Here’s your reminder for today of the insider threat:
OAKLAND – A federal grand jury has indicted Rambler Gallo, charging him with intentionally causing damage to a protected computer after he allegedly accessed the computer network for the Discovery Bay Water Treatment Facility, located in the Town of Discovery Bay, Calif., and intentionally uninstalled the main operational and monitoring system for the water treatment plant and then turned off the servers running those systems, announced United States Attorney Ismail J. Ramsey and Federal Bureau of Investigation Special Agent in Charge Robert K. Tripp.
According to the indictment, filed June 27, 2023, and unsealed earlier today, prior to the attack on the Discovery Bay Water Treatment facility, Gallo, 53, of Tracy, Calif., was a full-time employee of a private Massachusetts-based company identified in the indictment as Company A. Company A contracted with Discovery Bay to operate the town’s wastewater treatment facility; the facility provides treatment for the water and wastewater systems for the town’s 15,000 residents. During his employment with Company A, from July of 2016 until December of 2020, Gallo was the company’s “Instrumentation and Control Tech,” with responsibility for maintaining the instrumentation and the computer systems used to control the electromechanical processes of the facility in Discovery Bay.
The indictment alleges that while Gallo was employed with Company A, he installed software on his own personal computer and on Company A’s private internal network that allowed him to gain remote access to Discovery Bay’s Water Treatment facility computer network. Then, in January of 2021, after Gallo had resigned from Company A, he allegedly accessed the facility’s computer system remotely and transmitted a command to uninstall software that was the main hub of the facility’s computer network and that protected the entire water treatment system, including water pressure, filtration, and chemical levels.
The indictment charges Gallo with one count of transmitting a program, information, code, and command to cause damage to a protected computer, in violation of 18 U.S.C. §§ 1030(a)(5)(A) and (c)(4)(B)(i). If convicted, Gallo faces a maximum statutory penalty of 10 years in prison and a fine of $250,000. In addition, as part of any sentence, the court may order an additional term of supervised release, additional assessments, and restitution, if appropriate. However, any sentence following conviction would be imposed by the court only after consideration of the U.S. Sentencing Guidelines and the federal statute governing imposition of a sentence, 18 U.S.C. § 3553.
The charges contained in an indictment are mere allegations. As in any criminal case, the defendant is presumed innocent unless and until proven guilty in a court of law.
Gallo made his initial federal court appearance this morning before U.S. Magistrate Judge Kandis A. Westmore. Gallo’s next appearance is scheduled for July 20, 2023 before Judge Westmore for further hearing on release conditions.
Assistant United States Attorney Cynthia Frey is prosecuting this case with assistance from Kathy Tat and Kevin Costello. The case is being investigated by the FBI.
Further Information:
Case #: CR 4:23-cr-00195 HSG
Source: U.S.A.O, Northern District of California