This is the second time this week that the DoJ has made an announcement about the capture of a hacker and the closing down of a network. The first case involved a man from Moldova who ran the infamous Bugat botnet believed to be responsible for the theft of millions of dollars in the US as well as overseas. The UK believes the malware he distributed netted more than £20 million from UK bank accounts.
This second announcement concerns the arrest of Ardit Ferizi believed to be a Kovoso national. He is charged with supporting ISIL and distributing materials for a terrorist organisation, identity theft and hacking into US-based computers. He was arrested on Thursday by Malaysian authorities at the behest of the US who are now keen to have him extradited to stand trial.
Assistant Attorney General for National Security John P. Carlin, U.S. Attorney Dana J. Boente of the Eastern District of Virginia and Assistant Director in Charge Paul Abbate of the FBI’s Washington, D.C.’s Field Office held a press conference yesterday to announce the arrest and request for extradition.
The US in its complaint says that Ferizi aka Th3Dir3ctorY is: “the leader of a Kosovar internet hacking group called Kosova Hacker’s Security (KHS).” Ferizi is believe to have stolen the PII (Personally identifiable information) of thousands of individuals after hacking into the computers of an unnamed US company.
Support for ISIL and its terror campaign
The complaint also alleges that: “He then provided the PII of over 1,000 U.S. service members and federal employees to ISIL to be used against those employees.” It is unclear whether this hack is related to the recent attack on the Office of Personnel Management (OPM) where large volumes of data on US service members, government officials and members of the security services was stolen.
The indictment includes other claims of hacking related to terrorism the most prominent being:
“Between June and August 2015, Ferizi provided unlawfully obtained PII to ISIL member Junaid Hussain, aka Abu Hussain al-Britani. On Aug. 11, 2015, in the name of the Islamic State Hacking Division (ISHD), Hussain posted a tweet titled ‘NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!’ which contained a hyperlink to a 30-page document.
“That document stated, in part, that ‘we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!’
“The next 27 pages of the document contained the names, e-mail addresses, e-mail passwords, locations and phone numbers for approximately 1,351 U.S. military and other government personnel. This posting was intended to provide ISIL supporters in the United States and elsewhere with the PII belonging to the listed government employees for the purpose of encouraging terrorist attacks against those individuals.”
According to Assistant Attorney General Carlin: “Ardit Ferizi is a terrorist hacker who provided material support to ISIL by stealing the personally identifiable information of U.S. service members and federal employees and providing it to ISIL for use against those employees.
“This case is a first of its kind and, with these charges, we seek to hold Ferizi accountable for his theft of this information and his role in ISIL’s targeting of U.S. government employees. This arrest demonstrates our resolve to confront and disrupt ISIL’s efforts to target Americans, in whatever form and wherever they occur.”
These claims carry a maximum jail time of up to 35 years if Ferizi is convicted by a jury. It will be interesting to see how much additional information comes out during the trial of Ferizi’s hacking and whether the name of the US company from whom he stole the PII is disclosed.
This is the second successful cyber crime related announcement this week by the US DoJ and the FBI. Both will be feeling pleased that they have taken the leader of another hacking team off the streets. The challenge now is shutting down Ferizi’s network before he can be replaced.
What will worry CISO’s and IT security teams is that this is the second case where money and PII were stolen as a result of a cyber attack. It demonstrates the need for companies to step up their cyber security in order to protect the data of individuals. It doesn’t matter if it is cybercriminal or a cyber terrorist who steals the data, companies are legally liable for its protection.