If convicted, Rambler Gallo faces up to 10 years in prison and a fine of $250,000.
Rambler Gallo, a 53-year-old resident of Tracy, California, has been formally indicted by a federal grand jury in the Northern District of California for allegedly hacking the computer systems of an East Bay-based water treatment facility in 2021.
According to the US attorney’s office, Gallo launched a cyberattack on the Discovery Bay Water Treatment Facility to delete critical software. He is now facing federal criminal charges.
The indictment was filed on June 27, 2023, and sealed today, revealing shocking details of the attack on the facility. According to the indictment, Gallo worked as a full-time employee at a private firm in Massachusetts, referred to as Company A. This company had a contract with the Discovery Bay facility, which entitled it to oversee the town’s wastewater treatment service.
According to the DoJ’s press release, while employed at Company A (between July 2016 and December 2020), Gallo served as its instrumentation and control technician. His responsibilities included maintaining instrumentation and computer systems that controlled the electromechanical processes of the facility, which served the 15,000 residents of the town.
Gallo is accused of installing software on his personal computer and Company A’s private internal network to obtain remote access to Discovery Bay’s computer network while performing his duties.
In January 2021, he resigned from Company A, and in the same month, he remotely accessed the water treatment facility’s computers and sent a command to uninstall software. This software was critical to operating the facility’s computer network and protecting its water treatment systems, including water filtration, water pressure, and chemical levels maintenance.
The jury has charged Gallo with one count of transmitting a program, information, code, and command to cause damage to a protected computer. If convicted, the accused faces up to 10 years in prison and a fine of $250,000.
Additionally, he may face supervised release at the end of his prison term, as well as assessments and restitution if necessary. However, it is worth noting that the charges in an indictment are mere allegations, and the suspect will be treated as innocent until proven guilty.
Water treatment facilities often become easy targets for cyberattacks, and mainly former employees are involved. The most famous incident involved a water plant in Oldsmar, Florida, initially dubbed a cyberattack, but further investigation revealed that human error caused the issue.
In April 2021, 22-year-old Wyatt Travnichek from Ellsworth County, Kansas, was indicted by the US Department of Justice (DoJ) for hacking and tampering with a public water facility.
RELATED ARTICLES
- 100s of Russian Building Controllers Can be Remotely Hacked
- CISA – Ransomware targeted SCADA systems of 3 US water facilities
- Chinese hackers attack National Data Center with watering hole attack