Islamic State Hacker Charged With Theft, Distribution of Personal Information of Over 1,000 U.S. Soldiers and Federal Employees

Last week Malaysian authorities detained Ardit Ferizi, a citizen of Kosovo, on a provisional arrest warrant alleging he provided material support to the Islamic State and was involved in the hacking and release of personally identifiable information (PII) of U.S. service members and federal employees.

The government is seeking the extradition of Ferizi to the U.S. Attorney’s Office of the Eastern District of Virginia to stand trial.

According to the criminal complaint, Ferizi is believed to be the leader of a Kosovar internet hacking group Kosova Hacker’s Security (KHS), where Ferizi goes by the online moniker “Th3Dir3ctorY.” Ferizi allegedly hacked into a computer system of a company in the U.S. and stole the PII of thousands of individuals.

Ferizi then released the PII of more than 1,000 American soldiers and federal employees to the Islamic State to be used against the named individuals. In the summer of 2015, Ferizi shared the unlawfully obtained PII to Islamic State member Junaid Hussain, aka Abu Hussain al-Britani. On August 11, 2015, Hussain posted a tweet in the name of the Islamic State Hacking Division (ISHD) entitled “NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!” and a link to a thirty page document.

The document contained the assertion that ““we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!”  

The document contained names, email addresses, email passwords, locations and phone numbers for approximately 1,351 U.S. military and other government personnel, with the intent of providing Islamic State supporters and sympathizers a list of potential targets.

“National security is compromised by computer intrusions, and Ferizi is charged with obtaining the personal identifying information of U.S. military and government personnel and providing it to ISIL,” said U.S. Attorney Dana Boente of the Eastern District of Virginia.  “We will investigate and prosecute these cyber-attacks to fullest extent of the law.”

“As alleged, Ardit Ferizi is a terrorist hacker who provided material support to ISIL by stealing the personally identifiable information of U.S. service members and federal employees and providing it to ISIL for use against those employees,” said Assistant Attorney General for National Security John Carlin.  “This case is a first of its kind and, with these charges, we seek to hold Ferizi accountable for his theft of this information and his role in ISIL’s targeting of U.S. government employees.  This arrest demonstrates our resolve to confront and disrupt ISIL’s efforts to target Americans, in whatever form and wherever they occur.”