The Ferizi Case: The First Man Charged with Cyber Terrorism

Pierluigi Paganini
March 9, 2016 by
Pierluigi Paganini

Who is Ardit Ferizi?

In October 2015, for the first time, the US Justice Department has charged a suspect for terrorism and hacking. The US Government has charged a hacker in Malaysia with stealing the data belonging to the US service members and passing it to the members of the ISIS with the intent to support them in arranging attacks against Western targets,

The man charged by the Justice Department is Ardit Ferizi, a citizen of Kosovo, who was detained in Malaysia on a U.S. provisional arrest warrant.

Top Security Awareness Posters

Top Security Awareness Posters

Download our collection of free posters and use them to keep security at the forefront of your employees' minds.

Ferizi comes from the Kosovo city of Gjakova, which has a large Albanian Catholic and spiritual Sufi population, in addition to its conventional Sunni Muslim.

According to the Reuters and other sources online, 100-200 Kosovars have joined ISIS, with 40 killed so far.

The case is considered a milestone in the fight against the terrorism online, in particular, the authorities are condemning the hacking practice conducted in support of terrorism operations, practically is it the first time that a man has charged with cyber terrorism.

Ardit Ferizi was arrested in September 2015, according to the US intelligence the man provided the data to the popular IS militant Junaid Hussain, which disclosed it on the web. According to the investigators, Hussain and Ferizi started their collaborations months before, in April 2015.

Data stolen by the Kosovan hacker included names, e-mail addresses, passwords, locations and phone numbers of 1,351 U.S. military and other government personnel. Ferizi is accused of doxing military personnel data with the specific intent to help the ISIS members to localize and hit the US soldiers.

"soldiers . . . will strike at your necks in your own lands!" Tweeted Hussain.

Hussain posted the data online spreading the news via Twitter:

"NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!"

The message included a link to a 30-page file containing the sensitive data.

"we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the [caliphate], who soon with the permission of Allah will strike at your necks in your own lands!" states a message included in the document.

The jihadist hacker Junaid Hussain was killed at the end of August 2015 in a US targeted air strike in Syria. The man was one of the most popular members of the ISIS organization; he is famous for its cyber abilities and his efforts in recruiting ISIL sympathizers in the West to carry out lone-wolf style attacks.

In March 2015, a cell of the ISIS has called on its members and backers in the US to kill 100 service members whose names, photos and addresses it posted online.

Figure 1 - US military data disclosed online

"Ardit Ferizi is a terrorist hacker who provided material support," said the Assistant Attorney General John Carlin. "This case is a first of its kind and, with these charges, we seek to hold Ferizi accountable for his theft of this information and his role in ISIL's targeting of U.S. government employees," Carlin said, using an acronym for the Islamic State.

Ferizi stole the data in June 2015 when the man hacked into a server used by an un-named U.S. online retail company and accessed data on about 100,000 people. The Kosovan hacker has chosen his target with the specific intent to gather information on US military personnel. Ferizi parsed the stolen data, discovering personal information of about 1,351 military and other government personnel.

According to the complaint filed in the Eastern District of Virginia by the FBI Special Agent Kevin M. Gallagher, Ferizi  acted "knowing that ISIL would use the [data] against the U.S. personnel, including to target the U.S. personnel for attacks and violence."

Ferizi was not alone; he operated as part of the hacking crew known as the Kosova Hacker's Security (KHS). The KHS team conducted numerous cyber attacks against organizations across the world; the group raided more than 20,000 websites and computers in Serbia, Greece, Ukraine, and other countries.

Figure 2 - KHS hacking manifesto

The list of victims includes the Serbian Government websites, Israeli websites under the #OpIsrael campaign, The Interpol, IBM Research, Hotmail, US National Weather Service Website and numerous targets in Ukraine.

In an interview released by "Th3 Dir3ctorY" (Ferizi used the online pseudonymous of "Th3Dir3ctorY") to the Infosec Institute, the hacker explained that the Kosova Hacker's Security was created to fight the Serbian country online.

"Kosovo people were violated from the Republic of Serbia. A war sparked between Serbia and Kosovo in 1999. They killed about more than 20, 000 people and raped more than 30, 000 women. Kosova Hacker's Security was created to fight the Serbian country in the Cyber World," answered Th3 Dir3ctorY.

The forensic analysis of the server hacked by the KHS when the military information was stolen confirmed that the hackers operated from a computer with an IP address located in Malaysia.

"The hacker of the online retailer in August had created a user account with the initials KHS, the complaint said. After a security official at the retailer deleted some of the hacker's files from the company's server, the company received a threatening message from someone calling himself "Albanian Hacker." When the FBI reviewed the company's server, agents tracked the intrusion to a computer with an Internet address in Malaysia, Gallagher said. Malaysian police, in a statement late Thursday, said that Ferizi would be extradited to the United States. It is unclear how long that will take." reported The Washington Post.

A few months later, the former computer science student Ardit Ferizi was extradited in the US to face charges.

The 20-year-old Ardit Ferizi was the subject of extradition from the Malaysian government, where he lived.

He is being tried in the US Eastern District Court in Virginia and if the accusation from the US Department of Justice is confirmed he risks 35 years of imprisonment. This is the first case that a terrorist hacker is extradited to the US.

Figure 3 - Court Order Ferizi's case

Figure 4 - Ferizi's Twitter account

At the end of January 2016, Ferizi appeared in federal court in Alexandria, the U.S. prosecutors confirmed that Ferizi had earlier contacted another member of the ISIS from Britain, Tariq Hamayun, also known as "Abu Muslim Al-Britani."

Hamayun asked Ferizi to travel to ISIS territory, but the young hacker never reached him, it seems that Ferizi also passed American credit card information to the terrorist organization.

The U.S. federal complaint added that Hamayun was using a Twitter account that is believed to have also been accessed by Elton Simpson, one of two shooters who participated in the assault at the "Draw Muhammad" event in Texas on May 3, 2015, and that were killed by law enforcement.

The federal complaint describes Ferizi as an ambitious and skilled hacker, he was planning the development of software that would prevent their online propaganda from being deleted.

The young hacker is facing four counts of hacking into the online sales company's server with the specific malicious intent to assist the activities of the ISIS collective, extortion, and identity theft.

Cyber terrorism cases

Cyber terrorism is a controversial term; we recognize an operation on the Internet as an act of cyber terrorism when threat actors deliberately launch a cyber assault on a large-scale with the intent to cause disruption.

In other cases, the attackers could target computer systems with the purpose of creating alarm and panic.

Cyber terrorism is also used to reference hacking campaign with political or ideological motivations.

Cyber terrorism is not a novelty for law enforcement worldwide, searching on the internet it is possible to find several cases.

One of the first cases occurred in 2004; the alleged WebTV 911 hacker was charged with cyber terrorism under the Patriot Act.

The FBI agents arrested David Jeansonne, 43, for tricking a handful of MSN TV users into running a malicious e-mail attachment that reprogrammed their set-top boxes to dial 9-1-1 emergency response.

According to prosecutors, in July 2002, Jeansonne targeted 18 specific MSN TV users when he developed a specifically crafted script and sent it out disguised as a tool to change the colors on MSN TV's user interface. Personally, I consider this case, simply an ordinary computer crime.


Another example of cyber terrorism is the case of U.S. v. Mitra. In 2003, Rajib K. Mitra attacked a police emergency radio system. In a first time, US authorities investigated Mitra's attack as a violation of Wisconsin state law, but, ultimately, they consider the act as an attack on a critical infrastructure of the country. The case was prosecuted under the Computer Fraud and Abuse Act federal law and Mitra convicted on March 12, 2004, and later sentenced to 96 months imprisonment.

The above cases are not related to a terror organization like the ISIL or Al Qaeda, but in other countries, individuals have been already charged with cyber terrorism for supporting terror organizations or radical groups.

In December 2014, Mehdi Masroor Biswas was offering support to the ISIS spreading propaganda message on Twitter. Biswas has been charged under IPC section 125, which deals with waging war against the Indian government or its allies, he has also been charged with sections 18 and 39 of the Unlawful Activities (Prevention) Act and section 66(F) of the IT Act, which deals with conspiracy and cyber-terrorism.

The Ferizi's case is the first one in which the US Government charged an individual with cyber terrorism.


See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Pierluigi Paganini
Pierluigi Paganini

Pierluigi is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, member of Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation, Professor and Director of the Master in Cyber Security at the Link Campus University. He is also a Security Evangelist, Security Analyst and Freelance Writer.

Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.

Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.