Federal prosecutors have indicted a Kansas man for allegedly logging right into a computer system at a public water system and tampering with the method for cleansing and disinfecting clients’ ingesting water.
An indictment filed in US District Court for the District of Kansas mentioned Wyatt A. Travnichek, 22, of Ellsworth County, Kansas, was an worker from January 2018 to January 2019 at the Ellsworth County Rural Water District No. 1. Also referred to as the Post Rock Water District, the power serves greater than 1,500 retail clients and 10 wholesale clients in eight Kansas counties. Part of Wyatt’s tasks included remotely logging into the water district’s computer system to watch the plant after-hours.
Logging in with dangerous intent
In late March 2019, Wednesday’s indictment mentioned, Post Rock skilled a distant intrusion to its computer system that resulted within the shutdown of the power’s processes for making certain water is secure to drink.
“On or about March 27, 2019, in the District of Kansas, the defendant, Wyatt Travnichek, knowingly tampered with a public drinking water system, namely the Ellsworth County Rural Water District No. 1,” prosecutors alleged. “To wit: he logged in remotely to Post Rock Rural Water District’s computer system and performed activities that shut down processes at the facility which affect the facility’s cleaning and disinfecting procedures with the intention of harming the Ellsworth County Rural Water District No. 1.”
The allegations come seven weeks after authorities in Oldsmar, Florida, mentioned somebody broke into the computer system of a municipal water remedy plant and tried to poison drinking water for the municipality’s roughly 15,000 residents.
The intruder modified the extent of sodium hydroxide within the water to 11,100 elements per million, a major improve from the conventional quantity of 100 ppm. Better referred to as lye, sodium hydroxide is utilized in small quantities to deal with the acidity of water and to take away metals. At increased ranges, the corrosive is poisonous.
An operator at the water facility shortly found the change and reversed it. Had the change not been detected, it could have raised the extent of lye to poisonous ranges. Even then, the authorities mentioned the power had a number of measures in place to stop the contaminated water from being made obtainable to residents. Nonetheless, the incident underscored the potential for such intrusions to have deadly penalties.
An advisory from officers in Massachusetts later mentioned that the Oldsmar facility used an unsupported model of Windows with no firewall and shared the same TeamViewer password amongst its staff. The staff used the distant software program to entry plant controls referred to as a SCADA—brief for “supervisory control and data acquisition”—system.
Wednesday’s indictment didn’t say how Wyatt allegedly gained entry to the Post Rock facility. His prior place as a facility worker who remotely logged into the water district’s computer system regularly leaves open the chance that water officers there additionally did not safe credentials by not closing Wyatt’s distant entry account after he left. No one at the power was obtainable to take questions for this publish.
The indictment expenses Wyatt with one depend of tampering with a public water system and one depend of reckless injury to a protected computer throughout unauthorized entry. If convicted, he faces a most sentence of 25 years in jail and $500,000 in fines. Attempts to succeed in Wyatt for remark weren’t profitable.