A federal jury has indicted a former employee of a contractor operating a wastewater treatment facility in a California city, alleging that he remotely shut down critical systems and could have endangered public health and safety.
Rambler Gallor, 53, of Tracy, Calif., held a full-time position with a Massachusetts company contracted by the town of Discovery Bay to operate its water treatment facility.
Gallor is said to have held the position of “instrumentation and control tech” at the plant, which he held from July 2016 to December 2020.
However, according to the indictment, it is alleged that Glor planted software that allowed him to remotely access systems on the computer network of the Discovery Bay water treatment facility from his personal computer.
Specifically, it is alleged that after he resigned from his position in January 2021, Gallo remotely accessed the facility’s computer system and “transmitted a command to remove software that was the main hub of the facility’s computer network and that protected the entire water treatment system, including pressurized water, filtration and chemical levels.”
US Department of Justice News for the media does not provide explanations or a possible motive for Gallo’s alleged actions.
However, if the allegations are true, then it suggests that once again an organization has failed to properly control who has access to sensitive systems. When a team member or contractor leaves the organization or is assigned another position in the company, it is essential that the rights to systems that should no longer be able to be accessed are revoked.
My mind immediately went back to June 2021, so that was it report Malicious hackers breached a water treatment plant serving San Francisco Bay after using a former employee’s TeamViewer account to gain remote access.
All too often disgruntled current and former employees have been able to exploit their access privileges and cause damage that can be as bad (or even worse) than that done by regular cybercriminals.
It is especially important that adequate access controls are in place, and checked regularly, when it comes to critical infrastructure such as water treatment facilities.
In October 2021, the authorities warned that sewage systems are regularly targeted by ransomware gangs that try to extort money by disrupting operations. The last thing they probably need is to worry about wayward ex-employees as well.
If convicted, Gallo faces a maximum statutory penalty of 10 years in prison and a $250,000 fine.
Editor’s Note: The views expressed in this author’s article are solely those of the contributor, and do not necessarily reflect those of Tripwire.
