Hacker Charged with Stealing Personal Data on U.S. Troops, Passing It to ISIS

REUTERS/Kacper Pempel/Files
REUTERS/Kacper Pempel/Files

In a landmark cyberwar case, the Justice Department has accused Ardit Ferizi, a 20-year-old citizen of Kosovo currently detained in Malaysia, as being a hacker and stealing personal information about U.S. military and government personnel to pass along to ISIS.

The so-called “Islamic State Hacking Division” used this data to encourage terrorist attacks against American personnel and their families. There was some question at the time about how much of the information included in this ISIS data dump was genuine–protected data stolen by hackers–and how much was either inaccurate or assembled from public sources. Evidently, a good deal of it was indeed looted by hackers, but they were freelancers who gave it to the Islamic State.

According to the charging documents, Ferizi is believed to be the leader of an ethnic Albanian Kosovar hacking group called “Kosova Hacker’s Security,” which has been responsible for cracking over 20,000 websites, including such high-profile targets as Microsoft’s Hotmail server.

Using the Twitter handle @Th3Dir3ctorY, Ferizi approached ISIS operatives in April 2015 with screen shots of stolen data belonging to American, British, and French citizens. The FBI believes Ferizi went on to provide these operatives with the 1,351 sets of stolen personal data that were used to produce the ISIS “hit list” of military and government personnel.

The hacker apparently got this information from a server employed by a sizable Internet retail outlet, which is not named in the court documents. He was ultimately tracked down by FBI forensics experts after he sent a threatening message to the retailer, who angered him by locating and deleting some of the malware he placed on their system.

Ferizi was foolish enough to exchange several emails with employees of the company, demanding a ransom of $500, payable in Bitcoin. Those messages were traced back to Malaysia, where Ferizi was living on a student visa. Malaysian authorities monitored him for several months after the FBI alerted them and arrested him on September 15 in Kuala Lumpur, according to CNN. The Malaysian police are expected to extradite him to the United States to stand trial.

Ferizi allegedly did some other computer work for the ISIS goons, who encouraged him to join them in the Islamic State. One of Ferizi’s ISIS contacts was Junaid Hussain, originally a British citizen, who went on to post the “hit list” and was in contact with one of the would-be jihadis who attacked the Mohammed Art Exhibit in Garland, Texas. Hussein was eventually liquidated by a U.S. drone strike in Syria.

The Washington Post cites U.S. officials who say the charges against Ferizi are “the first against a suspect for terrorism and hacking, and they represent a troubling convergence of terrorism with the techniques used in cyberattacks.”

“As alleged, Ardit Ferizi is a terrorist hacker who provided material support to ISIL by stealing the personally identifiable information of U.S. service members and federal employees and providing it to ISIL for use against those employees,” said Assistant Attorney General Carlin, adding:

This case is a first of its kind and, with these charges, we seek to hold Ferizi accountable for his theft of this information and his role in ISIL’s targeting of U.S. government employees. This arrest demonstrates our resolve to confront and disrupt ISIL’s efforts to target Americans, in whatever form and wherever they occur.

The Justice Department’s press release states that Ferizi could face a maximum penalty of 35 years in prison if convicted.