Hacker Jesse Kipf hoped that COVID-19 would save him from the FBI

[Friend]

In October, hacker Jesse Kipf was arrested, accused of breaching the cybersecurity of several commercial companies and US health care systems. According to researchers, Kipf forged his death certificate to avoid punishment.

Initially, Kipf hacked into the networks of Guest-Tek Interactive Entertainment and Milestone Inc., which provide Internet services to guests of the Marriott hotel chain. This happened on February 12 and June 21, respectively, according to the Eastern District of Kentucky Prosecutor's Office.

According to police reports, Kipf sold the personal data of Marriott customers on a Russian forum. The charge includes identity theft, internet fraud and hacking of large organizations, including government ones.

Kipf was tracked by his personal IP address, which he used to access the Hawaii Department of Health's death registration system in January 2023. This is one of the resources in which the man, apparently, planned to record his death: government agencies in Connecticut, Vermont, Arizona, Tennessee and other states were also hacked.

Vermont officials told the FBI that a death certificate in Kipf's name was registered in their systems in May. However, a spokesman for the state health department assures reporters that no data was stolen.

As the cause of death in the fake certificate, the man indicated COVID-19. He subsequently decided to sell access to the hacked resources.

Kipf himself claims that he only tested government servers for vulnerabilities - all except Hawaiian.

• Source: https://www.justice.gov/usao-edky/case/united-states-v-jesse-e-kipf

• Source: https://www.justice.gov/d9/2023-11/Kipf Indictment.pdf

--------------------

On August 20, in the American city of London, Kentucky, a 39-year-old Somerset resident, Jesse Kipf, was sentenced to 81 months (6.75 years) in prison for computer fraud and identity theft. Kipf pleaded guilty to illegally gaining access to the Hawaii State Death Registration Computer System in January 2023.

Using the credentials of a doctor from another state, the defendant created a fictitious case about his death. After that, Kipf filled out a questionnaire for a death certificate and even digitally signed it by the same doctor in order to be registered as deceased in various government databases. One of the reasons for his actions was evasion of child support.

In addition, Kipf hacked into death registration systems in other states, and also penetrated the networks of private companies and government organizations. Using the stolen data, he tried to sell access to these networks on the dark web, which is often associated with illegal goods and services.

The United States Attorney for the Eastern District of Kentucky, Carlton Shier IV, called the scheme tactless and cynical, noting that such crimes underscore the importance of computer security. He also added that this case will be a warning to other cybercriminals.

Michael E. Stansbury, the FBI's special agent in Louisville, stressed that victims of identity theft can face lifelong consequences, and the FBI will prosecute those who commit such crimes.

Under federal law, Kipf is required to serve at least 85% of his sentence in prison. After his release, he will be closely monitored for another three years. The damage caused to state and corporate computer systems, as well as unpaid alimony, amounted to almost 196 thousand dollars.

This case clearly demonstrates that attempts to evade responsibility by resorting to cybercrimes can lead to much more serious consequences than those that tech-savvy computer users usually try to avoid. The technologies used by attackers to deceive inevitably backfire, highlighting the importance of digital security and the need for strict measures to protect personal data.

• Source: https://www.justice.gov/usao-edky/p...cyber-intrusion-and-aggravated-identity-theft

 

[Friend]

A 39-year-old man from Kentucky was sentenced to 81 months (almost 7 years) in prison for identity theft and hacking into a state registry in order to fake his own death. In this way, he hoped to avoid paying alimony in the amount of about $116,000.

According to the U.S. Department of Justice, last year, Jesse Kipf hacked into Hawaii's death registration system using credentials stolen from an unnamed doctor. After the break-in, Kipf declared himself dead to avoid paying child support.

"In January 2023, Kipf gained access to the death registration system in Hawaii using the username and password of a doctor living in another state, and opened a 'case' about his death," law enforcement officers say. "Kipf then filled out the Hawaii State Death Certificate form, appointed himself as a medical examiner in the case, and witnessed his own death using the doctor's [stolen] digital signature."

As a result, Kipf began to appear in the US government databases as dead, which effectively canceled his outstanding alimony obligations. However, he did not stop there and for several months implemented the same scheme, hacking state registries in the states of Arizona and Vermont, as well as "private business networks, government and corporate networks", using credentials that he "stole from real people." He then tried to sell access to compromised networks on the dark web.

In particular, it is reported that Kipf compromised two companies that provide services for hotels (Guest-Tek Interactive Entertainment Ltd. and Milestone, Inc.) in order to steal more data from them for sale on the dark web.

Investigators also found evidence of other fraudulent schemes on Kipf's devices, including databases with social security numbers and medical records, "which he sold to international buyers, including individuals from Algeria, Russia and Ukraine."

In addition, it is reported that he used a fake social security number to open a credit and debit account at an unnamed financial institution and tried to "live under a new identity."

The FBI investigators who led the investigation comment that "the defendant, who hacked into multiple computer systems and intentionally stole someone else's personal data for his own gain, will now pay the price."

In the end, Kipf admitted that his activity was aimed at evading child support, but this happened after investigators seized his devices, including memory cards, external hard drives and an HP laptop. On the devices, investigators found evidence that Kipf was looking for information about whether a staged death could save him from alimony. So, in the search history, the following queries were found: "alimony debt in California, father died" and "remove alimony from the deceased in California."

Although Kipf could have received more than 30 years in prison for his crimes, he was sentenced to 81 months in prison on a number of charges, including computer fraud and aggravated identity theft. The damage from his actions, including unpaid alimony, is estimated at more than $195,750.

Kipf must serve at least 85% of his prison term, i.e. at least 69 months (more than 5.5 years), and after his release, he will be under the supervision of the authorities for another three years.

Interestingly, according to The New York Times, prosecutors called Kipf "a classic repeat offender with an impressive criminal history," since back in 2010 he was convicted in Nebraska on "charges of illegally possessing four or more financial transaction devices," and in Kentucky he was charged "in connection with using stolen credit card numbers to buy food in such applications, like DoorDash."

Kipf's lawyer argued that his client was a military veteran suffering from "psychological trauma" after serving in Iraq from June 2007 to May 2008. Allegedly, after Kipf was "honorably discharged" in 2009, he "struggled with drug addiction," which "led to an increase in careless and illegal behavior."