Sabotage of a water treatment facility: a former employee endangered the health of thousands of people
12.07.2023

We often report on incidents involving former employees. This time it is an incident that could have had serious consequences not only for the company itself but also for a large number of people.

A former employee of Discovery Bay Water Treatment Facility in California has been apprehended and charged for launching a cyberattack on a water treatment plant.

Rambler Gallo, 53, worked as an "instrumentation and control tech" for a private Massachusetts company contracted to operate the water treatment facility in Discovery Bay from July 2016.

The attack targeted the plant's computer systems, which are responsible for managing and controlling the facility's operations. According to the indictment, Gallo allegedly installed remote control software on both his employer's systems and his personal computer. This software granted him the ability to monitor instrumentation readings and manipulate the mechanical processes at the facility. The motive behind Gallo's actions, which endangered the health and safety of approximately 15,000 residents of Discovery Bay, remains unclear.

The U.S. Department of Justice's press release states that Gallo sent remote commands to the water treatment facility's computers, deliberately uninstalling critical software tools responsible for monitoring water pressure, filtration, and chemical levels.

“If convicted, Gallo faces a statutory maximum penalty of 10 years in prison and a fine of $250,000. As part of any sentence, the court may also order an additional term of supervised release, additional assessments and restitution, if appropriate.” it said.

Unfortunately, incidents like this are fairly common.  Here are a few more incidents  involving former employees: The Ubiquiti incident, The Credit Union incident.

This incident serves as a wake-up call for organizations to prioritize cybersecurity and implement robust measures to safeguard critical infrastructure. In particular, it is important to keep track of who has access to critical information in the organisation. Our FileAuditor solution can help you prevent unwanted accesses, obtain total visibility, keep track of any operation on sensitive data and much more.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.