KANSAS CITY, Mo. – Nicholas Michael Kloster, 32, pleaded guilty today to felony computer intrusion charges after hacking into a local nonprofit’s secured network.
The breach, which occurred on May 20, 2024, involved unauthorized physical access to restricted systems and sophisticated digital exploits, resulting in “significant losses” in remediation efforts.
Unauthorized Physical Access and System Intrusion
Kloster admitted to entering a non-public area of the nonprofit’s premises, where he directly accessed an administrative workstation with elevated network privileges.
Using a bootable USB device (e.g., Hiren’s BootCD), he bypassed authentication protocols to load a preinstallation environment (PE).
This allowed him to reset local account credentials via Windows SAM database manipulation, granting himself persistent access.
Kloster then deployed a Layer 2 Tunneling Protocol (L2TP) VPN to establish covert remote connectivity, embedding backdoor access into the organization’s infrastructure.
Technical Exploitation and Network Compromise
The defendant exploited privilege escalation vulnerabilities to traverse the nonprofit’s Active Directory (AD) domain.
By compromising domain-joined workstations, he extracted Kerberos tickets and harvested credentials through LSASS memory dumping.
Forensic analysis revealed persistence mechanisms, including scheduled tasks (schtasks.exe) and registry run keys (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run).
These actions triggered a NIST SP 800-53 Incident Response protocol, requiring full network segmentation, IOC (Indicator of Compromise) scanning, and system reimaging.
Legal Consequences and Restitution
Kloster faces up to five years’ imprisonment under 18 U.S.C. § 1030(a)(5)(B) for “reckless damage to a protected computer,” alongside a $250,000 fine and mandatory restitution.
The U.S. Probation Office will conduct a PSR (Presentence Investigation Report) assessing CVE-based exploit impact scoring before sentencing.
Assistant U.S. Attorneys Nicholas Heberle and Patrick D. Daly emphasized that “bypassing authentication controls to implant remote-access tools constitutes felony cyber intrusion, regardless of motive.”
The joint FBI–Kansas City PD investigation underscores rising threats to nonprofit digital infrastructure.
Remediation costs included SANS FOR508-level forensic analysis and NIST CSF (Cybersecurity Framework) realignment, highlighting critical gaps in physical access controls and endpoint detection and response (EDR) configurations.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1)%20(1).webp?resize=1600,900&ssl=1&description=The breach, which occurred on May 20, 2024, involved unauthorized physical access to restricted systems and the use of sophisticated digital exploits.){kind=link}