Hacker Pleads Guilty to Breaching Company Networks to Pitch His Own Services
A shocking turn of events has come to light in the case of Nicholas Michael Kloster, a 32-year-old Kansas City resident who has pleaded guilty to breaching multiple organizations' networks in an attempt to promote his own cybersecurity services. Kloster's cybercrime spree, which began in 2024, targeted three distinct entities, including a health club and a Missouri nonprofit organization.
Kloster's modus operandi involved emailing business owners claiming responsibility for the attacks on their systems, only to offer consulting services to prevent future cyberattacks. In one particularly brazen incident, Kloster accessed a gym's systems by breaching a restricted area, manipulating the system to remove his own photo from the member database, and reducing his monthly membership fee to $1.
In another separate incident, Kloster used a boot disk to bypass authentication into a nonprofit's systems, stealing sensitive data, installing a VPN, and changing user passwords. The consequences of this breach were severe, with the company suffering significant losses in an attempt to remediate the effects from the intrusion, according to a press release from the US Attorney's Office of Western District of Missouri.
Furthermore, Kloster's actions went as far as stealing credit card data from his former employer, using it to purchase hacking tools, including a thumb drive advertised as a tool for hacking into vulnerable computers. This heinous act followed Kloster being fired from the company in April 2024.
The Attorney's Office has stated that Kloster's actions deserve him up to five years' imprisonment in federal prison without parole, a fine of up to $250,000, up to three years of supervised release, and an order of restitution. A jury will decide the exact consequences he will face, but the involvement of the FBI suggests that Kloster could face serious punishments.
In this case, it is clear that Kloster's actions were driven by a desire for financial gain, rather than any genuine interest in improving cybersecurity. His attempts to promote his own services through illicit means have resulted in significant losses for the organizations he targeted and severe consequences for himself.