Man Charged With Remote Attack on Water Plant

Written by

A man has been charged with intentionally attempting to sabotage the IT infrastructure running a Californian town’s water treatment facility.

Rambler Gallo, 53, of Tracy, California, worked for a Massachusetts-based company contracted to operate the water plant at Discovery Bay, around 60 miles from San Francisco.

He worked from 2016 to 2020 as the company’s instrumentation and control technician, which meant he was responsible for the computer systems used to control the processes of the plant, serving some 15,000 residents.

Read more on OT threats: Researchers Reveal 56 OT Bugs in “Icefall” Report

However, on resigning in January 2021, Gallo remotely accessed the facility’s computer system via software he’d previously installed on his PC while working at his former employer, according to the Justice Department (DoJ).

He then sent a command to uninstall critical software used to manage the water plant’s computer network, which the DoJ claimed protected the entire water treatment system, including water pressure, filtration and chemical levels.

It’s unclear why he did so, although a grudge against his former employer would be a good bet, or what the outcome was of his actions.

However, Gallo has now been charged with one count of transmitting a program, information, code and command to cause damage to a protected computer. If convicted, he faces a maximum of 10 years behind bars and a fine of $250,000.

The case calls to mind a similar incident in 2016 in which threat actors hackers took advantage of outdated operational technology (OT) systems and poor internal security to access 2.5 million financial records and attempt to alter the water supply.

A more recent incident in the Florida city of Oldsmar in 2021 was originally reported as another remote attack by an individual who tried to increase the amount of sodium hydroxide (lye) in the water almost 100-fold. However it subsequently emerged that this was simply down to employee error.

What’s hot on Infosecurity Magazine?