Hack for Islamic State, Get 20 Years in the Slammer

WIB front September 26, 2016 0

Ardit Ferizi, at right. Photo via Facebook Ardit Ferizi will do hard time by JOSEPH COX On Sept. 23, the U.S. Department of Justice announced that an...
Ardit Ferizi, at right. Photo via Facebook

Ardit Ferizi will do hard time

by JOSEPH COX

On Sept. 23, the U.S. Department of Justice announced that an Islamic State-linked hacker, who stole personally identifiable information — PII — of U.S. military and government personnel has been sentenced to 20 years in prison.

Twenty-year-old Ardit Ferizi, who used the online handle “Th3Dir3ctorY” and is a citizen of Kosovo, was sentenced for “providing material support to the Islamic State of Iraq and the Levant … and accessing a protected computer without authorization and obtaining information in order to provide material support to ISIL,” according to the DOJ’s press release.

According to court filings, Ferizi’s serious support for ISIS started in April 2015, when he administered a website that hosted ISIS propaganda videos called Penvid.com. Despite criticism on Twitter from people who were against ISIS, Ferizi defended his website and the terrorist group. “never kill [sic] someone without reason,” he tweeted in the aftermath of beheadings carried out by the ISIS executioner known as Jihadi John.

Around this time, a group of ISIS hackers called the Islamic State Hacking Division, or ISHD — believed to be led or created by British jihadi Junaid Hussain — posted the names and personal information of 100 American service members’ families online.

Ferizi supported the group’s move on Twitter and said the dump was justified because the U.S. military “killed peoples [sic] in Iraq and Syria,” according to a government court filing.

After this, Ferizi started providing ISIS with what appeared to be identifying information of people living in the United States and abroad. One person Ferizi sent information to was Tariq Hamayun, a Syria-based associate of Hussain, court documents state.

Cybersecurity and Cyberwar: What Everyone Needs to Know®

In June 2015, according to the indictment filed against him, Ferizi hacked into an unnamed company’s website, which gave him access to PII of thousands of the company’s customers. Ferizi filtered out approximately 1,300 U.S. military and government employees’ information and then sent that data to Hussain. Hussain, who was part of the hacking collective Team Poison and who used the moniker “TriCk,” was later killed in a U.S. drone strike after joining ISIS in Syria.

“wait I prepare some dumps I got ok,” Ferizi wrote in one social media message to Hussain, according to court exhibits.

“gov dump..html.”

“military dump..html.”

ISHD then posted on Twitter a document containing the information.

“we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!” the beginning of the document reads, according to Ferizi’s indictment.

In September 2015, Ferizi was detained by Malaysian authorities as he was trying to leave the country. He pleaded guilty in June 2016.

One of the secrets to a great d“Mr. Ferizi admits that he sent ISIL information obtained from a database — names, email addresses, passwords, some phone numbers and some general locations,” Ferizi’s lawyer wrote in a filing.

“While the information was used for propaganda, this information was neither directed at one individual or a group of individuals, nor specific enough to reveal the address, workplace or location of any of the individuals whose names were revealed. Indeed, an old-fashioned phone book with addresses contains more specific information.”

According to the government, however, “the defendant’s knowledge of what ISIL would use the information for is evidenced by the information itself and by ISIL’s previous use of that type of information: to disseminate a kill list.”

Originally published at motherboard.vice.com.