Kentucky man gets 81 months in prison for cyber fraud to fake his own death
Deadbeat parents across America are responsible for more than $113 billion in unpaid child support payments, according to the Department of Health and Human Services. Few of those offenders likely spent as much effort to get out their obligations as Kentucky resident Jesse Kipf.
According to the Department of Justice and court documents, Kipf starting in January 2023 began using stolen online credentials of multiple physicians living in other states to access state death registry systems for Hawaii, Arizona and Vermont and create death certificates for himself.
Investigators said a primary motive for the crimes was getting out of more than $116,000 in child support payments to his ex-wife.
“This scheme was a cynical and destructive effort, based in part on the inexcusable goal of avoiding his child support obligations,” Carlton S. Shier IV, U.S. Attorney for the Eastern District of Kentucky, said in a statement.
Because he was using a doctor’s credentials, Kipf was able to assign himself as the medical certifier charged with confirming his own “death.” He also created a false Social Security number, and searches of his electronic devices by authorities turned up multiple web searches for information on how to avoid child support in the state of California.
Kipf was sentenced to 81 months in federal prison and ordered to pay his ex-wife, his state and corporate victims a combined $195,758. Authorities also seized his remaining stolen online accounts as well as nine digital storage devices, an HP ENVY laptop, and seven smartphones that were used in the criminal scheme.
The plea agreement lists collective damages to government and corporate networks at just under $80,000.
In addition to breaking into three state death registry systemst, the indictment also charged Kipf with using stolen credentials to gain access to the systems of two companies — Milestone Inc. and GuestTek Interactive Entertainment — that were described by federal authorities as vendors for “major hotel chains.” Kipf later sold access to the state and company databases on the dark web.
Those credentials would have provided Kipf and any buyers access to death records and customer data for “potentially thousands of individuals,” leading authorities to petition the court for alternative means for notifying all identified victims through a department-created webpage. According to a sentencing memo, Kipf sold at least one of the two stolen corporate databases to Russian buyers.
Kipf was taken into custody by federal authorities on Nov. 8, 2023, and initially pleaded not guilty to five counts of computer fraud, three counts of aggravated identity theft and two counts of false applications to a federally insured financial institution.
However, by late December, his lawyers were actively negotiating a plea deal with the federal government, and in March authorities dropped eight of the 10 charges as Kipf pleaded guilty to aggravated identity theft and computer fraud.
In his sentencing memo, Shier characterized Kipf as a “serial hacker” with a history of criminal offenses across multiple states, including criminal possession of financial transaction devices, assault, destruction of government property and theft of credit card numbers that he used to rack up charges with food delivery services like DoorDash.
The intrusions into state and private networks caused tens of thousands of dollars in damages as well as “untold consequences” in network remediation and damage to victims, Shier claimed.
Kipf admitted to possessing databases of personal identifiable information, including Social Security numbers, birth dates, and medical records, which he sold to international buyers in Algeria, Russia, and Ukraine. After being arrested in Pulaski County, Kentucky for separate charges of credit card theft, Kipf allegedly told police that he “had not held legitimate employment for the last five years and that he was selling identities for income.”
“To traffic so flippantly in the personal identifying information of a ‘database’ worth of real people demonstrates utter disregard for everyday people he is exploiting,” Shier wrote.
GuestTek, based in Alberta, Canada, bills itself as a technology integrator for the hospitality industry, offering event services, software installation, services and support, data reporting and internet and Wi-Fi services. The company says it has 3,900 hotels as customers, including Four Seasons, Hyatt, Marriott, Omni, Trump Hotels, Wyndham and other major brands.
Milestone sells digital website design and advertising, SEO and analytics services. Among the clients listed on its website are Marriott Bonvoy, Hotel DuPont, Motel 6, carmaker Nissan as well as banks, credit unions and financial institutions.
Phone calls to GuestTek’s corporate headquarters in Alberta seeking comment went to an automated voice messaging system that hangs up when a caller requests to leave a message. A message sent through LinkedIn to Matthew Baio, GuestTek’s managing director for the Americas, was not immediately returned.
A voice message left with Milestone Inc. seeking comment was not immediately returned.