Hacker Arrested For Allegedly Stealing Information On U.S. Military Members For ISIS "Kill List"

Ardit Ferizi, a Kosovan man, was detained in Malaysia, and the U.S. will seek to extradite him for trial.

A man from Kosovo was arrested in Malaysia after allegedly hacking into an online retailer's database and targeting the personal information of U.S. military members for ISIS.

The Department of Justice is seeking to extradite Ardit Ferizi, who had been living in Malaysia, where he was detained by local authorities. On Thursday, the criminal complaint was unsealed.

According to the FBI, Ferizi provided personal information of more than 1,000 U.S. military service members and government workers — including emails, passwords, names, phone numbers, and location information — to two members of ISIS earlier this year. The information was published Aug. 11 as a list under the authority of the "Islamic State Hacking Division" for the purpose of promoting terrorist attacks against the identified individuals, the FBI alleged.

The FBI described Ferizi as attending a Malaysian university and living in the country on a student visa. Officials said he is expected to be extradited and stand trial in Virginia. If convicted, he could face up to 35 years in prison.

On Twitter, Ferizi went by @Th3Dir3ctorY and described himself as "owner of Kosova Hacker's Security." The group was comprised of ethnic Albanians who would hack into private and government websites in Israel, Serbia, Greece, and Ukraine, the FBI said.

According to an InfoSec Institute article, @Th3Dir3ctorY was involved in posting the credit card information of thousands of Israelis, as well as compromising Hotmail's servers in 2011.

On June 13, the FBI said Ferizi accessed a server belonging to an internet hosting company that maintained the website of an unidentified U.S. retailer that sells to customers in multiple states. Ferizi collected the personal information of 100,000 people, the FBI said, and he went on to provide to ISIS the information of 1,351 members of the U.S. military and other government personnel.

That information was published in a 30-page document online, and a member of ISIS linked to it on Twitter, the FBI said.

"We are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khalifa, who soon with the permission of Allah will strike at your necks in your own lands!" the document stated.

On Aug. 13, an employee of the hacked company informed the FBI that an unauthorized account had access to customer information. The account was named KHS, which the FBI guessed referred to Ferizi's "Kosova Hacker's Security."

Several days later, the company received an email from khs-crew@live.com, threatening the company for deleting the hacker's files. The email was signed "an Albanian Hacker."

"[If] you do this again i will publish every client on this Server!" the message read. "Please don't make the same mistake again because bad things will happen to you!"

In a follow-up exchange, another message asked for Bitcoins in exchange for giving up server access.

The FBI connected the IP address where the attack originated to the same one that accessed Ferizi's Twitter account. In September, Ferizi additionally sent himself via Facebook a .csv file that contained most of the email addresses previously published by ISIS.



Skip to footer