A Small Mistake Helps the FBI Catch "Dead" Hacker

Prosecutors claim that Jesse Kipf, a hacker with extensive technical knowledge, makes a living by stealing from others (Migshots Zone).

On the morning of January 20, 2023, an account linked to a doctor logged into Hawaii’s electronic death registration system from outside the state to certify the death of a man named Jesse Kipf.

The death certificate cited acute respiratory distress syndrome caused by COVID-19 as the cause of death. With this entry, Kipf’s death was recorded in multiple government databases, according to TechCrunch.

On the same day, a hacker known as FreeRadical posted the forged death certificate on a hacking forum, attempting to profit by selling the vulnerability he exploited to breach the system. "The access level is at medical certification, meaning you can create a death certificate on this panel," FreeRadical wrote.

The hacker included a partial screenshot of the fake certificate in his post, but he made a critical error by failing to remove the alleged person's date of birth from the document and leaving part of the state’s seal visible in the corner of the screenshot.

In Colorado, across the country, Austin Larson, a senior threat analyst at Google-owned cybersecurity firm Mandiant, spotted the post as part of his routine online monitoring of cybercrime forums.

Upon closely examining the poorly cropped screenshot of the fake death certificate, Larson and his team realized it was evidence that FreeRadical had compromised the Hawaii government system.

Just three days after discovering the forum post, Larson notified Hawaii state officials of the security breach in their government systems.

This led to a federal investigation that uncovered the fact that the doctor's account responsible for certifying the death had been accessed by the allegedly deceased Kipf himself. Prosecutors allege that Kipf faked his death to avoid paying around $116,000 in child support to his ex-wife.

Prosecutors described Kipf as a serial hacker with a broad technical knowledge he used to steal from others. But he made several critical mistakes, including using his home internet to connect directly to Hawaii's death registration system, which made it easier for federal agents to trace him back to his home.

According to the investigation, Kipf apparently forgot to use a VPN at least once when accessing Hawaii’s death registration system, exposing his IP address in Somerset, Kentucky, as Larson and court documents noted.

A forged death certificate led to the arrest of Kipf, revealing further investigation into his alleged cyber activities and identity theft schemes (Mandiant).

When the FBI examined Kipf’s devices, they found prior Google searches indicating he had been looking for information on how to avoid child support payments.

The U.S. Department of Justice has charged Kipf with a series of hacking crimes. Prosecutors allege he hacked into computer systems across three states and two companies within the hotel supply chain.

An FBI special agent stated that Kipf had committed credit card fraud to order food through delivery services, leading to his arrest in 2022. He also used fake Social Security numbers to apply for loans, possessed more than 12 driver’s licenses on his computer, and hacked hotel supply companies associated with Marriott.

Kipf likely obtained the credentials used in the Hawaii breach through InfoStealer malware, compromising the computer of an unnamed doctor. He then accessed a Telegram channel for hackers, using the alias GhostMarket09 to operate a credential-stealing service, according to Larson.

"I’d say he was an average hacker,” Larson remarked. “He didn’t seem worried about the consequences, either,” adding, “He was involved in other areas of the criminal community, but his main role was selling credentials to enable other hacks.”

In the end, Kipf was sentenced to 81 months in federal prison.