cybersecurity

Kloster allegedly entered the premises of a business, identified in court documents as Company Victim 2, which operates multiple health clubs in Kansas and Missouri, shortly before midnight on April 26, 2024. The following day, Kloster sent an email to one of the owners of Company Victim 2, claiming that he had gained access to the computer system. Kloster also claimed to have “assisted over 30 small to medium-sized industrial businesses in the Kansas City, Missouri area” and attached a copy of his resume.

Following Kloster’s intrusion, the indictment says, employees with Company Victim 2 noted that Kloster’s monthly gym membership fee was reduced to $1, that his photograph was erased from the gym’s network, and determined that Kloster stole a gym staff nametag. A few weeks later, Kloster posted an image to a social media profile which appeared to be a screen capture of his desktop showing control of the security cameras for Company Victim 2, with a chatbox window with the message “how to get a company to use your security service.”

The federal indictment also charges Kloster with one count of causing reckless damage to a protected computer during unauthorized access.

Kloster allegedly entered the premises of a nonprofit corporation, identified in court documents as Company Victim 3, on May 20, 2024. Kloster entered an area that is not available to the public and accessed a computer with access to the company’s network. Kloster utilized a boot disk, the indictment says, which enabled him to access Company Victim 3’s computer through multiple user accounts. By accessing Company Victim 3’s computer in such a manner, the indictment says, the use of this boot disk enabled Kloster to circumvent the password requirements on Company Victim 3’s computer and change the password assigned to one or more of the users of Company Victim 3’s computer. Kloster was able to install a virtual private network on this computer. Since Kloster’s intrusion into its computer and its network, Company Victim 3 has sustained losses in excess of $5,000 in an attempt to remediate the effects from this intrusion.

In addition to these two victims, the indictment refers to a third victim, identified in court documents as Company Victim 1. According to the indictment, Kloster was employed by Company Victim 1 in March and April 2024. Kloster allegedly used a company credit card to make numerous personal purchases, including a thumb drive that was advertised as a means to hack into vulnerable computers.