Cybersecurity
U.S. law enforcement officials want to extradite a Kosovo citizen living in Malaysia who allegedly stole personal information on more than 1,000 U.S. service members and federal employees and gave it to Islamic State militants.
Authorities in Malaysia have detained Ardit Ferizi on a U.S. provisional arrest warrant alleging that he provided material support to the Islamic State and committed computer hacking and identity theft violations, including theft and release of personally identifiable information.
U.S. officials said the hacking charges, coupled with the act of physically targeting individuals using it, were unprecedented.
"This case is a first of its kind, and with these charges, we seek to hold Ferizi accountable for his theft of this information and his role in [Islamic State's] targeting of U.S. government employees," said John Carlin, assistant attorney general for national security.
In a 23-page criminal complaint unsealed on Oct. 15 by the U.S. Attorney's Office for the Eastern District of Virginia, the FBI alleges that Ferizi, under his Twitter handle and hacking pseudonym Th3Dir3ctorY, hacked into the computer system of an unnamed U.S. company and stole information on 100,000 people, including 1,351 service members and federal employees.
Ferizi is alleged to be the leader of the Kosova Hacker's Security group, which has taken credit for a number of high-profile infiltrations of state and commercial systems. Ferizi had allegedly communicated on Twitter with Islamic State leader Junaid Hussain, a British-born hacker who was killed in a U.S. air strike in August. Hussain, better known by his nom de guerre Abu Hussain Al-Britani, had posted a "kill list" in March purporting to contain personal information on 100 U.S. service members.
On Aug, 11, Hussain posted the new information on the web and tweeted: "NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!"
The stolen data was intended to provide the group's supporters in the U.S. and elsewhere with background information for conducting terrorist attacks against those individuals, according to U.S. officials.
The company that owned the infiltrated data was not identified in the complaint. It is not clear whether the server was used by a government or military contractor. The complaint said the compromised server was located in Phoenix and leased exclusively by the company from a hosting service.
About the Author
Mark Rockwell is a staff writer covering acquisition, procurement and homeland security. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.