US Imprisons First ISIS Cyber-Operative

The US has made its first-ever hacking conviction in the War on Terror, sending an ISIS operative to prison for 20 years.

Ardit Ferizi, aka Th3Dir3ctorY, 20, a citizen of Kosovo, was convicted for providing material support to the Islamic State of Iraq and the Levant (ISIL), aka ISIS, by accessing a protected computer without authorization and carrying out espionage activities. Afterwards, he supplied personally identifiable information (PII) on 1,300 U.S. military members and government personnel to Junaid Hussain, a now-deceased ISIL recruiter and attack facilitator. Ferizi and Hussain discussed publishing the PII of those 1,300 victims in a hit list. Ferizi admitted that he provided the PII to ISIS with the understanding that ISIL would use the PII to “hit them hard.”

"This case represents the first time we have seen the very real and dangerous national security cyber-threat that results from the combination of terrorism and hacking,” said Assistant Attorney General for National Security, John Carlin.

According to court documents, Ferizi admitted that he gained system administrator-level access in June 2015 to a server that hosted the website of a US victim company. The website contained databases with belonging to tens of thousands of the victim company’s customers, including members of the military and other government personnel. Ferizi subsequently culled the PII down to a target list useful to his purposes.

That August, in the name of the Islamic State Hacking Division (ISHD), Hussain posted a tweet that contained a document with the PII of the approximately 1,300 targets. The document stated, in part, that “we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!”

Ferizi was detained by Malaysian authorities on a provisional arrest warrant on behalf of the US, and was charged by criminal complaint on Oct. 6, 2015. The criminal complaint was unsealed on Oct. 15 last year, and Ferizi subsequently consented to extradition and pleaded guilty this past June 15.

 “This was a wake-up call not only to those of us in law enforcement, but also to those in private industry,” Carlin said. “This successful prosecution also sends a message to those around the world that, if you provide material support to designated foreign terrorist organizations and assist them with their deadly attack planning, you will have nowhere to hide.  As this case shows, we will reach half-way around the world if necessary to hold accountable those who engage in this type of activity. I want to thank the corporation that worked with law enforcement to solve this crime, and the agents, analysts and prosecutors who worked on this groundbreaking case."

Photo © oneinchpunch

What’s Hot on Infosecurity Magazine?