A hacker has pleaded guilty to cybercrimes he committed when trying to promote his own “cybersecurity business.”
Kansas man Nicholas Michael Kloster, 31, has pleaded guilty to hacking into a non-profit organization following his original indictment in November 2024.
Kloster admitted to using a boot disk to access the organization’s computer through various user accounts.
A boot disk is a storage device like a USB flash drive, CD or DVD, or external hard drive that contains the components necessary to start up (or boot up) a computer’s operating system.
Threat actors could employ a boot disk for malicious purposes, like bypassing security controls on a victim’s systems, installing malware, or stealing sensitive data.
In this case, Kloster used the boot disk to “circumvent the password requirements by changing the password assigned to one or more users,” the Department of Justice (DoJ) said.
Once in the system, Kloster then installed a virtual private network (VPN), presumably to access content on the network remotely.
“Since Kloster’s intrusion into its computer and its network, the company has sustained significant losses in an attempt to remediate the effects of this intrusion,” the DoJ said.
Kloster faces up to five years in prison and a fine of $250,000.
According to the DoJ, Kloster was previously indicted for several crimes involving computer intrusion.
Kloster allegedly breached a business known in court documents as “Company Victim 2,” which operates various gyms.
Previous media reports that Kloster accessed the gym’s computer system, which allowed him to remotely access its security cameras.
While hacking the gym, Kloster supposedly reduced his membership to $1 and removed his image from the health club’s systems.
The hacker allegedly did this to promote his own cybersecurity services and claimed to have helped other businesses in the area, according to Security Week.
Your email address will not be published. Required fields are markedmarked