Related Post
On the morning of January 20, 2023, a doctor’s user account logged into Hawaii’s electronic death registration system from out of state to certify the death of a man named Jesse Kipf.
The death certificate stated that it was due to acute respiratory distress syndrome caused by the “Covid-19” virus a week ago. Thus, Kiev was registered as deceased in several government databases, according to the TechCrunch website.
On the same day, a hacker known as “FreeRadical” posted the same death certificate on a hacking forum, trying to make a profit by selling the loophole he obtained to hack the system. “The access level is Medical Certificate which means you can create a death certificate in this panel,” he wrote.
In the post, the hacker included a partial screenshot of the fake death certificate, but he made a critical mistake, as Free Radical forgot to delete the alleged person’s date of birth on the death certificate and left a small portion of the state government seal in the corner of the screenshot.
On the other side of the country in Colorado, Austin Larson, a senior threat analyst at Google’s cybersecurity company Mandiant, followed the online post as part of routine information gathering, which includes monitoring cybercrime forums.
By focusing on a badly cropped screenshot of the fake death certificate, Larson and his colleagues realized that the forum post was evidence that Free Radical had hacked the Hawaii state government.
Three days after the hacked forum post was found, Larsen notified Hawaii state officials that its government systems had been hacked.
Thus began a federal investigation, revealing that the account of the doctor responsible for submitting the death certificate had been hacked by the alleged deceased, Kipf. Prosecutors alleged in a court document that Kipf faked his death to avoid paying his ex-wife about $116,000 to support their daughter.
Prosecutors described Kipf as a “serial hacker” with extensive technical knowledge to make a living by stealing from others. But he made a series of mistakes, the most important of which was his use of the home Internet to connect directly to the death registration system in Hawaii, which made it easier for federal agents to arrive at his door and arrest him.
According to the investigation, Kipf apparently forgot to use a VPN at least once when accessing death registration systems in Hawaii, which led to his IP address being exposed in Somerset, Kentucky. According to Larsen and court documents.
When the FBI was able to examine Kipf’s devices, previous searches were found in his Google browsing history indicating that he was trying to find information on how to avoid paying child support.
The US Department of Justice filed criminal charges against Kipf for a series of hacking crimes. Prosecutors alleged that he hacked into the computer systems of three states, as well as two companies in the hotel supply chain.
The FBI special agent stated that Kipf committed fraud using credit cards to purchase food from food delivery services and was arrested for that in 2022. He also used fraudulent Social Security numbers to apply for loans, had more than 12 driver’s licenses on his computer, and hacked into supply companies. Hotels affiliated with Marriott.
It is possible that Kipf obtained the credentials he used to hack into Hawaii from information-stealing software known as “InfoStealer” and hacked into the computer of the doctor, whose name was not mentioned, and then moved to a hacker’s Telegram channel and used the alias “GhostMarkter09.” (GhostMarket09) to run a credential theft service, Larsen said.
“I would say he was an ordinary hacker. It seemed like he wasn’t afraid of the consequences either,” Larsen said. “He was involved in other parts of the criminal community, but really his role was to sell credentials to enable other hacks.”
Kipf was eventually sentenced to 81 months in prison under federal law.
