appropriately balances resiliency—a traditional American strength in adverse times—with focused, risk-informed
prevention, protection, and preparedness activities so that we can manage and
reduce the most serious risks that we face.
These concepts represent the pillars of our National Infrastructure Protection Plan (NIPP) and its 18 supporting Sector-Specific Plans (SSPs). The plans are carried out in practice by an integrated network of
Federal departments and agencies, State and local government agencies, pr…
Purchase answer to see full

Homework On Time
Calculate the Price of your PAPER Now
Pages (550 words)
Approximate price: -

Why Choose Us

Top quality papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional academic writers

We have hired a team of professional writers experienced in academic and business writing. Most of them are native speakers and PhD holders able to take care of any assignment you need help with.

Free revisions

If you feel that we missed something, send the order for a free revision. You will have 10 days to send the order for revision after you receive the final paper. You can either do it on your own after signing in to your personal account or by contacting our support.

On-time delivery

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & confidential

We use several checkers to make sure that all papers you receive are plagiarism-free. Our editors carefully go through all in-text citations. We also promise full confidentiality in all our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.


Essay Writing Service

You are welcome to choose your academic level and the type of your paper. Our academic experts will gladly help you with essays, case studies, research papers and other assignments.


Admission help & business writing

You can be positive that we will be here 24/7 to help you get accepted to the Master’s program at the TOP-universities or help you get a well-paid position.


Editing your paper

Our academic writers and editors will help you submit a well-structured and organized paper just on time. We will ensure that your final paper is of the highest quality and absolutely free of mistakes.


Revising your paper

Our academic writers and editors will help you with unlimited number of revisions in case you need any customization of your academic papers