Culture

Hacker Faces 25 Years for Sending 1,300 U.S. Servicemembers' Info to ISIS

It's one of the first times the U.S. government has nailed a cyberterrorism charge. 

by Adam Toobin

Ardit Ferizi, a 20-year-old native of Kosovo, has pleaded guilty on Wednesday to accessing a computer system without authorization — and aiding a foreign terrorist organization, namely ISIS. He now faces up to 25 years in federal prison.

Just a little over a year ago, Ferizi gained admin-level access to the network of a U.S. based company, scooped up the names and private information of over 1,300 U.S. service members, and, using the online alias “Th3Dir3ctorY,” promptly sent all the details to a leader in the Islamic State Hacking Division, named Junaid Hussain.

Hussain reportedly compiled the data and then sent it out to his affiliates in a tweet, reading, “NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!” The scoop generated some media attention and put the lives of those officials at risk, but for Ferizi, codename Th3Dir3ctorY, it simply opened up a new era of trouble. In October, just months after the initial hack, Malaysian authorities detained Ferizi on a U.S. warrant. He was extradited to the United States in January and recently stood trial in Virginia.

The charge of aiding a foreign terrorist group carries a maximum penalty of 20 years behind bars, while accessing a computer system brings Ferizi the threat of an additional five. Considering the government’s record of handing out major sentences to hackers and leakers of all stripes, Ferizi is looking at a heavy chunk of time behind bars, though his guilty plea will likely earn him respite from the maximum penalties. The case is also one of the first times the U.S. government has successfully tried to prosecute cyberterrorism, and the prosecutors behind the charges seem ecstatic about it.

“The case against Ferizi is the first of its kind, representing the nexus of the terror and cyber threats. The National Security Division will continue to use an all-tools approach to combat this ever-evolving blended threat, and we will identify, disrupt and prosecute any individual who provides material support to ISIL, no matter how they do so,” said John P. Carlin, Assistant Attorney General for National Security.

It’s not clear whether Ferizi’s actions led to actual harm of any U.S. service members, but prosecutors in his case are insisting that the leak of private information placed their lives in danger. The document, released by ISIS, containing the private information, exhorts those who can to strike against the targets detailed in the leak.

we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!

Ferizi admitted that his intent had been for ISIS to use the information he supplied to “hit them hard.” His actions are a rare glimpse into the world of cyberterrorism that officials claim is a growing threat to American safety. These criminals are the reason why the FBI is so worried about encryption and other forms of secure communication. For once, we actually caught the guy, and now we just do what we do best, lock him away.