A federal grand jury indicts a former employee of a contractor who runs a sewage treatment plant in a town in California who may have remotely turned off a critical system, endangering public health and safety. bottom.
Rambler Galler, 53, of Tracy, Calif., had a full-time job at a company in Massachusetts that was commissioned to operate a water treatment plant by the town of Discovery Bay.
Galler is said to have held the role of “Instrumentation and Control Technology” at the plant from July 2016 to December 2020.
But according to the indictment, Galler allegedly implanted software that allowed his personal computer to remotely access systems on the Discovery Bay water treatment plant’s computer network.
Specifically, after resigning in January 2021, Gallo remotely accessed the facility’s computer system and “unlocked the software that protects the entire water treatment system, including water, which is the primary hub of the facility’s computer network.” I sent the command to install.” pressure, filtration, chemical level. “
U.S. Department of Justice press release No explanation was given for Gallo’s actions or possible motives.
However, if this claim is true, the organization’s failure to adequately control who has access to sensitive systems has failed yet again. When staff or contractor members leave the organization or are assigned to another role within the company, it is important to revoke their rights to systems they no longer have access to.
My heart immediately flew back to June 2021. report A malicious hacker used a former employee’s TeamViewer account to gain remote access and break into a water treatment plant that serves the San Francisco Bay.
Disgruntled current or former employees often abuse their access privileges to cause just as much (or more) damage than traditional cybercriminals.
When it comes to critical infrastructure such as water treatment plants, it is especially important to implement appropriate access controls and regularly evaluate them.
In October 2021 the authorities will warned Sewerage systems are regularly targeted by ransomware gangs seeking to disrupt operations and extort money. Perhaps what they need most is to worry about their dishonest ex-employees.
If found guilty, Gallo could face up to 10 years in prison and a fine of US$250,000.
Editor’s Note: The opinions expressed in this guest author article are those of the contributor only and do not necessarily reflect those of Tripwire.
