ISIL-Linked Hacker Pleads Guilty to Providing Material Support
Ardit Ferizi, aka Th3Dir3ctorY, 20, a citizen of Kosovo, pleaded guilty today before U.S. District Judge Leonie M. Brinkemaof the Eastern District of Virginia to providing material support to the Islamic State of Iraq and the Levant (ISIL), a designated foreign terrorist organization, and accessing a protected computer without authorization and obtaining information.
Assistant Attorney General for National Security John P. Carlin, U.S. Attorney Dana J. Boente of the Eastern District of Virginia, Assistant Director in Charge Paul M. Abbate of the FBI’s Washington Field Office and Special Agent in Charge Michelle S. Klimt of the FBI’s Jacksonville, Florida, Division made the announcement.
“Ferizi admitted to stealing the personally identifiable information of over 1,000 U.S. servicemembers and federal employees, and providing it to ISIL with the understanding that they would incite terrorist attacks against those individuals,” said Assistant Attorney General Carlin. “The case against Ferizi is the first of its kind, representing the nexus of the terror and cyber threats. The National Security Division will continue to use an all-tools approach to combat this ever-evolving blended threat, and we will identify, disrupt and prosecute any individual who provides material support to ISIL, no matter how they do so.”
“Ferizi endangered the lives of over 1,000 Americans,” said U.S. Attorney Boente. “Cyber terrorism has become an increasingly prevalent and serious threat here in America, both to individuals and businesses. However, cyber terrorist are no different from other terrorists: No matter where they hide, we will track them down and seek to bring them to the United States to face justice.”
“Ardit Ferizi launched a cyberattack to gain access to the identities of U.S. military personnel, which he shared with members of ISIL in an attempt to incite terror attacks,” said Assistant Director in Charge Abbate. “No matter how a person supports a terrorist group like ISIL, whether on the battlefield or in the cyber world, the FBI will identify, disrupt and bring them to justice for placing lives at risk.”
“This case demonstrates the importance of strong partnerships with law enforcement agencies worldwide,” said Special Agent in Charge Michelle S. Klimt. “Cybercrime knows no boundaries and our efforts to dismantle these operations would be impossible without international collaboration. The FBI will continue to vigorously investigate these crimes and work with our international partners to track down and arrest those who steal from our nation and citizens.”
Ferizi, who was detained by Malaysian authorities on a provisional arrest warrant on behalf of the United States, was charged by criminal complaint on Oct. 6, 2015. The criminal complaint was unsealed on Oct. 15, 2015. Ferizi subsequently waived extradition.
Ferizi admitted that on or about June 13, 2015, he gained administrator-level access to a server that maintained the website of a victim company located in the United States, which also contained databases with personally identifiable information (PII) belonging to tens of thousands of the victim company’s customers. Between June and August 2015, Ferizi provided unlawfully-obtained PII to ISIL member Junaid Hussain, aka Abu Hussain al-Britani, he admitted. According to the statement of facts, on Aug. 11, 2015, in the name of the Islamic State Hacking Division (ISHD), Hussain posted a tweet that contained a document with the PII of approximately 1,300 U.S. military and other personnel that Ferizi had taken from the victim company and provided to Hussain. The document stated, in part, that “we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!” Ferizi admitted that he provided the PII to ISIL with the understanding that ISIL would use the PII to “hit them hard.”
At sentencing on Sept. 16, 2016, Ferizi faces a maximum sentence of 20 years in prison for providing material support to ISIL and a maximum sentence of five years for accessing a protected computer without authorization and obtaining information. The maximum statutory sentence is prescribed by Congress and is provided here for informational purposes, as the sentencing of the defendant will be determined by the court based on the advisory sentencing guidelines and other statutory factors. As part of the plea, Ferizi also agreed to a stipulated order of removal to Kosovo, his country of citizenship, upon completion of his criminal sentence.
The FBI’s Washington Field Office and Jacksonville Division investigated the case. The case is being prosecuted by Special Assistant U.S. Attorney Brandon Van Grack of the Eastern District of Virginia and Trial Attorney Gregory Gonzalez of the National Security Division’s (NSD) Counterterrorism Section, with assistance from Trial Attorney Vincent A. Citro of NSD’s Counterterrorism Section and Trial Attorney Matthew Walczewski of NSD’s Counterintelligence and Export Control Section. The Malaysian authorities and the Justice Department’s Office of International Affairs also provided significant assistance.