Kansas City hacker used computer intrusion to pitch his own security services: prosecutors
A 31-year-old Kansas City man charged with hacking into computer systems at an area nonprofit and a health club allegedly used his efforts to pitch his security services to the health club owner, federal prosecutors said.
Employees also noticed the man’s gym membership fee had been changed to $1.
A grand jury in U.S. District Court for the Western District of Missouri in Kansas City returned an indictment against Nicholas Michael Kloster. He was arrested Friday, according to court records.
Kloster was charged with one count of accessing a protected computer without authorization and obtaining information, and one count of reckless damage to a protected computer during unauthorized access.
After going to an unnamed health club location in April, Kloster allegedly emailed one of the business’s owners the following day saying, “I managed to circumvent the login for the security cameras by using their visible IP addresses… I also gained access to the GoogleFiber Router settings, which allowed me to use [redacted] to explore user accounts associated with the domain… If I can reach the files on a user’s computer, it indicates potential for deeper system access.”
He said he’d helped other businesses in the Kansas City metro and passed along a resume, prosecutors said.
Staff found his monthly gym fee had been reduced to $1 and his photo had been erased from the gym’s network. Employees also determined he had stolen a staff nametag.
A few weeks after the intrusion, Kloster allegedly posted an image on social media that appeared to show him with control of security cameras at the company using his computer, prosecutors said. Text on the screen reportedly said, “how to get a company to use your security service.”
Kloster also allegedly went to the location of an unnamed nonprofit based in Kansas City in May, accessed a computer there, changed the password assigned to one or more users of the machine and installed a virtual private network on the computer, prosecutors alleged.
Officials said the group suffered losses of more than $5,000 trying to fix the issues the intrusion caused.
Kloster was hired by a Kansas City company in March and was fired a few weeks later after he allegedly used a company credit card to make personal purchases, including a thumb drive touted as a means for hacking into computers, according to court documents.
In an email to The Star, Kloster said the purchases were made for company purposes, and that he turned the items in to the company’s CEO after concerns were raised about them.
He also said his background includes 8 years in the Army, studies through the Department of Defense’s Cyber Crime Center and volunteer work deploying to disaster areas.
“Throughout my career, I’ve actively reported multiple critical infrastructure vulnerabilities to both the FBI and [the Cybersecurity and Infrastructure Security Agency], demonstrating my ongoing commitment to national security,” he said.
This story was originally published November 22, 2024 at 5:20 PM.
