Topics
recent
AI
Amazon
Image Credits:Bryce Durbin/TechCrunch
Apps
Biotech & Health
Climate
Image Credits:Bryce Durbin/TechCrunch
Cloud Computing
commercialism
Crypto
A photo of the fake death certificate filed by Jesse Kipf using a doctor’s stolen credentials.Image Credits:Mandiant (provided)
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
secrecy
Robotics
security system
societal
distance
Startups
TikTok
Transportation
Venture
More from TechCrunch
effect
Startup Battlefield
StrictlyVC
newssheet
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Jesse Kipf was a prolific hacker who sold access to systems he hacked, had contacts with a notorious cybercrime gang, and tried to use his hacking skills to get off the grid for good.
In the other hours of January 20 , 2023 , a doctor ’s exploiter account logged onto the Hawaii Electronic Death Registration System from out of state to endorse the death of a man named Jesse Kipf . The death security listed the cause as “ acute respiratory hurt syndrome ” due to COVID-19 a week before . And with that , Kipf was unceremoniously record as at peace in several government databases .
On the same day , a hacker nicknamed “ FreeRadical ” posted the same last credentials on a cut up forum in an attempt to monetise the access code they had to the scheme . “ Access level is aesculapian certifier which have in mind you could create and certify a death in this panel , ” the hacker compose .
In the post , the hacker included a fond screenshot of the fake death certificate , but they also made a decisive misunderstanding . FreeRadical forgot to redact the purported state of parturition of the person in the death certificate and left a pocket-sized part of the state government ’s seal showing in the corner of the screenshot .
On the other side of the body politic in Colorado , Austin Larsen , a senior menace analyst at Google ’s cybersecurity business firm Mandiant , along with his fellow worker , blemish the Wiley Post online as part of their everyday threat intelligence gathering , which includes monitoring cybercrime forums . By home in on the disadvantageously cropped screenshot of the fake death certificate , Larsen and his colleagues recognize the forum post was evidence FreeRadical had hacked the U.S. state government of Hawaii .
Three Day after discover the hacking forum Emily Price Post , Larsen notified Hawaii state officials that its government activity systems had been hacked .
“ It is likely the thespian compromised a medical certifier account , ” the notification read , accord to a screenshot of Larsen ’s message portion out with TechCrunch in an consultation originally in September .
Larsen ’s warning set in motion a Union investigation that would unwrap that the doctor ’s user account statement used to file the death certificate was compromised by none other than Jesse Kipf himself , the person who had supposedly died . Prosecutors would later allege in a court document that Kipf misrepresent his own death to avoid paying his ex-wife - wife around $ 116,000 owed to support their girl .
Kipf , whom prosecutor later call a “ serial hacker ” with “ plenteous technical noesis towards make a living by slip from others , ” had made a serial of mistakes , including using his plate internet from Somerset , Kentucky , to directly link to the Hawaii decease registration system , which finally led federal agents right to his door .
As a result , the U.S. Department of Justicecriminally chargedKipf in late November 2023 with a series of hacking offence . Kipf , prosecuting attorney alleged , had cut computer systems belonging to three U.S. states , as well as two trafficker of large hotel chains . The Department of Justice ’s press release , as well as the indictment published at the same time , did not let in many of the details that prosecutors had take Kipf had done . Forbes had reporteda few day earlier that Kipf allegedly hack the Hawaii Department of Health .
Earlier in September , Mandiant ’s Larsen , along with FBI Special Agent Andrew Satornino , and Assistant U.S. Attorney for the Eastern District of Kentucky Kate Dieruf , sat down with TechCrunch to reveal how they get hold Kipf and bring him to justice . The three verbalize to TechCrunch ahead of a talking they gave at the Mandiant cybersecurity conference , mWISE .
Kipf , concord to Larsen , Satornino , and Dieruf , as well as the motor inn papers of his case , was a prolific hacker with multiple identities .
Satornino state Kipf was an “ initial access broker , ” think of a hack who break into systems and then strain to betray memory access to those systems to other cybercriminals . In affidavits indorse search stock-purchase warrant against Kipf , the FBI special agent wrote that Kipf had committed credit wit fraud to purchase food from food manner of speaking inspection and repair — and was arrested for it in 2022 ; used phony Social Security numbers to apply for loan ; had more than a dozen U.S. driver ’s licenses on his computer ; and had hacked Marriott hotel vendors .
Kipf likely got the credentials he used in the Hawaii hack from an information - stealing malware that infect the unnamed doctor ’s computer , which then end up on a Telegram channel for cyberpunk . Kipf used the byname “ GhostMarket09 ” to run a credential steal service , Larsen said .
Apart from GhostMarket09 , Larsen said that Mandiant identified several other monikers that Kipf used on different hacking forums , as well as Telegram , which included : “ theelephantshow , ” “ yelichanter , ” and “ ayohulk . ” experience that tilt of monikers , Larsen said he manually reviewed thousands of message sent by Kipf under his various online image , going through a database that Mandiant created by scraping the chop forums , “ semi - public Old World chat , ” and Telegram channels .
Larsen said that Mandiant identified the FreeRadical and GhostMarket09 personas as being connected to what the caller callsUNC3944 , or Scattered Spider , a prolific hacking and cybercrime group allegedly behindthe MGM Resorts hack , and link to the wider criminal underworldbehind a drawstring of red crimesknown as “ the Com . ”
According to Larsen , Kipf — as GhostMarket09 — bring home the bacon steal certification for the shipping gargantuan UPS to an alleged fellow member of the Com who uses the moniker “ lopiu ” or “ lolitleu . ” Larsen say that Kipf was not part of the Com , but part of the cybercriminal ecosystem enabling it .
“ I would say he ’s a run - of - the - mill hacker . It feel like he did n’t have fear of consequences either , ” said Larsen . “ He was adjacently involve in other parts of the criminal community , but really , where he came into gambol was selling credential to enable other usurpation . ”
In parallel , and unbeknown to Mandiant , the FBI had received a write up from theNational Cyber Forensics Training Alliance , a nonprofit that monitors the dark web and collaborates with law enforcement and the individual sector , which included a series of nickname used on the dark web by a drudge settle in Kentucky .
The probe direct to Kentucky because Kipf had apparently forget to use a VPN at least once when accessing the Hawaii dying registration systems , display his Somerset , Kentucky , home IP address , according to Larsen and court documents .
Then , in May 2023 , Hawaii ’s Attorney General ’s Office , which was investigating the machine politician of its death registry , alerted the Kentucky Attorney General ’s office that someone in the southeastern state used the login credentials of a substantial doctor , who had “ system level entitlements to input death worksheets , ” to reach the Hawaii death registration organization and register a death credentials for a man named Jesse Kipf , harmonize to a court document .
On July 13 , 2023 , U.S. federal factor arrested Kipf at his plate in Somerset and took him into custody . In a previous interview with the authorities , Kipf concede to a series of cybercrimes , which he said allowed him to not have a regular job for five years .
“ How did you countenance your IP luxate ? ” the interviewers ask Kipf , referring to the home IP address Kipf used to connect to the Hawaii organisation . “ Just laziness … I just super did n’t care anymore , ” Kipf answer , according to a partial copy of the audience . Kipf said that he “ quit giving a f—. ”
In fact , later in the probe , the authorities determine that Kipf had used his same menage IP address to attempt to “ visit , and extract data from Marriott net domain and internal servers ” between February 9 and May 22 , 2023 — a aggregate of 1,423 times . The finish there , according to Satornino , was to trade memory access to those networks to other hackers on forum used by cybercriminals .
Kipf also said in the interview that he had accessed the death readjustment systems of Arizona , Connecticut , Tennessee , and Vermont , just to see how easy it would be , the court document say . In Arizona ’s death register system , Kipf successfully file a death certificate where he put the name “ Crab Rangoon ” — a case of cheese - filled frizzly Chinese wonton — as the name of the deceased , harmonize to a screenshot of the certificate seen by TechCrunch .
He did , however , have some semblance of a plan . Kipf recount interviewers that he had created a forged deferred payment visibility with a false Social Security number so as to use it after he faked his death , according to court documents .
The drudge also confess to selling the personal data of hack victim to the great unwashed in Algeria , Ukraine , and Russia , and providingaccess info for a Marriott vendor scheme to Russians , court of justice documents show .
Once the FBI was able to go through Kipf ’s devices , they line up past Google searches in his browsing history hint he was try out to find information on how to debar paying kid keep , said Satornino .
Finally , Kipf was also accused of hack into GuestTek and Milestone , two trafficker who worked with Marriott hotel . In those hack , too , Kipf used his home IP reference .
Perhaps because of all the evidence Mandiant and the FBI had gathered on Kipf ’s history of cybercrime , and his confession in the consultation with the authorities , the hacker reached a supplication deal with prosecutors . Kipf officially let in to induce close to $ 80,000 in damages to the government and bodied networks he hack , and $ 116,000 for the unpaid tiddler support for his ex - wife . He also admit to identity thieving , for using Dr. ’s slip credential in the Hawaii plug to create the death certificate .
“ The Defendant is a serial hacker , steal personal identifying information and infiltrating protected computer networks of businesses and governmental entity with abandon , ” Dieruf wrote in a memorandum inquire the court to doom Kipf to seven geezerhood in prison house . “ He caused substantial damage , both monetarily and in the signifier of technical responses , to his incorporated and governmental victim . ”
Dieruf added : “ By attempting to kill himself off to avoid child support obligations , [ Kipf ] proceed to re - victimize his daughter and her mother , who are owed more than $ 116,000 in child musical accompaniment obligations . ”
In the sentencing memorandum file by Kipf ’s lawyer , Thomas Miceli , the lawyer yield that Kipf “ understands and does not deny the sincerity of his doings . ” Miceli , who did not respond to TechCrunch ’s request for comment , wrote at the meter that Kipf was name with paranoid delusions and schizophrenic tendencies , and that his “ genial health spiral after the finish of his military service ” in Iraq , which “ increase his drug addiction . ”
Kipf was sentenced to prison for 81 month , just unsure of seven years . According to the Department of Justicepress releaseannouncing his sentencing in August , Kipf must serve at least 85 % of his prison prison term — more than five years — under Union legal philosophy .
