Dec 01, 2024

KC man accused of hacking computers of health club business

Posted Dec 01, 2024 11:00 PM

KANSAS CITY– A Kansas City man has been indicted by a federal grand jury for hacking into the computer systems at an area nonprofit and a health club business, according to the United State's Attorney.

Nicholas Michael Kloster, 31, was charged in a two-count indictment returned under seal by a federal grand jury in Kansas City. That indictment was unsealed and made public following Kloster’s arrest and initial court appearance.

The federal indictment charges Kloster with one count of accessing a protected computer without authorization and obtaining information.

Kloster allegedly entered the premises of a business, identified in court documents as Company Victim 2, which operates multiple health clubs in Kansas and Missouri, shortly before midnight on April 26, 2024. The following day, Kloster sent an email to one of the owners of Company Victim 2, claiming that he had gained access to the computer system. Kloster also claimed to have “assisted over 30 small to medium-sized industrial businesses in the Kansas City, Missouri area” and attached a copy of his resume.

Following Kloster’s intrusion, the indictment says, employees with Company Victim 2 noted that Kloster’s monthly gym membership fee was reduced to $1, that his photograph was erased from the gym’s network, and determined that Kloster stole a gym staff nametag. A few weeks later, Kloster posted an image to a social media profile which appeared to be a screen capture of his desktop showing control of the security cameras for Company Victim 2, with a chatbox window with the message “how to get a company to use your security service.”

The federal indictment also charges Kloster with one count of causing reckless damage to a protected computer during unauthorized access.

Kloster allegedly entered the premises of a nonprofit corporation, identified in court documents as Company Victim 3, on May 20, 2024. Kloster entered an area that is not available to the public and accessed a computer with access to the company’s network. Kloster utilized a boot disk, the indictment says, which enabled him to access Company Victim 3’s computer through multiple user accounts. By accessing Company Victim 3’s computer in such a manner, the indictment says, the use of this boot disk enabled Kloster to circumvent the password requirements on Company Victim 3’s computer and change the password assigned to one or more of the users of Company Victim 3’s computer. Kloster was able to install a virtual private network on this computer. Since Kloster’s intrusion into its computer and its network, Company Victim 3 has sustained losses in excess of $5,000 in an attempt to remediate the effects from this intrusion.

In addition to these two victims, the indictment refers to a third victim, identified in court documents as Company Victim 1. According to the indictment, Kloster was employed by Company Victim 1 in March and April 2024. Kloster allegedly used a company credit card to make numerous personal purchases, including a thumb drive that was advertised as a means to hack into vulnerable computers.

The charges contained in this indictment are simply accusations, and not evidence of guilt. Evidence supporting the charges must be presented to a federal trial jury, whose duty is to determine guilt or innocence.

This case is being prosecuted by Assistant U.S. Attorneys Patrick Daly and Nicholas Heberle. It was investigated by the FBI and the Kansas City, Mo., Police Department.