First U.S. Terror Hacking Case Puts Kosovar ISIS Supporter on Trial in Virginia
by Stephen Schwartz
Ardit Ferizi, 20, appeared in federal court in Alexandria at the end of January, in what may be the first legal case in the United States involving terrorism and computer hacking. The proceeding shows how a simple network of operatives and computers is used by the so-called "Islamic State" (ISIS) in their global jihad. Ferizi is charged with assisting the terrorist force by hacking into a U.S.-based computer and stealing "personally identifiable" information on 100,000 Americans, including more than 1,300 military and government personnel, whom ISIS named publicly and urged its followers to attack.
Ferizi, a citizen of the Kosova Republic, has been assigned a public defender and an Albanian-language translator by the court. He was arrested in September 2015 in Malaysia and extradited to the United States in January, with his first court date on January 28. He had traveled to Malaysia in 2014 and was studying computer science and forensics in Kuala Lumpur, according to Radio Television Kosova (RTK). The U.S. indictment placed him at Limkokwing University of Creative Technology, an enterprise with facilities in Africa, Asia, and Britain.
He turned over 1,351 American names he had selected for malign attention to a British subject and ISIS hacker named Junaid Hussain, alias "Abu Hussain Al-Britani." Hussain, according to the federal charge against Ferizi, posted the names, email addresses, passwords, and telephone numbers of the targets on August 11, 2015, in a tweet titled "NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!"
The message contained a hyperlink to a 30-page file. That document warned, "we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the [caliphate], who soon with the permission of Allah will strike at your necks in your own lands!"
Hussain was killed in a drone strike in Raqqah, the ISIS "capital" in Syria, in August 2015. Computers used by the ISIS hackers were located in Raqqah. Previously, Hussain had compromised the social media accounts of the U.S. Army's Central Command (CENTCOM), according to American authorities.
U.S. prosecutors say Ferizi had earlier contacted another ISIS figure from Britain, Tariq Hamayun, known as "Abu Muslim Al-Britani." Ferizi had further, it seems, handed over credit card information on Americans to ISIS. Hamayun, now 37, is believed by U.S. authorities to be a former automobile mechanic who fought for the Taliban in Afghanistan and Pakistan before joining ISIS. Hamayun urged Ferizi to travel to ISIS territory but the Kosovar hacker remained in Malaysia until his arrest and transfer to the U.S.
Ferizi used Twitter extensively to advertise the activities of his entity, which he called "Kosova Hackers' Security" (KHS). According to the U.S. investigation, Ferizi and KHS raided 20,000 websites and computers in Serbia, Greece, Ukraine, and other countries. Ferizi shut down, allegedly, the Interpol site in France for two days, and penetrated IBM's research division in Somers, N.Y. The U.S. complaint additionally describes hacking of Microsoft's Hotmail service and 7,000 Israeli credit cards.
Ferizi boasted of his exploits in a public-access interview with the Infosec Institute, which researches hackers and their organizations, and on a Facebook page.
The U.S. federal complaint describes ISIS functionary Tariq Hamayun using a Twitter account that is believed to have been accessed by Elton Simpson, one of two men who assaulted a "Draw Muhammad" event in Texas on May 3, 2015, and were killed by law enforcement.
According to the federal complaint, the 20-year old Ferizi was an ambitious hacker. He promised ISIS he could build a program that would prevent their online propaganda from being deleted. This claim followed the removal of tweets linking to images of beheadings of Christians and Kurdish fighters. He hacked into a protected hosting server in Phoenix used by an online sales company left unnamed in the federal legal document, stealing his basic trove of 100,000 identities.
Ferizi then demanded the online sales company transfer two bitcoins in online money to him as a payment to cease his interference with their server and to explain how the hacking had worked to their information officer. At that time, according to the U.S. government, two bitcoins were worth approximately $500. The company reported the intrusion to the FBI.
Facing four counts of hacking into the online sales company's server to assist ISIS, extortion, and identity theft, Ferizi could be sentenced to a maximum of 35 years in prison, according to the Justice Department.
When Ferizi was detained in Malaysia last October, Reuters reported that he had been arrested and released by Kosova Police, to whom he was well-known, before his departure for Southeast Asia. He was questioned specifically about hacking websites in Kosova, including that of the daily news portal Express, which has been outspoken in its opposition to radical Islamist infiltration in the Balkan republic. Reuters stated that Ferizi hacked Express in 2009, when Kosova underwent a wave of tumultuous confrontations between Muslim extremists and traditional local moderates.
Express CEO Berat Buzhala said Ferizi taunted him by sending real-time images from security cameras all over Kosova, including at its international airport in the capital, Prishtina. Buzhala said he had informed the police and the American Embassy of the problem.
Ferizi comes from the western Kosova city of Gjakova, which has a large Albanian Catholic and spiritual Sufi population, in addition to its conventional Sunni Muslim and nonreligious inhabitants. Kosova has criminalized participation in jihad, threatening those who fight abroad with prison terms of as much as 15 years. Reuters and other sources estimate that 100-200 Kosovars have joined ISIS, with 40 killed so far.