A hacker who impersonated a doctor and faked his own death is now behind bars. Jesse Kipf, 39, was sentenced to nearly seven years in jail by a US District Judge after being found guilty of computer fraud and aggravated identity theft.
According to a statement from the Eastern District Court of Kentucky, Kipf hacked into the Hawaii Death Registry System and created a false death certificate to avoid paying $116,000 in child support. The United States Attorney’s Office revealed that Kipf used the username and password of another physician residing out of state to gain access to the registry.
Once inside the system, Kipf created a “case” for his own death and filled out the accompanying State of Hawaii Death Certificate Worksheet. After completing the task, Kipf signed off on the bogus certificate, rendering him officially dead in multiple government databases.
A dark net conspiracy
In addition to faking his death, Kipf used the stolen login credentials to access “private business networks, and governmental and corporate networks.” The USAO claims that Kipf “tried to sell access to these networks to potential buyers on the dark net.”
A breach uncovered
Kipf’s ruse came to an end in March 2023 when Hawaii’s Department of Health was notified of a breach by cybersecurity firm Mandiant. According to Mandiant, they had been tipped off that the credentials of a medical death certificate account had been sold on the dark net. Mandiant stated that while the credentials were genuine, the person they belonged to had left the job in 2021.
“Working in collaboration with our law enforcement partners, this defendant who hacked a variety of computer systems and maliciously stole the identities of others for his gain, will now pay the price,” said Michael E. Stansbury, Special Agent in Charge at the FBI’s Louisville Field Office.
“This scheme was a cynical and destructive effort, based in part on the inexcusable goal of avoiding his child support obligations,” commented Carlton S. Shier, IV, United States Attorney for the Eastern District of Kentucky. “This case is a stark reminder of how damaging criminals with computers can be, and how critically important computer and online security is to us all.”
“Fortunately, through the excellent work of our law enforcement partners, this case will serve as a warning to other cyber criminals, and he will face the consequences of his disgraceful conduct,” Shier added.
Assistant U.S. Attorney Kathryn M. Dieruf revealed that in addition to selling at least one company’s hacked databases to Russian buyers, Kipf was also reportedly offering lessons on how to access death registry systems. Court documents state that Kipf had also sold the stolen data to buyers in Algeria and Ukraine.
During the sentencing, Dieruf urged the judge to use Kipf as a warning to others who may attempt similar crimes. “Similarly situated individuals must see the real danger they present to victims and be deterred from engaging in online criminal conduct by the fear of punishment,” she wrote.
Justice served
According to federal law, Kipf “must serve 85 percent of his prison sentence.” The total amount of damages caused by Kipf, plus the amount he owes in child support, comes to $195,758.65.
This case underscores the importance of robust cybersecurity measures and serves as a reminder of the severe consequences that await those who exploit digital systems for personal gain.