An Isis-linked hacker, who stole "personally identifiable information" (PII) of thousands of US military and government personnel, has been sentenced to 20 years in prison. Twenty-year-old Kosovo citizen Ardit Ferizi, who went by the pseudonym Th3Dir3ctorY, was sentenced for "providing support" to the Islamic State (Isis) and for "accessing a protected computer without authorization and obtaining information in order to provide material support to ISIL".
According to court documents, Ferizi first began supporting IS (Daesh) in April 2015, when he provided support to the extremist group by administrating a website called Penvid.com, which hosted IS propaganda videos. During this time Ferizi received numerous messages on Twitter criticising IS, to which he frequently responded defending the terror group. In one instance, when faced with criticism about the now-executed beheader Jihadi John, he tweeted that the group "never kill [sic] someone without reason".
On or about 13 June 2015, the hacker admitted to have gained "administrator-level access" to the server of a US-based firm, which contained databases with personal information of thousands of the company's clients, including US military and government personnel.
"He subsequently culled the PII belonging to United States military members and other government personnel, which totaled approximately 1,300 individuals. That same day, on June 13, 2015, Ferizi admitted that he provided the PII belonging to the 1,300 United States military members and government personnel to Junaid Hussain, aka Abu Hussain al-Britani, a now-deceased member of ISIL," The US DOJ (Department of Justice) said in an announcement.
Around the same time, an IS hacker group called Islamic State Hacking Division (ISHD), which was believed to be the brainchild of British jihadi Junaid Hussain, leaked the names and personal information of around 100 US military personnel and their families online. Ferzi also sent identifiable information of people living in the US and other western countries to a Syria-based associate of Hussain called Tariq Hamayun.
ISHD also dumped a document containing the information provided by Ferizi on Twitter, which read "we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!"
According to Ferizi's lawyer, the information provided included "names, email addresses, passwords, some phone numbers, and some general locations" and was meant to be used for propaganda. The hacker's lawyer argued that "this information was neither directed at one individual or a group of individuals, nor specific enough to reveal the address, workplace, or location of any of the individuals whose names were revealed."
However, according to US authorities, "The defendant's knowledge of what ISIL would use the information for is evidenced by the information itself and by ISIL's previous use of that type of information: to disseminate a kill list."
According to the DOJ, Ferizi was detained by Malaysian authorities in September 2015 when he was caught trying to flee. He was subsequently arrested by officials in Malaysia in October 2015 and was extradited to the US in January 2016.