According to a recent report, federal prosecutors have indicted a Kansas man for allegedly accessing the computer system of the public water system and altering the process for cleaning customers’ drinking water. The man, a former employee of the treatment plant, allegedly shut down processes that would impact the cleaning and disinfecting procedures of the plant.
Ars Technica reports that an indictment filed in U.S. District Court for the District of Kansas stated that Wyatt A. Travnichek, 22, of Ellsworth County, Kansas was employed between January 2018 and January 2019 at the Ellsworth County Rural Water District No. 1 and allegedly tampered with a public water system.
Prosecutors allege: “On or about March 27, 2019, in the District of Kansas, the defendant, Wyatt Travnichek, knowingly tampered with a public drinking water system, namely the Ellsworth County Rural Water District No. 1. To wit: he logged in remotely to Post Rock Rural Water District’s computer system and performed activities that shut down processes at the facility which affect the facility’s cleaning and disinfecting procedures with the intention of harming the Ellsworth County Rural Water District No. 1.”
The allegations come seven weeks after it was discovered that a different water treatment plant computer system had been accessed and someone had attempted to poison drinking water.
It was reported at the time that the hacker gained access to a program intended to allow water treatment operators in Oldsmar to troubleshoot problems with the treatment systems. The program gives authorized users full remote access to the plant.
The water treatment plant itself reportedly left common remote control software on critical system computers and never even bothered to change the password.
According to an official cybersecurity advisory about the incident from the state of Massachusetts, the SCADA control system was accessed by the commercial remote desktop application TeamViewer, which is regularly used by IT professionals to remotely troubleshoot computer issues.
The report also states: “Further, all computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed.”
The hacker changed the level of sodium hydroxide in the water to 11,100 parts per million, a huge increase from the normal amount of 100 ppm. Sodium hydroxide is better known as lye and is used in small amounts to treat the acidity of water and remove metals, at higher levels it is extremely toxic.
Read more at Ars Technica here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address firstname.lastname@example.org