So, theres this practice in IT security of giving your users least privilege. Nicole Beckwith - Mind Hacks - Psychological profiling, and mental health in OSINT investigations 2,804 views Oct 19, 2020 83 Dislike Share Save conINT 1.9K subscribers I'm going to discuss the. JACK: There wasnt just one other active user, either; there were a few other people logged into this domain controller as admin right now. One time when I was at work, a router suddenly crashed. Recently Nicole developed two cybersecurity training programs, teaching more than 1600 officers how to respond to cybercrime and over 4400 government employees on information security best practices. She worked as a financial fraud Investigator and digital forensic examiner for the State of Ohio and a Task Force Officer for the United States Secret Service in their Financial and Electronic Crimes division. The city council member? [MUSIC] If she kicked out the hacker, that might cause her tools to miss the information she needs to prove whats going on. [1] and Sam Rosen's 2006 release "The Look South". JACK: Its funny though because youre calling for backup to go to the police department. But they didnt track this down any further. Lets triage this. Having a system running Remote Desktop right on the internet just attracts a ton of people to try to abuse the system. . Nutrition Science & Dietetics Program. Take down remote access from this server. So, these cases that started out at her police department would sometimes get handed over to one of these other federal units. Together Together. In this case, backup just for the forensics, but in some cases I am asking for backup for physical security as well. The investigators were able to see whoever hacked into the mayors computer was coming from somewhere in Europe. He checks with them and says nope, nobody is logged into our servers right now, either. [MUSIC] So, I made the request; they just basically said sure, whatever. the Social Security Administration's data shows . I have a link to her Twitter account in the show notes and you should totally follow her. So, armed with this information, obviously I have to make my leadership aware. Once she has this raw dump of everything on her USB drive, shell switch the USB drive over to her computer to begin analyzing everything. [MUSIC] He looked at the environmental data before the crash. Nicole has dedicated her life to fighting online threats and combating cybercrime. They ended up firing the security vendor that they were using. Yeah, so, admin credentials to this server, to RDP in, and then theyre checking their e-mail. She is an international speaker recognized in the field of information security, policy, and cybercrime. There are 20+ professionals named "Nicole Beckwith", who use LinkedIn to exchange information, ideas, and opportunities. Or listen to it on Spotify. Nicole Beckwith is a Sr. Cyber Intelligence Analyst for GE Aviation where she and the intelligence team research and mitigate new and existing cyber threats to keep the company and its employees safe. How much time passes? Sometimes, like you mentioned, most folks forget that you might be at an incident for quite some time, so I always had non-perishable food items ready. By David E. Sanger and Nicole Perlroth. NICOLE: [MUSIC] I got, oh gosh, a whole host of different training. (702) 636-0536 (Central Tel Co) is the number currently linked to Alyssa. In this episode, Jack Rhysider interviews Nicole Beckwith, a former state police officer and US marshal, who at the time is a digital forensic examiner for The State of Ohio. He could sabotage users like change their passwords or delete records. NICOLE: So, the Secret Service kept seeing my name in all these reports. But it was around this time when Nicole moved on to another case and someone else took over that investigation. Im also working to make sure that there is a systems administrator there to give me access to the servers, log-in details, making sure I have access to the room to even get to the server. Its also going to show what processes are running, what apps are open, the names of all the files on the systems, the registry, network connections, users logged in, and system logs. See full bio . Background Search: Kerrie Nicole B. Confusion comes into play there. It wasnt the best restore, but it allowed people to get up and working fairly quickly. As such, like I said, I was called out to respond to cyber incidents. JACK: She worked a lot with the Secret Service investigating different cyber-crimes. The internet was down for that office and my teammate jumped on the problem to try to figure out what was going on. jenny yoo used bridesmaid dresses. Kroger, +5 more University of Cincinnati, +2 more Nicole Beckwith . 3 wins & 5 nominations. JACK: Well, thats something for her at least to look at. Writer and director of the new film 'Together Together' Nikole Beckwith spoke to Decider about the film's ending, its wonderful stars, and her advice to aspiring female filmmakers. https://twitter.com/NicoleBeckwith Sponsors Support for this show comes from IT Pro TV. They ended up choosing a new virus protection software. Nicole will celebrate 30th birthday on November 30. A whole host of things are running through my head at this point. Manager, Information Security Risk Management, Scroll down until you see the section labelled Scripting, Under Active Scripting, select Enable and click OK, Select the menu icon on the browser toolbar, Click the Show advanced settings link then Content Settings in the Privacy section, Select Allow all sites to run JavaScript (recommended) and click Done, Select the checkbox next to Enable JavaScript. This category only includes cookies that ensures basic functionalities and security features of the website. We see theres a local IP address thats on the network at this time. [MUSIC] I said wait, isnt that what happened the first time you guys were hit? But then we had to explain like, look, we got permission from the mayor. 5 Geoffrey Michael Beckwith Private Investigator Approval Private Investigator License. It does not store any personal identifiable information. She asked the IT guy, are you also logged into this server? I am a cyber security professional who wants to help the local high school Cyber Academy students learn to develop and hack with hands on tools. Adherence to Antiretroviral Therapy Among HIV-Infected Drug-Users: A Meta- Analysis. Ms. Beckwith works as an Advanced Security Engineer for the Kroger Technology Automation and Tools team. So, in my opinion, it meant that well never know what caused this router to crash. I always had bottles of water and granola bars or energy bars, change of clothes, bath wipes, deodorant, other hygiene items, all of those things, of course. Director of Dietetic Internship Program. Nicole Beckwith of the Ohio Auditor's Office helped investigate Jillian Sticka, the Xenia woman convicted of cyberstalking three people, including me. She worked as a financial fraud Investigator and digital forensic examiner for the State of Ohio and a Task Force Officer for the United States Secret Service in their Financial and Electronic Crimes division as an incident responder and digital forensic examiner. JACK: Its clear to her that she needs to kick the admins out immediately, but another thought comes into her head. We would love the assistance. Not a huge city, but big enough that you a ransomware incident would take them down. This is Darknet Diaries. JACK: How did they respond to you? While all thats going on, shes poking around in the server, looking for anything out of the ordinary, and she finds something. 1. Marshal. So, she grabs this thing and jumps in her car, and starts driving to the police department. Then on top of that, for forensics, I would also include my WiebeTech Ditto machine for imaging. Cybercrime Radio: Nicole Beckwith on Cybersecurity and Mental Health Yet Ms. Neuberger, who held several key posts at the National Security Agency, noted that although the . Recently Nicole developed two cybersecurity training programs, teaching more than 1600 officers how to respond to cybercrime and over 4400 government employees on information security best practices. Marshal. They were just learning now that all this happened, that the printers went down, that there were unauthorized admins accessing the network, and that the Secret Service is there onsite doing an investigation. Its purpose is to aid journalists, conference organizers, and others in identifying and connecting with expert sources beyond those in their existing Rolodexes. For instance, with domain admin access, the mayor could easily read anyones e-mail, not just his. We just check whatever e-mail we want. So, having that in the back of my head, of course youre wondering why is this person logged in and then, he does have motive to be upset with the police department. Search Report. Support for this show comes from Exabeam. Nikole Beckwith is a writer and director, known for Together Together (2021), Stockholm, Pennsylvania (2015) and Impulse (2018). In this role she is responsible for the planning, design and build of security architectures to ensure a strong security posture, compliance with regulations, and safeguard customer's data. For more information, please contact: Todd Logan PCSI Coordinator HIV/STD Prevention & Care Branch Texas Department of State Health Services 512-206-5934 Nicole.beckwith@dhhs.nc.gov Printable PDF version of PCSI Success Story Because of the fact that we werent sure what the intrusion vector was at that point, like how they initially got in, Im also changing the password of the supposed admin, the person whos supposed to have access. https://www.secjuice.com/unusual-journeys-nicole-beckwith/, Talk from Nicole: Mind Hacks Psychological profiling, and mental health in OSINT investigations. Obviously its both good and bad, right? My Name is Nicole Beckwith and I have made a living around OSINT. Learn more So, she was happy that they finally turned off public access to this computer, and left. The brains of the network was accessible from anywhere in the world without a VPN. Nicole Berlin Assistant Curator of Collections 781.283.2175 nicole.berlin@wellesley.edu. It would have been hit again if it wasnt for Nicoles quick reactions. For a police department to be shut off from that system, which they were denied access to that, they had to use another agency to pull data. There was credentials stolen. JACK: So, Secret Service; thats who protects the president, right? When Im initially responding, Im looking at the server, getting the log-in information from the lieutenant. [00:40:00] We go meet with the mayor, and I start the conversation. She worked as a fraud investigator and digital forensic examiner for the State of Ohio and a Task Force Officer for the United States Secret Service in their Financial and Electronic Crimes division. I immediately start dumping the memory, so Volatility is one of my hands-down favorite tools to use. So, they give me a list and there are actually several people on this list, the mayor being one of them, and all of the city council, a secretary. NICOLE: I have a conversation with the security vendor and say look, can you give me a list of all of the admins that have access to this computer? It took down the patrol vehicles, it took down the entire police department, and Im told also some of the city laptops because they ended up being connected in a few different places. Could they see the initial access point? Marshal. The network was not set up right. A roller coaster of emotions are going through my head when Im seeing who its tied back to. JACK: At this point, she knows for sure whoever is logged into this server should not be there. We really need to talk to you about this because its coming back to you. I also had two triage laptops, so, both a Mac and a PC. Syracuse, New York 13244. Nothing unusual, except the meeting is taking place in a living room, not an . Program Objective Our Mission & Goals Nicole L. Beckwith. NICOLE: Yeah, I was probably logging in to check my mail, my e-mail. So, social security numbers and birthdates, and drivers license, and sensitive information about cases as well as a whole host of other things that a police department has overseen, right? Ms. Beckwith works as an Advanced Security Engineer for the Kroger Technology Automation and Tools team. In this episode she tells a story which involves all of these roles. All Rights Reserved. If the wrong bit flips, it could cause the device to malfunction and crash. or. I reiterate; okay, youre logging in from your house to the police departments domain server to check your e-mail? JACK: Something happened months earlier which meant their backups werent actually working. They were like yeah, we keep seeing your name pop up on these cases and wed really like to talk to you. Who is we all? Your help is needed now, so lets get to work now. Nicole recently worked as a Staff Cyber Intelligence Analyst for GE Aviation tracking and researching APT and cybercrime groups and conducting OSINT investigations for stakeholders. Editing help this episode by the decompiled Damienne. JACK: Whoa, its crazy to think that this IT company had to have the Secret Service explain the dangers of why this is a problem. So, Im changing his password as well because I dont know if thats how they initially got in. Are there any suspicious programs running? Learn more about our Master of Arts in Nutrition Science program. These cookies will be stored in your browser only with your consent. She's a programmer, incident responder, but also a cop and a task force officer with the Secret Service. Hepatitis C Testing at BCDH. One day, a ransomware attack is organized at a police station in America. So, Nicole packs up and leaves the mayors office with more questions now than before she arrived. Nicole B. She also volunteers as the Director of Diversity and Inclusion for the Lakota High School Cyber Academy. Forensic . Theyre like, nobody should be logged in except for you. Sometimes you never get a good answer. Maybe a suspect or theres a case or they got pulled over. A few minutes later, the router was back up and online and was working fine all on its own. Sign Up. People named Nicole Beckwith. Thank you. Bryan Beckwith Security Supervisor 781.283.2080 BBeckwi2@wellesley.edu. JACK: What she realized was this police stations domain controller was accessible from the internet over Remote Desktop. Its hard to narrow down all the packets to find just what you need. Yeah, well, that might have been true even in this case. 31 followers 30 connections. Other useful telephone numbers: Collins Caf 781.283.3379 They shouldnt be logging in from home as admin just to check their e-mail. Beckwith. 210 E Flamingo Rd, Las Vegas, NV is the last known address for Nicole. Am I gonna see multiple accounts logging in? JACK: Now, at this point, Nicole is doing more mental gymnastics to try to figure out how and why. She can use alternative names such as Nicole M Beckwith, Nicole Beckwith. [MUSIC] Like, all the computers in the police department were no longer functioning. JACK: Apparently what him and others were doing were logging into this server through Remote Desktop and then using this computer to log into their webmail to check e-mail? Is there anyone else who manages these computers? JACK: She swivels around in her chair, moving the USB stick from the domain controller to her laptop to start analyzing it, then swivels back to the domain controller to look for more stuff. She studied and learned how to be a programmer, among other things. United States. The OSINT Curious Project is a source of quality, actionable, Open Source Intelligence news, original blogs, instructional videos, and a bi-weekly webcast/podcast. People can make mistakes, too. Nicole Beckwithwears a lot of hats. Were just like alright, thank you for your time. These cookies do not store any personal information. I can see why theyre upset but professionally, theres no time for that. When she looked at that, the IP was in the exact same town as where this police department was. Sometimes, a movie feels like it's on the verge of something. Beckwith Electric advanced protection and control IEDs have incorporated state of the art cyber security features to prevent malicious attacks and comply with present as well as the upcoming NERC CIP requirements. A few days later, the manufacturer told us they analyzed the core dumps and said the reason for the crash was spurious emissions from space. Yeah, whenever were working from home or were remote, we just and were not in front of our computer, we just log into the server and check our e-mail. Modify or remove my profile. When can you be here? These training courses are could vary from one week to five weeks in length. So, yeah, so you go into the back, youre on the phone with the local IT admin, youre trying to figure out whats going on. Looking through the logs and data she collected, she looks at the IP address of the user, which is sort of a digital address. Listen to this episode from Breadcrumbs by Trace Labs on Spotify. So, a week later, what happens? My teammate wanted to know, so he began a forensic analysis. 2. So, I didnt know how much time I had before what I assumed was going to be ransomware was likely deployed again. Formally trained by the United States Secret Service at the National Computer Forensics Institute in digital forensics, network investigations, network intrusion response and virtual currency investigations. When Im probing them for a little bit more details like hey, do you know what happened? The mayor of the city is who hacked into the computer and planted malware on it and was about to detonate it to take the police departments network down again? . NICOLE: So, a week later, Im actually I just happened to be on the phone with the lieutenant on an unrelated matter. He said yeah, actually, this is exactly what happened that morning. Find your friends on Facebook. JACK: [MUSIC] [00:05:00] A task force officer for the Secret Service? She is also Ohios first certified female police sniper. But she kept asking them to send her data on the previous incident. She worked as a financial fraud Investigator and digital forensic examiner for the State of Ohio and a Task Force Officer for the United States Secret Service in their Financial and Electronic Crimes division. She looks at her boss whos also in the room and then back to the mayor, and asks him another question. Logos and trademarks displayed on this site are the property of the respective trademark holder. Yes, they outsource some of the computer management to another company. Nicole is an international keynote speaker recognized in the fields of information security, policy, OSINT and cybercrime. Nicole has since moved on from working with the Secret Service and is currently a security engineer where she plans, designs, and builds network security architectures. For whatever reason, someone decided that it was too much of a risk to have the webmail server exposed to the internet for people to log into, but thought it was perfectly fine to have the domain controller exposed to the internet for people to log into instead? 56 records for Nicole Beckwith. Then one day, about seven years into doing digital forensics work, she saw some news that a police station in her jurisdiction was hit with ransomware. Nikole Beckwith is a self-taught filmmaker with a background in theater, who made her feature film debut with Stockholm, Pennsylvania, which she directed from her own Black List recognized script. But she did follow up to see what happened. NICOLE: Yeah, so, for somebody that has complete admin access as a couple of these folks did, they potentially have access to everything thats on this server. Nicole has been found in 20 states including New York, California, Maryland, Kansas, Connecticut. (OUTRO): [OUTRO MUSIC] A big thank you to Nicole Beckwith for sharing this story with us. In that role, she curates Priority Intelligence Requirements (PIRs) with key stakeholders in the Aviation Cybersecurity & Technology Risk organization. In the meantime, she fires up Wireshark which is a packet-capture tool. But this takes a while; a few days, maybe weeks. Together Together, writer/director Nikole Beckwith's second film, fills a space you may not have realized was missing in pop culture. Marshal. Lives in Charleston, South Carolina. She worked as a fraud investigator and digital forensic examiner for the State of Ohio and a Task Force Officer for the United States Secret Service in their Financial and Electronic Crimes division. But she had all her listeners open and ready in case something did happen. The servers kinda sitting not in the middle of the room but kinda away from the wall, so just picture wires and stuff all over the place. So, as soon as you kick that person out of the system, you breathe a very faint sigh of relief, right, cause you still dont you have a lot of unknowns, but at least you know that one big threat is eliminated for the moment. Her training took her to another level, but then the experience of doing digital forensics gave her more insight and wisdom. Like, its set up for every person? Also a pen and ink artist, Beckwith's comics have been featured on NPR, WNYC, the Huffington Post and the Hairpin, among others. And use promo code DARKNET. In that time, she starts thinking about why someone locally in this town might want to hack into the police departments computers. E056: Holiday Traditions w/Nicole Beckwith. NICOLE: Again, immediately its obviously you shut that down. For more information about Sourcelist, contact us. Erin has been found in 13 states including Texas, Missouri, Washington, Ohio, California. Ms. Beckwith is a former state police officer, and federally sworn U.S. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. So, theres a whole host of people that have access to this server. But from my point of view, they completely failed the police department on that first incident. So, a toaster is a hard drive or a SATA dock that you can plug a hard drive into and do imaging or whatever. Whats in your go-bag, though? NICOLE: [MUSIC] So, when I see the address and the person that is connected to this search warrant, Im a little bit baffled. NICOLE: So, after this conversation with the security contractor, I go back and do an analysis. It is built on the principle that technology policy stands to benefit from the inclusion of the ideas, perspectives, and recommendations of a broader array of people. But this, this is a bad design. She checks the status of her Volatility tool, and its almost done collecting what she needs. Nicole is an international keynote speaker recognized in the fields of information security, policy, OSINT and cybercrime. So, you have to have all those bases covered, so, Im making a lot of phone calls. From there, the attacker logged into the police station, and thats how the police station got infected with ransomware the first time and almost a second time. "What a tremendous conference! This case was a little different because of the ransomware in the past and knowing that as soon as they lost their printers, it was within an hour that the ransomware was deployed. Copyright 2020-2021 conINT.io and the National Child Protection Task Force, Inc. All Rights Reserved. Im very direct typically, especially when Im doing an interview or an interrogation. So, they said thats awesome. Youve got to sit there waiting for all the memory to be copied over to the USB drive, but its more than just whatever memory is active in RAM. NICOLE: Yeah, so, they did a lot. Nicole Beckwith wears a lot of hats. NICOLE: As Im analyzing all of the data that I collected and the evidence, I ended up seeing that there was an external IP address that had been logged in at that time. NICOLE: I wanted to make contact at that point. Contact Nicole Beckwith, nmbeckwi@syr.edu, (315) 443-2396 for more information. So, we end up setting up a meeting with the mayor. Youre basically looking at a beach full of sand and trying to figure out that one grain of sand that shouldnt be there. Even in incident response you have to worry about your physical security. It actually was just across the street from my office at the state. She gets up and starts asking around the station. Im also calling a secondary agent and backup for me. It happened to be the same exact day, so Friday to Friday. It was not showing high CPU or out of memory. Doing reconnaissance on this case and looking at some of the past cases and just knowing the city and wondering who could potentially have an issue with the police department, I did run across some information that suggested that the mayor of the city may have taken an issue with the police department because he was actually previously, prior to becoming mayor, arrested by this police department. But Nicole still had this mystery; who the hell logged into the police station from the mayors home? She is also Ohio's first certified female police sniper. Im pulling reports, dumping that to a USB drive. They just had to re-enter in all that stuff from the last ten months back into the systems again. Sharing Her Expertise. "I believe in the possibility of the existence of anything I can't prove doesn't exist." Miranda. National Collegiate Cyber Defense Competition #ccdc NICOLE: Correct, yeah. The attacker put a keystroke logger on the computer and watched what the mayor did. Nicole Beckwith 43. JACK: [MUSIC] Another system admin was logged into this server at the same time she was. The mayor? Sourcelist is a database of qualified experts in technology policy from diverse backgrounds. When the security odds are stacked against you, outsmart them from the start with Exabeam.