A federal grand jury has indicted a man from Tracy, Massachusetts for intentionally causing damage to a protected computer after he was accused of remotely deleting critical software from a water treatment facility.
Massachusetts man charged with intentionally remotely sabotaging a Californian water treatment plant.
A federal grand jury has indicted a man from Tracy, Massachusetts for intentionally causing damage to a protected computer after he was accused of remotely deleting critical software from a water treatment facility. The man, Rambler Gallo, was employed as an “Instrumentation and Control Tech'' for a private company responsible for operating the Discovery Bay Water Treatment Plant, located in Discovery Bay California. The indictment was filed on June 27th, and was unsealed on July 6th. HackRead reports that Gallo apparently resigned from the company responsible for servicing the plant, and subsequently uninstalled the critical software on the water plant’s computers. (We note that Mr. Gallo is of course entitled to the presumption of innocence with respect to the allegations.)
The U.S. Attorney explains.
According to a press release from the U.S. Attorney’s office of the Northern District of California, “Prior to the attack on the Discovery Bay Water Treatment facility, Gallo, 53, of Tracy, Calif., was a full-time employee of a private Massachusetts-based company identified in the indictment as Company A. Company A contracted with Discovery Bay to operate the town’s wastewater treatment facility; the facility provides treatment for the water and wastewater systems for the town’s 15,000 residents. During his employment with Company A, from July of 2016 until December of 2020, Gallo was the company’s “Instrumentation and Control Tech,” with responsibility for maintaining the instrumentation and the computer systems used to control the electromechanical processes of the facility in Discovery Bay.” The indictment also charges Gallo with “transmitting a program, information, code, and command to cause damage to a protected computer.” If convicted, Gallo could face up to 10 years in prison and a $250,000 fine. The motives for such an attack (if indeed it was an attack and not human error) are unknown at the time of writing and, according to the press statement, the FBI is investigating the case.
Water treatment plants are historically an easy target for hackers.
HackRead explains that this isn't the first time a water treatment plant has been attacked, “In April 2021, 22-year-old Wyatt Travnichek from Ellsworth County, Kansas, was indicted by the US Department of Justice (DoJ) for hacking and tampering with a public water facility.”
Jay Smilyk, GM of America’s at NanoLock suggests that the U.S. 's water infrastructure is an easy target for hackers writing, “The increased exposure of our water facilities to insider and third-party threats is evident through the latest incidents at the Discovery Bay water treatment facility in California and Oldsmar water treatment facility in Florida. The repercussions of such attacks are far-reaching, encompassing compromised water quality and the potential for poisoning, underscoring the urgent need for heightened security measures.” Smilyk adds, “Regulatory focus is shifting from post-incident response to prevention-based cybersecurity. A recent memorandum by The Environmental Protection Agency (EPA) urges public water systems across the country to bolster their cybersecurity measures by meeting new cybersecurity requirements and making cybersecurity audits a part of regular inspections.”