FBI Google Mandiant Expose Jesse Kipf – Hacker Sting Operation
In a significant cybercrime case, the FBI, in collaboration with Mandiant and other law enforcement agencies, has successfully exposed and brought to justice Jesse Kipf, a prolific hacker who attempted to fake his own death to evade legal obligations.
Kipf, a 39-year-old resident of Somerset, Kentucky, was sentenced to 81 months in prison by U.S. District Judge Robert Wier for computer fraud and aggravated identity theft. The elaborate scheme involved Kipf accessing the Hawaii Death Registry System using the stolen username and password of a physician from another state. He created a fake death case, completed a State of Hawaii Death Certificate Worksheet, and even used the doctor's digital signature to certify his own death. This ruse resulted in Kipf being registered as deceased in numerous government databases, a tactic he employed partly to avoid his outstanding child support obligations.
Kipf's cybercrimes extended far beyond this singular incident. He infiltrated various state death registry systems, private business networks, and governmental and corporate networks by using stolen credentials. He then attempted to sell access to these compromised networks on the dark web, a clandestine part of the internet known for illicit activities. Kipf operated under several aliases, including "GhostMarket09," "theelephantshow," "yelichanter," and "ayohulk," and was linked to the notorious cybercrime group known as Scattered Spider (UNC3944), which is associated with several high-profile hacks, including the MGM Resorts hack.
The investigation that led to Kipf's capture was a collaborative effort involving the FBI, Mandiant, the Kentucky Attorney General’s Office, the Department of the Attorney General for Hawaii, and the Pulaski County Sheriff’s Office. A crucial breakthrough came when Kipf failed to use a VPN while accessing the Hawaii death registry systems, exposing his home IP address in Somerset, Kentucky. This oversight allowed investigators to trace the activities back to Kipf.
Mandiant's Senior Threat Analyst, Austin Larsen, played a key role in the investigation by manually reviewing thousands of messages sent by Kipf under his various online personas. This extensive review helped connect Kipf's activities to the broader cybercrime landscape, including his involvement with the Scattered Spider group.
The FBI's Special Agent Andrew Satornino and Assistant U.S. Attorney Kate Dieruf were also instrumental in the case. They discovered that Kipf had a history of cybercrime, including credit card fraud to purchase food from delivery services and using fake Social Security numbers to apply for loans. His computer contained over a dozen U.S. driver’s licenses, and he had hacked into vendors working with Marriott hotels, such as GuestTek and Milestone.
Kipf's confession and the evidence gathered led to a plea deal, where he admitted to causing nearly $80,000 in damages to government and corporate networks and $116,000 in unpaid child support. He also acknowledged his role in identity theft by using the stolen credentials of a doctor to create the fake death certificate.
Under federal law, Kipf must serve 85% of his prison sentence and will be under the supervision of the U.S. Probation Office for three years upon his release. The total damage from his activities, including the failure to pay child support, amounted to $195,758.65.
This case highlights the critical importance of computer and online security, as well as the collaborative efforts of law enforcement and cybersecurity experts in combating sophisticated cybercrimes.