A suspected ISIS hacker who's accused of leaking personal information on 1,000 U.S. military and government personnel has arrived in the U.S. to face charges on hacking and providing support to a terrorist organization. The stolen information included names, home addresses, email passwords, phone numbers and other details the federal government says could be used in an attack.
Ardit Ferizi, a 20-year-old Kosovo citizen, was detained in Malaysia in October at the request of U.S. officials, who allege he passed the data trove to known ISIS hacker Junaid Hussain. Hussein posted links to the information on Twitter before he was killed in an August 2015 drone strike. Ferizi made his first court appearance in Alexandria, Virginia Thursday.
“This case is a first of its kind and, with these charges, we seek to hold Ferizi accountable for his theft of this information and his role in ISIL's targeting of U.S. government employees,” Assistant Attorneye General John Carlin told the Washington Post.
The Department of Justice complaint accuses Ferizi of breaching an unnamed U.S. retailer company's systems and accessing data on 100,000 people. Of those, he identified roughly 1,351 military and other government employees. That list was forwarded to Hussain, the complaint says, who posted the data under the caption, “NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!”
At the time , mlitary officials and cybersecurity experts suggested the "breached" data may have been already available elsewhere.
Ferizi, who was studying computer science at the time of his arrest, is thought to be one member of a Kosovo hacking team known as Kosova's Hacker's Security, or KHS. The group has taken credit for over 20,000 attacks, including digital assaults on Interpol, IBM's cybersecurity research division and thousands of pro-Serbian government profiles, according to an expose in InfoSecInstitute.