Former contractor accused of remotely accessing town’s water treatment facility

10 months ago AndyC

A federal grand jury has indicted a former employee of a contractor operating a California town’s wastewater treatment facility, alleging that he remotely turned off critical systems and could have endangered public health and safety.

Former contractor accused of remotely accessing town's water treatment facility

A federal grand jury has indicted a former employee of a contractor operating a California town’s wastewater treatment facility, alleging that he remotely turned off critical systems and could have endangered public health and safety.

53-year-old Rambler Gallor of Tracy, California, held a full-time position at a Massachusetts company that was contracted by the town of Discovery Bay to operate its water treatment plant.

Gallor is said to have had an “instrumentation and control tech” role at the plant, which he did from July 2016 to December 2020.

However, according to the indictment, Gallor is alleged to have planted software that allowed him to gain remote access to systems on the computer network of Discovery Bay’s Water Treatment facility from his personal computer.

Specifically, it is alleged that after resigning his position in January 2021. Gallo accessed the facility’s computer system remotely and “transmitted a command to uninstall software that was the main hub of the facility’s computer network and that protected the entire water treatment system, including water pressure, filtration, and chemical levels.”

A US Department of Justice press release gives no explanations or possible motive for Gallo’s alleged actions.

However, if the claims are true, then it would suggest that once again an organisation has failed to control who has access to sensitive systems properly. When a member of staff or contractor either leaves the organisation or is assigned a different role within the company, it is essential that rights to systems that they should no longer be able to access are revoked.

My mind instantly went back to June 2021, when it was reported that malicious hackers had compromised a water treatment plant serving San Francisco Bay, having used a former employee’s TeamViewer account to gain remote access.

Too often disgruntled current and former employees have been able to exploit their access privileges and cause damage that can be as bad as (or even worse) than that committed by conventional cybercriminals.

It is particularly important that proper access controls are put in place, and regularly evaluated, when it comes to critical infrastructure such as water treatment plants.

In October 2021, authorities warned that wastewater systems are being regularly targeted by ransomware gangs attempting to extort money by interrupting operations. The last thing they probably need is to be worrying about rogue former employees as well.

If convicted, Gallo faces a maximum statutory penalty of 10 years in prison and a fine of US $250,000.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , ,

More Stories

million reward offer for apprehension of unmasked LockBit ransomware leader

$10 million reward offer for apprehension of unmasked LockBit ransomware leader

4 hours ago AndyC
Dell discloses data breach impacting millions of customers

Dell discloses data breach impacting millions of customers

10 hours ago AndyC
FBI Warns US Retailers That Cybercriminals Are Targeting Their Gift Card Systems

FBI Warns US Retailers That Cybercriminals Are Targeting Their Gift Card Systems

10 hours ago AndyC

How Criminals Are Using Generative AI

10 hours ago AndyC
Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

16 hours ago AndyC
Zscaler is investigating data breach claims

Zscaler is investigating data breach claims

16 hours ago AndyC

You may have missed

Rapid7 unveils patented ransomware prevention technology

Rapid7 unveils patented ransomware prevention technology

54 mins ago AndyC
Exclusive: How AvePoint is tackling complex data management

Exclusive: How AvePoint is tackling complex data management

4 hours ago AndyC
Cloudflare launches comprehensive suite for cyber risk management

Cloudflare launches comprehensive suite for cyber risk management

4 hours ago AndyC
ManageEngine integrates Log 360 with Constella for dark web monitoring

ManageEngine integrates Log 360 with Constella for dark web monitoring

4 hours ago AndyC
<div>CrowdStrike & NinjaOne unite for comprehensive cyber defence</div>

CrowdStrike & NinjaOne unite for comprehensive cyber defence

4 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.