A Kansas Metropolis man has been indicted for allegedly hacking into pc networks and utilizing this entry to advertise his cybersecurity providers.
In response to the Division of Justice, Nicholas Michael Kloster, 31, of Kansas Metropolis, Missouri, breached two pc networks, a well being membership enterprise and a nonprofit group.
In response to the indictment unsealed on Friday, Kloster had been concerned in at the very least three incidents investigated by the FBI towards an equal variety of organizations not named within the doc.
The primary incident occurred on April 26, 2024, round midnight, when Kloster breached the premises of a well being membership that operates a number of gyms within the state and gained entry to its techniques.
Subsequent, he despatched an e mail to one of many gymnasium’s house owners claiming he had hacked their computer systems and promoted his providers in the identical message, apparently looking for to get employed by the corporate for safety consulting providers.
“I managed to circumvent the login for the security cameras by using their visible IP addresses. I also gained access to the GoogleFiber Router settings, which allowed me to use [redacted] to explore user accounts associated with the domain,” reads the e-mail shared within the indictment.
“If I can reach the files on a user’s computer, it indicates potential for deeper system access.”
Along with the contracting proposal to the gymnasium proprietor, the U.S. Division of Justice says Kloster diminished his month-to-month gymnasium membership price to simply $1, deleted his {photograph} from the gymnasium’s database, and stole a workers member’s title tag.
Weeks later, the suspect posted a screenshot on social media exhibiting the gymnasium’s safety digital camera system beneath his management.
Later, on Might 20, the indictment says Kloster bodily breached a nonprofit group and accessed a restricted space the place he used a boot disk to bypass authentication necessities and achieve entry to delicate data.
Kloster allegedly put in a digital personal community (VPN) on the nonprofit’s pc and adjusted account passwords.
The DOJ says his actions precipitated an estimated information of $5,000 to the nonprofit, which needed to remediate the intrusion and safe their techniques following Kloster’s intrusion.
Lastly, Kloster is accused of utilizing stolen bank card data from his former employer, a 3rd firm, to buy ‘hacking thumb drives’ designed to use susceptible techniques.
If confirmed responsible, Kloster might face sentences of as much as 15 years in jail (5 years for unauthorized entry + 10 years for reckless injury), fines, and restitution to the victims for monetary losses.
