A former employee of Discovery Bay Water Treatment Facility in California was indicted by a federal grand jury for intentionally attempting to cause malfunction to the facility’s safety and protection systems.
Rambler Gallo, 53, was a full-time employee of a private Massachusetts company under contract with Discovery Bay to operate the town’s water treatment facility. He had an “instrumentation and control tech” role, which he fulfilled between July 2016 and December 2020.
The indictment alleges that Gallo had installed remote control software on his employer’s systems and also his personal computer, which enabled him to monitor instrumentation readings and control the electromechanical processes of the facility.
In January 2021, Gallo resigned from his employer and used his personal computer to remotely access the facility’s network, deliberately attempting to cause harm.
A press release from the U.S. Department of Justice says that Gallo sent remote commands to the water treatment’s computers to uninstall critical software tools responsible for monitoring water pressure, filtration, and chemical levels on the water.
It is unclear why Gallo acted in a way that endangered the health and safety of 15,000 residents of Discovery Bay town that the water treatment plant served.
The case of R. Gallo underlines the risks associated with improper access management to critical infrastructure systems, especially in the case of public utilities with an impact on entire communities.
A context of poor cybersecurity practices can lead to significant damage from disgruntled employees with extensive access privileges or hackers.
One example is the 2021 attack on the water treatment system for the city of Oldsmar, in Florida, where threat actors attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels.
In the aftermath of this incident, which served as a wake-up call to the associated risks, the U.S. Water and Wastewater Systems (W.W.S.) revealed that ransomware gangs are regularly targeting public facilities nationwide to interrupt operations for make a profit of it.
Comments
Wannabetech1 - 10 months ago
As I've heard before, just because something can be connected to the internet, doesn't mean it should be.
ar4996 - 10 months ago
Oldsmar was not an actual Cyber attack.
h_b_s - 10 months ago
Oldsmar was not a cyber attack as initially reported. The press jumped all over this without waiting to find out the real facts of the case, then completely ignored the follow up story.
The facts are an employee screwed up (and fixed it) then law enforcement tried to cover up his mistake by blaming "hackers" for reasons of their own. And of course, the press completely got out of hand because it meant outrage and sensationalism that drives their revenue stream. Facts be damned.
https://www.abcactionnews.com/news/local-news/i-team-investigates/fbi-and-former-city-manager-say-oldsmar-cyberattack-never-happened
Wannabetech1 - 10 months ago
So nothing was connected and this happened anyway?
NewSurak - 10 months ago
KInda feels like Gallo developed his own tech solution and wanted to be paid for it.