Man charged for hacking Kansas water utility with intent to harm public
Catalin Cimpanu March 31, 2021

Man charged for hacking Kansas water utility with intent to harm public

Man charged for hacking Kansas water utility with intent to harm public

The US Department of Justice has indicted today a Kansas man on charges of hacking into the computer system of a local water utility and trying to sabotage water processing operations with the intent to harm the local public.

According to court documents, the incident took place on March 27, 2019, and involved Wyatt Travnichek, 22, of Ellsworth County, Kansas.

DOJ officials claim that Travnichek hacked into the computer network of the Ellsworth Rural Water District No. 1, also known as Post Rock Rural Water District, where he “performed activities that shut down the processes at the facility which affect the facilities cleaning and disinfecting procedures with the intention of harming the Ellsworth Rural Water District No. 1.”

The court documents don’t say if Travnichek’s attack was successful or how it was detected; however, officials said that the suspect worked for the water district for a year, from January 2018 to January 2019, when he resigned.

“By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community,” said Lance Ehrig, Special Agent in Charge of EPA’s Criminal Investigation Division in Kansas.

“EPA and its law enforcement partners are committed to upholding the laws designed to protect our drinking water systems from harm or threat of harm. Today’s indictment sends a clear message that individuals who intentionally violate these laws will be vigorously prosecuted.”

Suspect faces up to 25 years in prison

If found guilty, Travnichek risks up to five years in prison and a fine of up to $250,000 for computer hacking charges, and up to 20 years in prison and a fine of up to $250,000 for tampering with a public water system.

Travnichek’s indictment comes almost two months after a similar incident was reported in Oldsmar, Florida, a city in Tampa’s metropolitan area.

Days before the Super Bowl LV game was set to be played in Tampa, a yet-to-be-identified hacker similarly broke into the Oldsmar water treatment plant’s computer network via its TeamViewer remote management software and attempted to poison the water by adding extra sodium hydroxide (lye) into the water treatment process.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.