A Kansas Metropolis man has been indicted for allegedly hacking into pc networks and utilizing this entry to advertise his cybersecurity companies.
In response to the Division of Justice, Nicholas Michael Kloster, 31, of Kansas Metropolis, Missouri, breached two pc networks, a well being membership enterprise and a nonprofit group.
In response to the indictment unsealed on Friday, Kloster had been concerned in not less than three incidents investigated by the FBI towards an equal variety of organizations not named within the doc.
The primary incident occurred on April 26, 2024, round midnight, when Kloster breached the premises of a well being membership that operates a number of gyms within the state and gained entry to its techniques.
Subsequent, he despatched an electronic mail to one of many fitness center’s homeowners claiming he had hacked their computer systems and promoted his companies in the identical message, apparently in search of to get employed by the corporate for safety consulting companies.
“I managed to bypass the login for the safety cameras by utilizing their seen IP addresses. I additionally gained entry to the GoogleFiber Router settings, which allowed me to make use of [redacted] to discover consumer accounts related to the area,” reads the e-mail shared within the indictment.
“If I can attain the recordsdata on a consumer’s pc, it signifies potential for deeper system entry.”
Along with the contracting proposal to the fitness center proprietor, the U.S. Division of Justice says Kloster decreased his month-to-month fitness center membership charge to only $1, deleted his {photograph} from the fitness center’s database, and stole a workers member’s identify tag.
Weeks later, the suspect posted a screenshot on social media displaying the fitness center’s safety digital camera system below his management.
Later, on Could 20, the indictment says Kloster bodily breached a nonprofit group and accessed a restricted space the place he used a boot disk to bypass authentication necessities and achieve entry to delicate info.
Kloster allegedly put in a digital non-public community (VPN) on the nonprofit’s pc and adjusted account passwords.
The DOJ says his actions prompted an estimated knowledge of $5,000 to the nonprofit, which needed to remediate the intrusion and safe their techniques following Kloster’s intrusion.
Lastly, Kloster is accused of utilizing stolen bank card info from his former employer, a 3rd firm, to buy ‘hacking thumb drives’ designed to take advantage of susceptible techniques.
If confirmed responsible, Kloster may face sentences of as much as 15 years in jail (5 years for unauthorized entry + 10 years for reckless harm), fines, and restitution to the victims for monetary losses.