Fed employee, service member IDs hacked, given to ISIS
- By Mark Rockwell
- Oct 16, 2015
U.S. law enforcement officials want to extradite a Kosovo citizen living in Malaysia who allegedly stole personal information on more than 1,000 U.S. service members and federal employees and gave it to Islamic State militants.
Authorities in Malaysia have detained Ardit Ferizi on a U.S. provisional arrest warrant alleging that he provided material support to the Islamic State and committed computer hacking and identity theft violations, including theft and release of personally identifiable information.
U.S. officials said the hacking charges, coupled with the act of physically targeting individuals using it, were unprecedented.
"This case is a first of its kind, and with these charges, we seek to hold Ferizi accountable for his theft of this information and his role in [Islamic State's] targeting of U.S. government employees," said John Carlin, assistant attorney general for national security.
In a 23-page criminal complaint unsealed on Oct. 15 by the U.S. Attorney's Office for the Eastern District of Virginia, the FBI alleges that Ferizi, under his Twitter handle and hacking pseudonym Th3Dir3ctorY, hacked into the computer system of an unnamed U.S. company and stole information on 100,000 people, including 1,351 service members and federal employees.
Ferizi is alleged to be the leader of the Kosova Hacker's Security group, which has taken credit for a number of high-profile infiltrations of state and commercial systems. Ferizi had allegedly communicated on Twitter with Islamic State leader Junaid Hussain, a British-born hacker who was killed in a U.S. air strike in August. Hussain, better known by his nom de guerre Abu Hussain Al-Britani, had posted a "kill list" in March purporting to contain personal information on 100 U.S. service members.
On Aug, 11, Hussain posted the new information on the web and tweeted: "NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!"
The stolen data was intended to provide the group's supporters in the U.S. and elsewhere with background information for conducting terrorist attacks against those individuals, according to U.S. officials.
The company that owned the infiltrated data was not identified in the complaint. It is not clear whether the server was used by a government or military contractor. The complaint said the compromised server was located in Phoenix and leased exclusively by the company from a hosting service.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.