ISIL-Linked Hacker Sentenced to 20 Years in Prison

ALEXANDRIA, VA — In the first case of its kind — representing the nexus of terror and cyber threats — the United States on Friday sentenced a 21-year old ISIL-linked hacker to 20 years in prison.

Last year, Ardit Ferizi of Gjakova, Kosovo, hacked into an online U.S. retailer's database located in Phoenix and spent two months poring over customer email addresses, plucking out the ones ending in .gov or .mil. He then gave 1,351 of those email addresses, and more of their personal information, to ISIL, the U.S. Justice Department said. The Islamic State published the names with a threat to attack, stating:

"We have your names and addresses. We are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands."

Ferizi was sentenced Friday in a federal court in Alexandria, Virginia. Assistant Attorney General John Carlin noted this is the first time a hacker has been prosecuted on charges of terrorism.

Ferizi was arrested last year, on Sept. 15, in Kuala Lumpur, Malaysia, where he was living on a student visa, studying at Limkokwing University, according to authorities. Ferizi went by the Twitter handle Th3Dir3ctorY, according to the FBI.

He pleaded guilty June 15 to charges of providing material support to ISIL, and accessing a protected computer without authorization and obtaining information.

“Ferizi endangered the lives of over 1,000 Americans,” said Dana J. Boente, U.S. Attorney for the Eastern District of Virginia, in June. “Cyber terrorism has become an increasingly prevalent and serious threat here in America, both to individuals and businesses. However, cyber terrorist[s] are no different from other terrorists: No matter where they hide, we will track them down and seek to bring them to the United States to face justice.”

“Ardit Ferizi launched a cyber attack to gain access to the identities of U.S. military personnel, which he shared with members of ISIL in an attempt to incite terror attacks,” said Paul M. Abbate, assistant director in charge of the FBI’s Washington Field Office. “No matter how a person supports a terrorist group like ISIL, whether on the battlefield or in the cyber world, the FBI will identify, disrupt and bring them to justice for placing lives at risk.”

Ferizi, who was detained by Malaysian authorities on a provisional arrest warrant on behalf of the United States, was charged by criminal complaint on Oct. 6, 2015. The criminal complaint was unsealed on Oct. 15, 2015. Ferizi subsequently waived extradition.

Ferizi admitted that in June 2015, he gained administrator-level access to a server that maintained the website of a victim company located in the United States, which also contained databases with personally identifiable information (PII) belonging to tens of thousands of the victim company’s customers.

Between June and August 2015, Ferizi provided unlawfully obtained personally identifiable information to ISIL member Junaid Hussain, aka Abu Hussain al-Britani, he admitted. On Aug. 11, 2015, in the name of the Islamic State Hacking Division (ISHD), Hussain posted a tweet that contained a document with the personally identifiable information of approximately 1,300 U.S. military and other personnel that Ferizi had taken from the victim company and provided to Hussain, authorities said.

PHOTO: Shutterstock