Convicted Hacker Allegedly Commits Fraud While Awaiting Release

A Kosovan hacker, granted compassionate release after being convicted of providing personally identifiable information of over 1,000 US government personnel to ISIS, has been charged with committing further crimes while in federal prison.

The US sentenced Ardit Ferizi to 20 years in prison in September 2016 after the hacker admitted accessing a protected computer without authorization and providing material support to a designated foreign terrorist organization.

In December 2020, Federal Judge Leonie Brinkema of the Eastern District of Virginia reduced Ferizi’s sentence to time served, plus 10 years of supervised release to be served in Kosovo after the 25-year-old submitted a handwritten motion stating that his obesity and asthma made him vulnerable to COVID-19. 

According to a federal complaint filed against Ferizi and unsealed on January 12, Ferizi was awaiting deportation back to his native Kosovo when the FBI determined that he had committed multiple new federal offenses. At the time of the alleged offenses, Ferizi was incarcerated at the Federal Correctional Institute in Terre Haute, Indiana.

“We allege Ferizi provided access to personal information of US citizens, even as he was serving his prison sentence for providing similar information to ISIS,” said US Attorney David L. Anderson. 

According to the FBI, in 2017 and 2018 Ferizi became involved in multiple fraudulent schemes while locked up in prison by coordinating with a family member who was operating Ferizi’s email accounts. At least one email account included large databases of stolen personally identifiable information, extensive lists of stolen email accounts, partial credit card numbers, passwords, and other confidential information, accumulated through Ferizi's criminal hacking activity.

"Based on an IP address resolving to Kosovo, login activity to Ferizi’s other e-mail accounts, and other investigative information, it was determined the family member downloaded the databases of stolen information to liquidate the proceeds of Ferizi’s previous criminal hacking activity," said the Department of Justice.  

Ferizi and his family member are alleged to have used the electronic services of Google, PayPal, and Coinbase to carry out these new crimes.

Ferizi, known online as Th3Dir3ctorY, is charged with one count of aggravated identity theft and one count of wire fraud in violation. If convicted of both charges, he faces a maximum penalty of 22 years in prison and a fine of $250,000.  

What’s Hot on Infosecurity Magazine?