A man from Kansas City could be smoked after he was indicted on criminal hacking charges.
Federal prosecutors allege that 31-year-old Nicholas Michael Kloster victimized three local companies in a series of revenge and personal financial gain attacks. He faces one count each of accessing a protected computer without authorization and causing reckless damage during unauthorized access.
How to lose jobs and extort people
According to the feds, Kloster used various nefarious means to access each of the three companies’ systems. The victims range from a gym to a local nonprofit to Kloster’s former employer.
According to the indictment, Kloster fancied himself as something of a gray hat hacker, using illegal means as a way to further his career as a legitimate IT security consultant or provider.
In the case of the gym, it is alleged that Kloster, who was a member at the time, was able to sneak over to a local machine and grant himself credentials for the company network. From there, he is said to have accessed its internal management tools and changed his own membership fee to $1.
This was not an attempt to save a few bucks, but prosecutors say it was an effort to impress the company. After changing his fees, Kloster contacted the company with a notification of his activity and included a copy of his resume and a sales pitch. He would later reference the incident on social media.
It’s fair to say this did not result in the intended career advancement.
Another victim was, in fact, Kloster’s former employer. The indictment alleges that while employed with the organization he used a company credit card to make a number of unauthorized purchases.
One of those purchases was described as a thumb drive equipped with various hacking tools. While the prosecutors did not specify what the tool or the hacking software on it was, there are a number of such commercial hacking suites and bundles which are intended for legal uses, such as pentesting and vulnerability scanning.
In the third incident mentioned in the indictment, Kloster is accused of targeting a non-profit organization by first entering an area closed off to the public and then installing remote access malware on one of its computers.
From there, it is alleged that he created his own administrator accounts and proceeded to change user passwords and grant himself VPN access to the organization’s network. In the aftermath of the attack, prosecutors say that the organization has had to spend more than $5,000 in incident resolution and security services.
Kloster has been arrested, though no court date for trial was given.
