US Frees ISIL Cyber-Operative

A Kosovan hacker, imprisoned in the United States for stealing personal data belonging to US military and government personnel and sending it to the Islamic State of Iraq and the Levant (ISIL), has been granted compassionate release.

Ardit Ferizi was sentenced to 20 years in prison in September 2016 after he confessed to providing material support to a designated foreign terrorist organization and to accessing a protected computer without authorization.

Ferizi's case made headlines for being the first-ever hacking conviction in the United States' War on Terror. 

The 24-year-old hacker, known online as “Th3Dir3ctorY,” was arrested in Kuala Lumpur, Malaysia, in 2015 at the age of 19 and extradited to the United States in January 2016.

According to court documents, Ferizi admitted that in June 2015 he gained system administrator-level access to a server that hosted the website of an electronics company located in Arizona. The website contained databases with personally identifiable information (PII) belonging to tens of thousands of the company's customers.

Ferizi searched the databases for PII belonging to US military members and other government personnel, stealing information belonging to approximately 1,300 such individuals. He then passed it on to Junaid Hussain, a now-deceased ISIL recruiter and attack facilitator. 

The hacker admitted that he gave the data to Hussain with the understanding that ISIL would use it to "hit them [the United States] hard." 

A document containing the stolen data was published on Twitter on August 11, 2015, by Hussain. Inside the document was the statement, “We are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!”

Last week, federal judge Leonie Brinkema of the Eastern District of Virginia ordered the release of convicted cyber-criminal Ferizi after he submitted a handwritten motion stating that his obesity and asthma made him vulnerable to COVID-19. 

Brinkema ordered Ferizi to spend two weeks in quarantine, after which time he will be deported to his native Kosovo, where he will remain on supervised release for 10 years.

What’s Hot on Infosecurity Magazine?