A federal grand jury indicts a former employee of a contractor who runs a sewage treatment plant in a town in California who may have remotely turned off a critical system, endangering public health and safety. bottom.

Rambler Galler, 53, of Tracy, Calif., had a full-time job at a company in Massachusetts that was commissioned to operate a water treatment plant by the town of Discovery Bay.

Galler is said to have held the role of “Instrumentation and Control Technology” at the plant from July 2016 to December 2020.

But according to the indictment, Galler allegedly implanted software that allowed his personal computer to remotely access systems on the Discovery Bay water treatment plant’s computer network.

Specifically, after resigning in January 2021, Gallo remotely accessed the facility’s computer system and “unlocked the software that protects the entire water treatment system, including water, which is the primary hub of the facility’s computer network.” I sent the command to install.” pressure, filtration, chemical level. “

U.S. Department of Justice press release No explanation was given for Gallo’s actions or possible motives.

However, if this claim is true, the organization’s failure to adequately control who has access to sensitive systems has failed yet again. When staff or contractor members leave the organization or are assigned to another role within the company, it is important to revoke their rights to systems they no longer have access to.

My heart immediately flew back to June 2021. report A malicious hacker used a former employee’s TeamViewer account to gain remote access and break into a water treatment plant that serves the San Francisco Bay.

Disgruntled current or former employees often abuse their access privileges to cause just as much (or more) damage than traditional cybercriminals.

When it comes to critical infrastructure such as water treatment plants, it is especially important to implement appropriate access controls and regularly evaluate them.

In October 2021 the authorities will warned Sewerage systems are regularly targeted by ransomware gangs seeking to disrupt operations and extort money. Perhaps what they need most is to worry about their dishonest ex-employees.

If found guilty, Gallo could face up to 10 years in prison and a fine of US$250,000.


Editor’s Note: The opinions expressed in this guest author article are those of the contributor only and do not necessarily reflect those of Tripwire.

cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ยฉ๏ธ All rights reserved. | Blue Training Academy Blog