Late yesterday afternoon the United States Attorney, in the District of Kansas formally announced the Indictment of WYATT TRAVNICHEK for the March 27, 2019 hack of Ellsworth County Rural Water District
As noted in the Department of Justice’s OPA-Release - which reads in part:
“Our office is committed to maintaining and improving its partnership with the state of Kansas in the administration and implementation of the Safe Drinking Water Act of 1974…Drinking water that is considered safe is essential to the protection of the public’s health.” -Acting U.S. Attorney Duston Slinkard.
The DOJ-OPA further stated:
“By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community…EPA and its law enforcement partners are committed to upholding the laws designed to protect our drinking water systems from harm or threat of harm. Today’s indictment sends a clear message that individuals who intentionally violate these laws will be vigorously prosecuted.” -Lance Ehrig, Special Agent in Charge of EPA’s Criminal Investigation Division in Kansas
I suppose you’d like to read the indictment? - this is when access to the terminal comes in handy because good luck trying to find this indictment
For the record this is when reading/accessing the original source documents helps to fully understand the totality of TRAVNICHEK‘s unlawful actions and potential devastating consequences - especially as it relates to the “insider threat”
Post Rock is located in Ellsworth County, Kansas. It’s core mission is a public water system, which served over 1,500 retail customers1 and 10 wholesale customers spanning eight (mainly rural) Kansas counties.
What the DOJ-OPA neglects to tell you is TRAVNICHEK was a former employee of Post Rock, but more importantly that he resigned in January 2019. Part of his responsibilities as an employee of Post Rock - hence my invocation of “insider threat” - I know refer you to page 2 -paragraph 7 of the indictment;
“…defendant was periodically tasked with remotely logging into the Post Rock computer system to monitor the plant after hours…”
Count One of the Indictment
Charges TRAVNICHEK with violating 40 U.S.C. §300i-1(a) - Tampering with public water systems - Tampering with a Public Water System punishable: Up to 20 years in federal prison and a fine up to $250,000.
“….he logged in remotely to Post Rock Rural Water District’s computer system and performed activities that shut down processes at the facility which affect the facility’s cleaning and disinfecting procedures with the intention of harming the Ellsworth County Rural Water District No. 1…”
Count two of the indictment
Charges TRAVNICHEK with violating 18 U.S.C. § 1030(a)(5)(B), 1030(c)(4)(A), and 2 - Reckless Damage to a Protected Computer During Unauthorized Access punishable: Up to 5 years in federal prison and a fine up to $250,000.
“…intentionally accessed a protected computer without authorization, and as a result of such conduct, recklessly caused damage to Ellsworth County Rural Water District No. 1, also known as Post Rock Rural Water District, that is shutting down the Post Rock facilities, and the offense caused or would, if completed, have caused: (a) a threat to public health and safety; and (b) loss to a person during a one-year period from the defendant’s course of conduct affecting a protected computer aggregating at least $5,000 in value”
I suppose the next logical questions would be:
…is this really considered a “hack” versus an insider threat who used their previous log-in credentials to (albeit) unlawfully access the computers?
…as Post Rock updated their cyber-security plan?
…what is the reasoning for not immediately revoking TRAVNICHEK’s network access credentials?
Here I uploaded the indictment to my public drive - now if you’ll excuse me I must return to my very busy job of shoving bonbons into my calorie hole. Incidentally I think my industry will now fully embrace remote depositions because ironically they are huge time savers and are have reduced time and travel cost. So yes thanks COVID-19 …it’s been over one year since I’ve actually worked (on-site) at my employers multiple DMV (DC MD VA) offices. -Filey
ps I lurves the schedule publication of Substack - it helps with my time management and I can set times during my otherwise busy schedule of bean flicking and bonbon consumption //snort
I knew it!! I told my hubs it had to be someone that knew their way around the system to begin with! I worked for UPS, I worked from home due to an injury. Within 30 mins of my ltd approval, they had my badge deactivated, and all of my user accesses revoked... wth is wrong with them...
He needs to get the maximum time. Full stop. No exceptions. An example must be made.
I knew it!! I told my hubs it had to be someone that knew their way around the system to begin with! I worked for UPS, I worked from home due to an injury. Within 30 mins of my ltd approval, they had my badge deactivated, and all of my user accesses revoked... wth is wrong with them...