But on the way, she starts making tons of phone calls. First the printers fail, then a few hours later all the computers NICOLE: So, at this point, Im running scenarios in my head as to why in the world a mayor would be connected to this server. Im just walking through and Im like yeah, so, you know, we did the search warrant. Lindsey Beckwith is on Facebook. Shes a programmer, incident responder, but also a cop and a task force officer with the Secret Service. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. When Im probing them for a little bit more details like hey, do you know what happened? So, as soon as you kick that person out of the system, you breathe a very faint sigh of relief, right, cause you still dont you have a lot of unknowns, but at least you know that one big threat is eliminated for the moment. My Name is Nicole Beckwith and I have made a living around OSINT. Talk from Nicole: Whos guarding the gateway. What the heck is that? Keynote: Nicole Beckwith Advanced Security Engineer, Kroger. https://twitter.com/NicoleBeckwith Sponsors Support for this show comes from IT Pro TV. Nicole will walk us through examples of OSINT being used for evidence collection, understanding the "why" behind a crime and so much more.Nicole on Twitter: @NicoleBeckwithWant to learn more . how much does overdrive cost for school libraries; city council meeting sioux falls. NICOLE: So, for this story Im gonna tell, I was in my role as a task force officer for the Secret Service. In this case, the police department was hit with ransomware because this system was accessible from the internet which caused ten months of lost work. Sourcelist is a database of qualified experts in technology policy from diverse backgrounds. These cookies do not store any personal information. So, we end up setting up a meeting with the mayor. So, they give me a list and there are actually several people on this list, the mayor being one of them, and all of the city council, a secretary. A few minutes later, the router was back up and online and was working fine all on its own. Shes collecting data and analyzing it, but she knows she needs more data. Yeah, it was a lot of fun. JACK: Now, while she was serving as a police officer, she would see cases where hacking or digital harassment was involved. The latest backup they had was from ten months ago. She checks the status of her Volatility tool, and its almost done collecting what she needs. Modify or remove my profile. I just think vendors that require this are dumb because the consequences of having your domain controller hacked is far greater than your app going down. In this role she is responsible for the planning, design and build of security architectures to ensure a strong security posture, compliance with regulations, and safeguard customer's data. Now, what really was fortunate for her was that she got there early enough and set up quickly enough that no ransomware had been activated yet. The mayor? Im thinking, okay. Background Search: Kerrie Nicole B. 1. But Ive personally tried to convince people to turn this off before myself, and what Ive been told is its required because certain tools and systems need it to be open for things to work, and youll break things if you turn it off. In this role she is responsible for the planning, design and build of security architectures to ensure a strong security posture, compliance with regulations, and safeguard customers data. But this was a process over time. Were just like alright, thank you for your time. It is mandatory to procure user consent prior to running these cookies on your website. They changed and updated all the passwords. It was very intensive sunup to sundown. Its crazy because even as a seasoned incident responder like Nicole, it can still affect you emotionally. The OSINT Curious Project is a source of quality, actionable, Open Source Intelligence news, original blogs, instructional videos, and a bi-weekly webcast/podcast. (315) 443-2396. nmbeckwi@syr.edu. JACK: [MUSIC] She tries to figure out more about who was logged in as an admin at the same time as her. Currently, its only available for Patreon users, but I am in the process of getting bonus content over to Apple Podcasts for paying subscribers there, too. Can I please come help you? Obviously, thats not enough as we all know in this field, so you have to keep learning. JACK: Whats more is that some of these people are sharing their admin log-ins with others. Logos and trademarks displayed on this site are the property of the respective trademark holder. JACK: Its clear to her that she needs to kick the admins out immediately, but another thought comes into her head. A local person did this? She worked as a financial fraud Investigator and digital forensic examiner for the State of Ohio and a Task Force Officer for the United States Secret Service in their Financial and Electronic Crimes division. Nicole has since moved on from working with the Secret Service and is currently a security engineer where she plans, designs, and builds network security architectures. Im very direct typically, especially when Im doing an interview or an interrogation. Youre running through a lot of things. A) Theyre with you or with the city, or anybody you know. Then of course gloves after a really bad scare once where I thought I had gotten into something nasty on a computer. The internet was down for that office and my teammate jumped on the problem to try to figure out what was going on. Re: Fast track security. She worked as a financial fraud Investigator and digital forensic examiner for the State of Ohio and a Task Force Officer for the United States Secret Service in their Financial and Electronic Crimes division. We also use third-party cookies that help us analyze and understand how you use this website. So, Im changing his password as well because I dont know if thats how they initially got in. Its hard to narrow down all the packets to find just what you need. Join to view profile . Download Sourcelist brand resources here. "When being a person is too complicated, it's time to be a unicorn." 44. See more awards . Facebook gives people the power to share and makes the world more open and connected. Something about legacy equipment, too. Cause then Im really starting to get concerned, right? Nothing unusual, except the meeting is taking place in a living room, not an . JACK: But theyre still upset on how this [00:30:00] incident is being handled. Ms. Beckwith is a former state police officer, and federally sworn U.S. "Everyone Started Living a Kind of Extended Groundhog Day": Director Nicole Beckwith | Together Together. Nutrition & Food Studies. Am I gonna see multiple accounts logging in? Published June 3, 2021 Updated Sept. 7, 2021. . Hes saying no, he should be the only one with access to this server. This system should not be accessible from the internet. JACK: This threw a monkey wrench in all of her hunches and theories. "I believe in the possibility of the existence of anything I can't prove doesn't exist." Miranda. Dont touch a thing. Thats what caused this router to crash. We really need to talk to you about this because its coming back to you. The mayor of the city is who hacked into the computer and planted malware on it and was about to detonate it to take the police departments network down again? Get 65 hours of free training by visiting ITPro.tv/darknet. Nicole Beckwithwears a lot of hats. JACK: Something happened months earlier which meant their backups werent actually working. On file we have 27 email addresses and 20 phone numbers associated with Erin in area codes such as 713, 425, 360, 330, 440, and 9 other area codes. Picture Lara Croft with cyber stuff, yeah. Hes like oh, can you give me an update? Not only that, but to have them log in as admins, which means they have full permission to change anything they want or do whatever they want in the network? Theres a whole lot of things that they have access to when youre an admin on a police department server. People can make mistakes, too. [MUSIC] He looked at the environmental data before the crash. There was somebody in the mayors computer that ended up gaining access to the server through the mayors home computer. This website uses cookies to improve your experience while you navigate through the website. He paused and he said oh, crap, our printers are down again. Turns out, it actually housed a couple other applications for the city, but at least everything for the police department. Im talking to the agent in charge, Im talking to my bosses and just letting them know hey, this is what Im seeing. Well, since this was a small agency, the IT team was just one person. The brains of the network was accessible from anywhere in the world without a VPN. On file we have 65 email addresses and 74 phone numbers associated with Nicole in area codes such as 607, 925, 301, 919, 785, and 17 other area codes. It does not store any personal identifiable information. 5 Geoffrey Michael Beckwith Private Investigator Approval Private Investigator License. (INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. NICOLE: Yeah, so, they did a lot. They were like yeah, we keep seeing your name pop up on these cases and wed really like to talk to you. JACK: She swivels around in her chair, moving the USB stick from the domain controller to her laptop to start analyzing it, then swivels back to the domain controller to look for more stuff. She's a programmer, incident responder, but also a cop and a task force officer with the Secret Service. [1] and Sam Rosen's 2006 release "The Look South". Nicole Beckwith wears a lot of hats. She volunteers her time as a reserve police officer helping to augment the detective section, primarily working on missing persons, wanted fugitives, and digital forensic cases. https://twitter.com/NicoleBeckwith Sponsors Support for this show comes from IT Pro TV. JACK: So, what law enforcement can do is issue a search warrant to the ISP to figure out what user was assigned that public IP at the time. My understanding is theyre thats a process because it costs so much money and obviously its a government agency budgets only allow for certain things at certain times. You always want to have a second person with you for a number of reasons, but. how to write signature in short form 2. Meet Nikole Beckwith, director of TOGETHER TOGETHER, which is playing in the US Dramatic Competition at the 2021 Sundance Film Festival. jenny yoo used bridesmaid dresses. It didnt take the entire city down, but at least the entire police department. It was not showing high CPU or out of memory. You know what? . In this episode she tells a story which involves all of these roles. So, theres this practice in IT security of giving your users least privilege. These were cases that interested her the most. Marshal. I am a cyber security professional who wants to help the local high school Cyber Academy students learn to develop and hack with hands on tools. I tried good cop, bad cop; Im not a very scary person, so that doesnt work very well unless Im the good cop. JACK: [MUSIC] So, on your way to meet with the mayor, how are you going I mean, youve got a different couple ways of doing this. . The servers kinda sitting not in the middle of the room but kinda away from the wall, so just picture wires and stuff all over the place. Adherence to Antiretroviral Therapy Among HIV-Infected Drug-Users: A Meta- Analysis. JACK: Because her tools are still trying to finish their snapshots. Bryan Beckwith Security Supervisor 781.283.2080 BBeckwi2@wellesley.edu. From there, the attacker logged into the police station, and thats how the police station got infected with ransomware the first time and almost a second time. JACK: Whoa. Next, he grabbed core dumps, memory snapshots of what was present at the time of the crash, and he sent that to the manufacturer of the router to see if they could figure it out. Nicole Beckwith, Staff Cyber Intel Analyst, GE Aviation.. Detect BEC and Recently Nicole developed two cybersecurity training programs, teaching more than 1600 officers how to respond to cybercrime and over 4400 government employees on information security best practices. They shouldnt be logging in from home as admin just to check their e-mail. It actually was just across the street from my office at the state. Its just silly. JACK: She finds the server but then starts asking more questions. [00:10:00] Did somebody click on a phishing e-mail? Beckwith's sophomore feature tells the story of Anna ( Patti Harrison ), a 26-year-old loner who's hired as a gestational surrogate for Matt (Ed Helms), a single, 40-something app developer who desperately wants to be a father. On top of that, shes traced this hacker to come from a person whos local to the city where this police department was, and issued a search warrant with the ISP to figure out exactly who was assigned that IP. Manager of Museum Security and Visitor Experience 781.283.2118 ann.penman@wellesley.edu. https://www.secjuice.com/unusual-journeys-nicole-beckwith/, Talk from Nicole: Mind Hacks Psychological profiling, and mental health in OSINT investigations. Marshal. Having a system running Remote Desktop right on the internet just attracts a ton of people to try to abuse the system. In the meantime, she fires up Wireshark which is a packet-capture tool. So, she grabs this thing and jumps in her car, and starts driving to the police department. I immediately start dumping the memory, so Volatility is one of my hands-down favorite tools to use. 31 followers 30 connections. The third result is Michael Erin Beckwith age 30s in El Dorado Hills, CA. Nicole has since moved on from working with the Secret Service and is currently a security engineer where she plans, designs, and builds network security architectures. She worked as a fraud investigator and digital forensic examiner for the State of Ohio and a Task Force Officer for the United States Secret Service in their Financial and Electronic Crimes division. For instance, with domain admin access, the mayor could easily read anyones e-mail, not just his. Its purpose is to aid journalists, conference organizers, and others in identifying and connecting with expert sources beyond those in their existing Rolodexes. NICOLE: As Im analyzing all of the data that I collected and the evidence, I ended up seeing that there was an external IP address that had been logged in at that time. Ms. Beckwith is a former state police officer, and federally sworn U.S. Obviously in police work, you never want to do that, right? Hepatitis C Testing at BCDH. He says no way; it couldnt have been me because I was at work in the mayors office at the time. Im, again, completely floored at this point, not quite understanding what just came out of his mouth, right? I started out with the basics, so you go through basic digital forensics, dead-box forensics, and then they work up to network investigations and then network intrusions and virtual currency investigations. Now that I had what I needed, I didnt want the IT contractor to immediately start restoring from backup or doing something that would just ruin my evidence. Join Facebook to connect with Lindsey Beckwith and others you may know. Nikole Beckwith is an American actress, screenwriter, artist, and playwright. Like, its set up for every person? The internet was down for that office and my teammate jumped on the problem to try to figure out what was going on. So, its a slow process to do all this. That would just cost more time and money and probably wouldnt result in anything. My teammate wanted to know, so he began a forensic analysis. FutureCon brought in a great selection of speakers, attendees and vendors, which made networking easy and fun," said Beckwith. Recently Investigator Beckwith developed two cybersecurity training programs, teaching more than 1600 officers how to respond to cybercrime and over 4400 government employees on information security best practices. It takes a long time, but its better to capture it now, because nothing else will, and its good to have something to go back to and look at just in case. But she kept asking them to send her data on the previous incident. Lets triage this. NICOLE: So, during the conversation when Im asking if they need assistance, theyre explaining to me that IT has it. But depending on how big these snapshots are, each of these questions can take a while to get answers to. NICOLE: My background is in computers and computer programming. By clicking Accept, you consent to the use of ALL the cookies. Manager, Information Security Risk Management, Scroll down until you see the section labelled Scripting, Under Active Scripting, select Enable and click OK, Select the menu icon on the browser toolbar, Click the Show advanced settings link then Content Settings in the Privacy section, Select Allow all sites to run JavaScript (recommended) and click Done, Select the checkbox next to Enable JavaScript. But Im just getting into the main production server, what I thought was just a server for the police department. He checks with them and says nope, nobody is logged into our servers right now, either. It was like drinking from a fire hose. For whatever reason, someone decided that it was too much of a risk to have the webmail server exposed to the internet for people to log into, but thought it was perfectly fine to have the domain controller exposed to the internet for people to log into instead? JACK: Stay with us because after the break, things dont go as planned. [MUSIC] If she kicked out the hacker, that might cause her tools to miss the information she needs to prove whats going on. I always had bottles of water and granola bars or energy bars, change of clothes, bath wipes, deodorant, other hygiene items, all of those things, of course. Obviously they connected from a public IP, and she had that, but then from there she did a geo-IP lookup to see where this IP address may be located physically in the world. Do you have separate e-mail address, password? (OUTRO): [OUTRO MUSIC] A big thank you to Nicole Beckwith for sharing this story with us. Looking through the logs and data she collected, she looks at the IP address of the user, which is sort of a digital address. Maybe shes just way overthinking this whole thing and shell get there and its just a false alarm. She has also performed live with a handful of bands and sings on Tiger Saw's 2005 record Sing! Advanced Security Engineer, Kroger. Nicole Beckwith wears a lot of hats. NICOLE: Because your heart sinks when you see that. Click, revoking access. See Photos. It wasnt nice and I dont have to do that very often, but I stood in front of his computer until he locked it down. Yes, they outsource some of the computer management to another company. Learn more So, Step One is shes gotta get into that domain controller which is like the central brain of the network, and take a snapshot of the memory which is whats in RAM, because whatever data is in memory is whats being ran right now, and it changes moment to moment. Contact Nicole Beckwith, nmbeckwi@syr.edu, (315) 443-2396 for more information. NICOLE: So, Im asking the police chief, Im asking the police lieutenant, who else has access to this? Nicole Beckwith wears a lot of hats. Nicole has dedicated her life to fighting online threats and combating cybercrime. 555 White Hall. [MUSIC] Hes like oh no, we all have the admin credentials; theyre all the same. So, Im resetting that. I do want to do a quick disclaimer of what I discuss in this episode is either publicly available information or I received prior approval to discuss this, so, I do want to get that out there. This router crashed and rebooted, but why? What system do you try to get into first? NICOLE: So, the Secret Service kept seeing my name in all these reports. So, Im already aware of this agency because its in my jurisdiction, so we had reached out when they were hit to offer any assistance. JACK: Its funny though because youre calling for backup to go to the police department. They ended up firing the security vendor that they were using. Yeah, so, admin credentials to this server, to RDP in, and then theyre checking their e-mail. How did it break? We c, Following the technical issues from today's CTF, all tickets have been refunded. Is it the secretary that just logged in? In this episode she tells a story which involves all of these roles. Nicole Shawyne Cassady Security Guard & Patrol Accepted Independent, LLC 1335 Jordans Pond Ln Charlotte, NC 28214-0000 Printed November 10, 2016 at 13:47:03 Page 2 of 11. We see theres a local IP address thats on the network at this time. Marshal. Find Nicole Beckwith's phone number, address, and email on Spokeo, the leading online directory for contact information. Nicole Beckwith - Mind Hacks - Psychological profiling, and mental health in OSINT investigations 2,804 views Oct 19, 2020 83 Dislike Share Save conINT 1.9K subscribers I'm going to discuss the. National Collegiate Cyber Defense Competition #ccdc JACK: Apparently what him and others were doing were logging into this server through Remote Desktop and then using this computer to log into their webmail to check e-mail? Nicole Beckwith, a top cybersecurity expert, says it doesn't have to be this way. NICOLE: After I run all of the quick stuff with Volatility, Im analyzing that really quickly to see what accounts are active, whos logged in, are there any accounts that are rogue? That was their chance to shine, and they missed it. This is a law enforcement investigation at this point. The investigators were able to see whoever hacked into the mayors computer was coming from somewhere in Europe. It took down the patrol vehicles, it took down the entire police department, and Im told also some of the city laptops because they ended up being connected in a few different places. I also had two triage laptops, so, both a Mac and a PC. Theres only one access. Well, they asked the mayor if they could investigate his home PC and he said yes. In that role, she curates Priority Intelligence Requirements (PIRs) with key stakeholders in the Aviation Cybersecurity & Technology Risk organization. NICOLE: So, a week later, Im actually I just happened to be on the phone with the lieutenant on an unrelated matter. You successfully log-in. We try to keep people curious about exploring web applications for bits of information or trying out new techniques . She is also Ohios first certified female police sniper. You kinda get that adrenaline pumping and you [00:25:00] see that this isnt a false positive, cause going over there Im wondering, right, like, okay, so their printers went down; is this another ransomware, potential ransomware incident? Necessary cookies are absolutely essential for the website to function properly. Discover Nikole Beckwith 's Biography, Age, Height, Physical Stats, Dating/Affairs, Family and career updates. Im like okay, stop everything. I reiterate; okay, youre logging in from your house to the police departments domain server to check your e-mail? Nicole B. NICOLE: So, after this conversation with the security contractor, I go back and do an analysis. Cybersecurity Ms. Beckwith is a former state police officer, and federally sworn U.S.