Nicholas Michael Kloster, a 32-year-old man from Kansas City, Missouri, was charged last year with unauthorized access to protected computers, obtaining information, and causing reckless damage during unauthorized access. The bold and unusual methods he used to access the systems of at least three organizations, primarily to promote his own cybersecurity services, have made him somewhat of a funny folk hero here at SparTech Software.
Details of the Crimes
Health Club Incident (April 26, 2024)
His crime spree began in April 2024. Kloster, a member at a health club chain in Kansas and Missouri, entered the premises just before midnight and accessed a company computer. He granted himself network credentials, altered his membership fee to $1, erased his photograph from the system, and gained unauthorized access to the gym’s security cameras. The next day, he emailed the company’s owner, detailing his actions and offering his cybersecurity services, claiming to have helped dozens of businesses in the area.
He later posted a screenshot of the security camera interface on social media with the caption, “How to get a company to use your security service”.
Nonprofit Organization Breach (May 20, 2024)
On May 20, 2024, Kloster snuck into the restricted area of a nonprofit that was not open to the public. Once inside, he accessed a computer connected to the organization’s network. He then used a boot disk (how old was this computer?!?) to bypass security and gain access to multiple user accounts. By doing so, he was able to circumvent the normal password requirements, changing the passwords for one or more users. He then installed a virtual private network (VPN) on the nonprofit’s computer, presumably so he could “break in” to the computer at a later date.
Former Employer Incident
Before these events, Kloster used a company credit card from his previous employer to make unauthorized purchases, including a thumb drive equipped with hacking tools that he presumably hoped would give him superhero-like cybersecurity powers.
Prosecution and Guilty Plea
Alas, all good criminal runs must come to an end. Kloster was indicted in November 2024 by a federal grand jury on charges of unauthorized computer access and causing reckless damage to protected computers. Prosecutors described his actions as “bold rather than sophisticated,” and noted that he targeted organizations in an effort to impress them and advertise his cybersecurity services.
On June 25, 2025, Kloster pleaded guilty to computer hacking. He admitted to causing damage to protected computers and faces a potential sentence of up to five years in federal prison, a $250,000 fine, and three years of supervised release. He has also been ordered to pay restitution to the victims for the damages caused by his actions. (Some earlier reports suggested a possible sentence of up to 15 years, but the most recent court documents and news indicate up to five years is the likely maximum for the plea agreement.)
