Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months in prison

A Kentucky man who hacked into a state registry and faked his own death to avoid paying child support was sentenced to 81 months in prison Monday.

In January 2023, Jesse Kipf used stolen doctor credentials to access the Hawaii Death Registry System, where he filed and “confirmed” his own death – thus avoiding paying over $116,000 in owed child support.

In addition, he used stolen credentials to hack into other government death registration systems as well as “government and corporate networks” and attempted to sell access to these facilities on the dark web.

“Working with our law enforcement partners, this defendant who hacked a number of computer systems and maliciously stole the identities of others for his own benefit will now pay the price,” said Michael E. Stansbury, special agent in charge of the FBI's Louisville Field Office. Kipf was convicted of computer fraud and aggravated identity theft.

In March 2023, the Hawaii Department of Health began sending breach notifications after being notified by cybersecurity firm Mandiant that the credentials of an external medical death certificate examiner account had been sold on the dark web. The account belonged to a death certificate examiner who worked for a local hospital but left the job in 2021.

According to the Ministry of Health's press release, the hacker gained access to the account on January 20, 2023 – the same month that Kipf broke into the system.

That same year, Kipf also used stolen credentials to access networks owned by Guest-Tek Interactive Entertainment Ltd. and Milestone, Inc., specifically networks related to the companies' relationships with hotel chains, including Internet connectivity services.

According to a sentencing memorandum by Assistant U.S. Attorney Kathryn M. Dieruf, Kipf offered tips for accessing death registration systems for sale on dark web forums and sold Russian customers access to the hacked databases of at least one company. Other international buyers of stolen personal information came from Algeria and Ukraine, according to court documents.

Dieruf called for a seven-year prison sentence – three months more than the one Kipf was sentenced to – while also asking the judge to send a message to cybercriminals.

“Individuals in similar situations must recognise the real danger they pose to victims and not allow fear of punishment to deter them from engaging in criminal activity online,” she wrote.

“The cloak of anonymity offered by the dark web is too tempting without the constant threat of being brought to justice and serving a long prison sentence.”

Learn more.