Jesse Kipf is no ordinary hacker because he faked his own death and hacked security systems. Kipf wanted to evade paying alimony to his ex-wife for a rather strange and unrelated reason. Behind this apparently bizarre excuse is a history of intrusions and damage the hacker caused to many companies until a cyber expert caught him red-handed.

The fake suicide took place on 20 January 2023, when the death of Jesse Kipf, caused by acute respiratory distress syndrome motivated by COVID-19, was recorded from the account of a doctor in Hawaii via foreign access. Thus, Kipf’s death ended up in various government databases, like many others. A few hours later, a hacker nicknamed ‘Free Radical’ posted the identical death certificate on a hacking forum to monetise access to the system.

In sharing the post, Kipf included some details of the fake death certificate, but most importantly, he did not delete the birth status of the deceased, leaving part of the government logo visible. Precious clues for a cybersecurity veteran like Austin Larsen, an analyst at Mandiant, a Google-owned company, who with his team spotted the post online, sensing the violation of the Hawaiian government committed by the author, who had hacked into the account of a state doctor. Thus, a federal investigation was launched, which led back to Kipf, the same person who died, according to the mendaciously recorded documents. Reconstructing the hacker’s life, it was thus established that Kipf owed his former life partner more than $115,000 in child support. What surprised investigators most, however, was another glaring mistake the computer criminal had made in staging his death.

Never forget the VPN

Although described as a ‘serial hacker’ with ‘extensive technical knowledge of how to make a living by stealing from others’, Kipf had used the Internet network of his home in Somerset, Kentucky, to connect to Hawaii’s death registration system. Forgetting to use a VPN was the misstep that allowed federal agents to solve the case.

According to the US Department of Justice’s reconstruction, Kipf had hacked computer systems in Hawaii, Vermont, and Arizona, as well as hotel chains such as Marriott hotels and GuestTek Interactive Entertainment, Ltd. and Milestone, Inc. operationally. However, Kipf was a hacker who broke into systems and sold access to the same systems to other cybercriminals. More than a dozen fake driver’s licences and social security numbers stolen from other people were found on his computer, as well as credit card fraud to buy food at home, a crime for which he was arrested in 2022. Also, in the past, the personal information of hacking victims that Kipf sold to cybercriminals in Russia, Ukraine and Algeria.

With so much evidence of his misconduct, Kipf admitted to formally causing nearly $80,000 in damage to government and corporate networks whose computer defences he hacked. He admitted to stealing the identity of the Hawaii doctor in order to register his (faked) death. The prosecution asked for seven years in prison, while the sentence handed down in August puts Kipf behind bars for 81 months.

Who knows whether, once caught by federal agents, the hacker rethought his mistakes and why he did not use his computer skills to obtain the money to give to his ex-wife illegally. He will now have plenty of time to reflect on these reasons.