In a bizarre attempt to dodge $116,000 in child support, Jesse Kipf, a Kentucky-based “serial hacker,” successfully registered his own death in the Hawaii Electronic Death Registration System. On January 20, 2023, Kipf used stolen credentials from a doctor to certify his demise, citing “acute respiratory distress syndrome” due to COVID-19. The elaborate ruse, however, unraveled due to a series of amateurish mistakes that led federal agents directly to his doorstep.
The Blunder That Exposed the Scheme
Kipf’s undoing began when he posted the fake death certificate on a hacking forum under the alias “FreeRadical,” attempting to monetize his system access. In his haste, he failed to properly redact the document, leaving a visible state government seal and birth state. Austin Larsen, a senior threat analyst at Mandiant, identified the post during routine monitoring. By tracing the digital footprint, Mandiant alerted Hawaii officials to the breach within three days.
From “GhostMarket09” to Federal Custody
The investigation revealed that Kipf was a prolific “initial access broker.” Operating under aliases such as “GhostMarket09,” “theelephantshow,” and “ayohulk,” he specialized in breaching systems and selling the data. Mandiant’s research linked his activities to the broader cybercriminal ecosystem, including connections to the notorious “Scattered Spider” group and the “Com” syndicate, which has been associated with various violent crimes.
Despite his technical background, Kipf’s operational security was shockingly poor. He frequently accessed government and corporate systems—including Marriott hotel vendors—directly from his home IP address in Somerset, Kentucky, without the protection of a VPN. When questioned by the FBI, Kipf admitted that his lack of caution stemmed from sheer laziness and a complete disregard for consequences.
A Trail of Digital Destruction
Kipf’s criminal reach extended far beyond his own death certificate. During his interrogation, he confessed to:
- Accessing death registry systems in Arizona, Connecticut, Tennessee, and Vermont.
- Filing a fraudulent death certificate in Arizona for a person named “Crab Rangoon.”
- Selling stolen personal data to buyers in Algeria, Russia, and Ukraine.
- Targeting Marriott hotel vendors, GuestTek, and Milestone, executing over 1,400 unauthorized access attempts.
The FBI, working alongside the National Cyber Forensics Training Alliance, eventually gathered enough evidence to secure a conviction. Kipf entered a plea deal, admitting to identity theft and causing nearly $80,000 in damages to the organizations he compromised.
Sentencing and Legal Repercussions
Prosecutors characterized Kipf as a menace who viewed cybercrime as a full-time career. Assistant U.S. Attorney Kate Dieruf argued that his attempt to “kill himself off” was a calculated move to re-victimize his daughter and ex-wife. While the defense cited struggles with drug addiction and mental health issues stemming from military service, the court remained unmoved by the severity of the breaches.
In August 2024, Kipf was sentenced to 81 months in federal prison. Under U.S. law, he is required to serve at least 85% of his sentence, ensuring he remains off the grid for the next several years. The Department of Justice confirmed the finality of the case, marking the end of a hacker’s attempt to erase his existence through digital fraud.