This browser does not support the Video element.
Contractor remotely accessed computer: OIG report
A former Washington Metropolitan Area Transit Authority contractor remotely accessed his computer in Russia to log into WMATA systems containing critical and sensitive data, according to a report by the Office of the Inspector General.
WASHINGTON - A former Washington Metropolitan Area Transit Authority contractor remotely accessed his computer in Russia to log into WMATA systems containing critical and sensitive data, according to a report by the Office of the Inspector General.
The report says the OIG's cyber investigation began after they were alerted by WMATA's cyber security group in early January.
According to the report, WMATA investigators said they had detected abnormal network activity originating in Russia and found that the credentials of a contractor who was no longer working for them had been used to access a sensitive transit system directory.
Investigators confirmed that the contract had expired, and the former contractor did not work for WMATA at the time of this incident. The report also says that the former contractor's supervisor had allowed him to retain his high-level administrative access to the systems and networks, hoping the contract would be renewed.
The Office of the Inspector General said that the former contractor's initial version of events were not truthful, and that the computer in Russia was turned on remotely at the direction of the former contractor.
WMATA had hired the contractor through a U.S. based company to work on sensitive WMATA applications and systems including the transit agency's SmarTrip application used by customers to pay for fares at Metrorail stations.
The report says the Office of the Inspector General also requested from WMATA a list of contractors supporting the transit agency from outside the United States. The OIG said they were told the information requested was not tracked by WMATA.
"These matters, in the aggregate, are a cause for grave concern that WMATA's data, networks, and assets are at unacceptable risk of malicious penetration and compromise," said Metro General Manager and CEO Randy Clarke in the report.
Clarke also said that "the IT department has made measurable improvements in its cybersecurity program."