First Cyberterror Charges: DOJ Accuses Hacker Of Giving Military PII To ISIS

The data was first stolen from an online retailer, and the suspect is awaiting extradition hearing in Malaysia.

Sara Peters, Senior Editor

October 17, 2015

2 Min Read
Dark Reading logo in a gray background | Dark Reading

For the first time, the U.S. has charged an individual with both hacking and providing material support to a terrorist organization.

According to the U.S. Department of Justice, Kosovo citizen Ardit Ferizi "provided material support to the Islamic State of Iraq and the Levant (ISIL), a designated foreign terrorist organization, and committed computer hacking and identity theft violations in conjunction with the theft and release of personally identifiable information (PII) of U.S. service members and federal employees."

Ferizi, A.K.A. "Th3Dir3ctorY," is believed to be the leader of the Kosova Hacker’s Security (KHS) hacking group, which mostly targets the Serbian government. 

According to the charges, Ferizi hacked into an unnamed online retailer in the U.S., and obtained from it personally identifiable information on about 100,000 people in all -- including the names, e-mail addresses, e-mail passwords, physical locations, and phone numbers for approximately 1,351 U.S. military and other government personnel.

Ferizi, according to the DoJ, then passed the military and government personnel's PII to Junaid Hussain, A.K.A. Abu Hussain al-Britani, a British citizen and member of the Islamic State.

On August 1, Hussain sent a Tweet with a link to a 30-page document containing the stolen PII, and a message that stated, in part, "we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!”

According to the DoJ's release, the Twitter post "was intended to provide ISIL supporters in the United States and elsewhere with the PII belonging to the listed government employees for the purpose of encouraging terrorist attacks against those individuals."

Hussain was later killed in a drone strike in Syria.

If extradited to the U.S. and convicted of all charges, Ferizi faces up to 35 years in prison.

“This case is a first of its kind," said Assistant Attorney General for National Security John P. Carlin, "and, with these charges, we seek to hold Ferizi accountable for his theft of this information and his role in ISIL’s targeting of U.S. government employees. This arrest demonstrates our resolve to confront and disrupt ISIL’s efforts to target Americans, in whatever form and wherever they occur.”

For more information, see the DoJ release and the Washington Post.

About the Author

Sara Peters

Senior Editor

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights