Kansas City Man Accused of Exploiting Networks
Nicholas Michael Kloster, a 31-year-old Kansas City resident, has been indicted by the U.S. Department of Justice (DOJ) for allegedly hacking into multiple computer networks to promote his Cybersecurity Consultant services. According to the indictment unsealed last Friday, Kloster breached the systems of a health club business and a nonprofit organization, among other unnamed entities. The FBI has reportedly linked him to at least three hacking incidents targeting different organizations. The DOJ claims Kloster leveraged unauthorized access to networks in an attempt to market his expertise as a cybersecurity consultant, while also causing significant disruption and financial loss to the affected parties.
Health Club Breach and Self-Promotion
The first incident, outlined in the indictment, occurred on April 26, 2024, when Kloster allegedly broke into a health club operating multiple gyms across Missouri. Once inside, he reportedly gained access to the gym’s computer systems by bypassing security camera logins via visible IP addresses and manipulating router settings. Kloster later emailed one of the gym’s owners, boasting about his unauthorized access and offering his services as a security consultant. “If I can reach the files on a user’s computer, it indicates potential for deeper system access,” he allegedly wrote in the email.
In addition to pitching his services, Kloster is accused of tampering with the gym’s membership system to lower his monthly fee to $1, deleting his photograph from the database, and stealing a staff member’s name tag. Weeks later, he reportedly escalated the breach by posting a screenshot of the gym’s security camera system on social media.
Nonprofit Intrusion and Further Allegations
The second incident occurred on May 20, 2024, when Kloster allegedly infiltrated a nonprofit organization. According to the indictment, he accessed a restricted area, used a boot disk to bypass authentication protocols, and installed a virtual private network (VPN) on one of the nonprofit’s computers. He is also accused of changing account passwords, forcing the organization to invest significant resources in remediation and security enhancements. The DOJ estimates Kloster’s actions caused over $5,000 in damages to the nonprofit.
In addition to these breaches, Kloster is accused of using stolen credit card information from a former employer to purchase hacking tools designed to exploit vulnerable systems. If convicted, Kloster could face up to 15 years in prison—five years for unauthorized access and an additional 10 years for reckless damage—alongside fines and restitution for financial losses incurred by the victims. The case highlights by Cybersecurity Consultant growing concerns about cybersecurity threats and the misuse of technical expertise for illicit purposes.
