A 20-year-old Kosovo man arrested last year in Malaysia for hacking into a database and providing names of more than 1,000 U.S. government and military workers as potential targets for the Islamic State group received 20 years in prison at his sentencing.
Ardit Ferizi ended up sentenced last Friday in federal court in Alexandria, VA. Earlier this year, he became the first person convicted in the U.S. of computer hacking and terrorism charges.
Ferizi offered ISIS the hacked data “with the understanding that ISIL would use the [personally identifiable information] to ‘hit them hard,’ ” according to the Department of Justice (DoJ). ISIL is an alternative acronym for the Islamic State group.
This was the first time a hacker had been prosecuted on charges of terrorism, said Assistant Attorney General John Carlin.
“Ferizi admitted to stealing the personally identifiable information of over 1,000 U.S. service members and federal employees and providing it to [ISIS] with the understanding that they would incite terrorist attacks against those individuals,” Carlin said after the guilty plea was entered. “The case against Ferizi is the first of its kind, representing the nexus of the terror and cyberthreats.”
Ferizi hacked into an online retailer’s database in June 2015 and stole records on more than 100,000 customers, according to the indictment unsealed last October. From those records, he was able to cull personally identifiable information on 1,351 federal employees and active military personnel.
Ferizi provided this information to members of ISIS in August 2015; ISIS militants then posted the information online with a call for members to take action against those people, including perpetrating fraud using their personal information, as well as physical attacks.
Prosecutors sought the maximum sentence of 25 years. Defense lawyers said Ferizi meant no real harm and asked for a six-year sentence.