Kansas Man Faces Federal Charges Over Water Treatment Hack

Critical Infrastructure Security, Cybercrime, Fraud Management, and Cybercrime

DOJ: Wyatt Travnichek allegedly accessed the cleaning and disinfection system

Prajeet Nair (@prajeetspeaks) •
April 2, 2021

This is the website of the Ellsworth County Rural Water District in Kansas. According to the Ministry of Justice, the facility was attacked in 2019.

A Kansas man is charged, according to the US Department of Justice, of allegedly accessing the network of a local water treatment plant and tampering with the systems that control the cleaning and disinfection processes for local water sources.

See also: Live webinar | Attacks on the cloud infrastructure

Wyatt Travnichek, 22, of Ellsworth County, Kansas, was charged with tampering with a public water system and a number of reckless damage to a protected computer during unauthorized access, according to the Kansas District Attorney’s Office. that monitors the case. Travnichek is a former employee of the facility.

Travnichek was summoned after the charges were overturned by federal prosecutors this week and is due to appear in court for the first time on April 22, according to records in the case.

The most serious of the two charges – tampering with a public water system – carries a possible 20-year prison term and a $ 250,000 fine, the Justice Department notes. The charge of tampering with a protected computer is punishable by up to five years in prison.

In March 2019, Travnichek remotely accessed the Ellsworth County’s rural water district network in Kansas, allegedly attempting to disrupt the facility’s system that controls the cleaning and disinfection processes for the area’s water supply under the indictment.

“By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community,” said Lance Ehrig, the special agent for the Kansas Environmental Protection Agency who helped investigate the case.

Travnichek’s indictment follows a similar incident in February in Florida in which an unknown attacker or attackers obtained remote access to the Oldsmar city water treatment plant network and attempted to increase the amount of caustic in the water system. The attack was foiled (see: Hacker breached Florida City’s water treatment system).

A lawyer for Travnichek could not be reached immediately for comment on Friday.

Attempted attack

Neither the Justice Department nor the indictment provide much detail on the 2019 incident that led to the indictments against Travnichek.

The indictment states that the Ellsworth County Rural Water District, also known as the Post Rock Rural Water District, serves approximately 1,500 retail customers and 10 wholesale customers in eight counties of Kansas.

In addition to the water supply, according to the indictment, the facility is responsible for cleaning and disinfecting the customers’ drinking water.

Travnichek worked at the facility between January 2018 and January 2019. His duties included logging into the Post Rock computer system remotely in order to monitor the facility for hours, the indictment said.

On March 27, 2019, Post Rock reported what the federal prosecutor described as “unauthorized entry into the distance, resulting in the shutdown of the facility’s processes”. During this time, according to the Justice Department, Travnichek allegedly accessed the facility’s cleaning and disinfection system and attempted to shut down those processes.

The federal prosecutor’s office did not specify which remote access tool or tools Travnichek allegedly used to gain access to the network, or whether his old credentials were sufficient to allow him access to the systems.

Mike Hamilton, former vice chairman of the Coordinating Council of the Department of Homeland Security’s state, local, tribal and territorial government, says the information released so far about the case does not indicate whether the suspect in the case was a skilled assailant or causing harm a former employee trying to create a problem for his previous employer.

“I would point out that we don’t all have the facts, and it’s also possible that this could have been an occasional crime, much like the Oldsmar did [Florida] It is believed to be a water incident, “says Hamilton, now CI Security’s CISO.” The fact that Travnichek “allegedly shut down certain processes” does not suggest knowledge of the implications of the actions and does not indicate premeditation. Either it’s a domestic terrorist who had a problem with the government or a somewhat seasoned opportunist who got access and made random changes. “

Florida incident

In the case, which is still under investigation in Florida, local law enforcement officials believe the attacker or attackers used TeamViewer to gain remote access to the facility’s network. Remote access and desktop sharing tools like TeamViewer have previously been exploited by social engineering attacks and phishing campaigns that stole user credentials, according to the U.S. agency for cybersecurity and infrastructure security, which oversees the country’s critical infrastructure, including Water treatment plants (see: 5 critical questions raised by Hack the water treatment plant).

It remains unclear whether TeamViewer was used by the IT or security teams at the Florida plant, or whether an administrator or employee installed the software without authorization.

The initial investigation also found that the computers at the Florida plant were reportedly networked to the surveillance and data acquisition system (also known as SCADA) and were running outdated 32-bit versions of Windows 7 (see: Florida Water Hack City: Bad IT) security exposed).

After the attack, CISA warned operators of other facilities to look out for hackers exploiting remote access software and outdated operating systems – and to take steps to mitigate the risk.

Executive Editor Scott Ferguson contributed to this report.

You might also like

Comments are closed.