Hacker Admits Guilt in Breaching Networks to Sell Security Services
▼ Summary
– A Kansas City man, Nicholas Michael Kloster, pleaded guilty to hacking organizations to advertise his cybersecurity services, as announced by the U.S. Department of Justice.
– Kloster hacked a Missouri health club’s network, accessed security cameras and user accounts, then emailed the owner offering his services while altering his membership details.
– He posted a screenshot on social media showing control over the gym’s security camera system, further demonstrating his unauthorized access.
– Kloster also breached a nonprofit’s systems, used a boot disk to steal sensitive data, installed a VPN, and changed user account passwords.
– He faces up to five years in prison, a $250,000 fine, and restitution for hacking offenses, including using stolen credit cards from a former employer to buy hacking tools.
A Kansas City cybersecurity consultant has admitted to hacking businesses and nonprofits to drum up clients for his services, according to federal prosecutors. The unusual case highlights how some individuals exploit security vulnerabilities not just for financial gain, but to market their own protection services.
Nicholas Michael Kloster, 32, entered a guilty plea this week after being charged with illegally accessing computer networks belonging to multiple organizations last year. Among his targets were a regional gym chain and a Missouri-based nonprofit. Court filings reveal that after breaking into these systems, Kloster directly contacted the victims, offering to fix the very security flaws he had exploited.
One particularly brazen incident involved a health club with locations across Missouri. Kloster infiltrated their network, gaining control over security cameras and router settings. He then emailed the gym’s owner, detailing the breach while pitching his cybersecurity expertise. “If I can access files on a user’s computer, your entire system could be at risk,” he wrote, positioning himself as the solution to the problem he had created.
The hacker didn’t stop there. After compromising the gym’s database, he altered his own membership details, slashing his monthly dues to just $1. He also removed his photo from the system and even took a staff name tag. Later, he flaunted his access by posting screenshots of the gym’s surveillance system on social media.
Kloster’s scheme extended to a nonprofit organization, where he allegedly bypassed authentication protocols using a boot disk. Once inside, he installed a VPN and reset passwords for multiple accounts, further entrenching his unauthorized access. Prosecutors described the nonprofit’s systems as “protected computers” under federal law due to their role in interstate communications.
The case took another turn when investigators uncovered fraudulent credit card purchases tied to Kloster. Authorities say he used stolen company cards from a former employer, who had fired him months earlier, to buy specialized hacking tools. These devices, often called “hacking thumb drives,” are designed to exploit system weaknesses.
Now awaiting sentencing, Kloster could spend up to five years in federal prison without parole. Additional penalties include a potential $250,000 fine, three years of supervised release, and mandatory restitution payments. The case serves as a stark reminder that cybersecurity threats don’t always come from anonymous hackers, sometimes, they arrive with a sales pitch.
(Source: BLEEPINGCOMPUTER)
