Who is Ardit Ferizi?
In October 2015, for the first time, the US Justice Department has
charged a suspect for terrorism and hacking. The US Government has
charged a hacker in Malaysia with stealing the data belonging to the US
service members and passing it to the members of the ISIS with the
intent to support them in arranging attacks against Western targets,
The man charged by the Justice Department is Ardit Ferizi, a citizen
of Kosovo, who was detained in Malaysia on a U.S. provisional arrest
warrant.
Ferizi comes from the Kosovo city of Gjakova, which has a large
Albanian Catholic and spiritual Sufi population, in addition to its
conventional Sunni Muslim.
According to the Reuters and other sources online, 100-200 Kosovars have joined ISIS, with 40 killed so far.
The case is considered a milestone in the fight against the terrorism
online, in particular, the authorities are condemning the hacking
practice conducted in support of terrorism operations, practically is it
the first time that a man has charged with cyber terrorism.
Ardit Ferizi was arrested in September 2015, according to the US
intelligence the man provided the data to the popular IS militant Junaid Hussain,
which disclosed it on the web. According to the investigators, Hussain
and Ferizi started their collaborations months before, in April 2015.
Data stolen by the Kosovan hacker included names, e-mail addresses, passwords, locations and phone numbers of 1,351 U.S. military and other government personnel.
Ferizi is accused of doxing military personnel data with the specific
intent to help the ISIS members to localize and hit the US soldiers.
“soldiers . . . will strike at your necks in your own lands!” Tweeted Hussain.
Hussain posted the data online spreading the news via Twitter:
“NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!”
The message included a link to a 30-page file containing the sensitive data.
“we are in your emails and computer systems, watching and
recording your every move, we have your names and addresses, we are in
your emails and social media accounts, we are extracting confidential
data and passing on your personal information to the soldiers of the
[caliphate], who soon with the permission of Allah will strike at your
necks in your own lands!” states a message included in the document.
The jihadist hacker Junaid Hussain was killed at
the end of August 2015 in a US targeted air strike in Syria. The man
was one of the most popular members of the ISIS organization; he is
famous for its cyber abilities and his efforts in recruiting ISIL sympathizers in the West to carry out lone-wolf style attacks.
In March 2015, a cell of the ISIS has called on its members and
backers in the US to kill 100 service members whose names, photos and
addresses it posted online.
Figure 1 – US military data disclosed online
“Ardit Ferizi is a terrorist hacker who provided material
support,” said the Assistant Attorney General John Carlin. “This case is
a first of its kind and, with these charges, we seek to hold Ferizi
accountable for his theft of this information and his role in ISIL’s
targeting of U.S. government employees,” Carlin said, using an acronym for the Islamic State.
Ferizi stole the data in June 2015 when the man hacked into a server
used by an un-named U.S. online retail company and accessed data on
about 100,000 people. The Kosovan hacker has chosen his target with the
specific intent to gather information on US military personnel. Ferizi
parsed the stolen data, discovering personal information of about 1,351
military and other government personnel.
According to the complaint filed in the Eastern District of Virginia by the FBI Special Agent Kevin M. Gallagher, Ferizi acted “knowing
that ISIL would use the [data] against the U.S. personnel, including to
target the U.S. personnel for attacks and violence.”
Ferizi was not alone; he operated as part of the hacking crew known
as the Kosova Hacker’s Security (KHS). The KHS team conducted numerous
cyber attacks against organizations across the world; the group raided
more than 20,000 websites and computers in Serbia, Greece, Ukraine, and
other countries.
Figure 2 – KHS hacking manifesto
The list of victims includes the Serbian Government websites, Israeli websites under the #OpIsrael campaign, The Interpol, IBM Research, Hotmail, US National Weather Service Website and numerous targets in Ukraine.
In an interview released by “Th3 Dir3ctorY” (Ferizi used the online
pseudonymous of “Th3Dir3ctorY”) to the Infosec Institute, the hacker
explained that the Kosova Hacker’s Security was created to fight the
Serbian country online.
“Kosovo people were violated from the Republic of Serbia. A war
sparked between Serbia and Kosovo in 1999. They killed about more than
20, 000 people and raped more than 30, 000 women. Kosova Hacker’s
Security was created to fight the Serbian country in the Cyber World,” answered Th3 Dir3ctorY.
The forensic analysis of the server hacked by the KHS when the
military information was stolen confirmed that the hackers operated from
a computer with an IP address located in Malaysia.
“The hacker of the online retailer in August had created a user
account with the initials KHS, the complaint said. After a security
official at the retailer deleted some of the hacker’s files from the
company’s server, the company received a threatening message from
someone calling himself “Albanian Hacker.” When the FBI reviewed the
company’s server, agents tracked the intrusion to a computer with an
Internet address in Malaysia, Gallagher said. Malaysian police, in a
statement late Thursday, said that Ferizi would be extradited to the
United States. It is unclear how long that will take.” reported The Washington Post.
A few months later, the former computer science student Ardit Ferizi was extradited in the US to face charges.
The 20-year-old Ardit Ferizi was the subject of extradition from the Malaysian government, where he lived.
He is being tried in the US Eastern District Court in Virginia and if
the accusation from the US Department of Justice is confirmed he risks
35 years of imprisonment. This is the first case that a terrorist hacker
is extradited to the US.
Figure 3 – Court Order Ferizi’s case
Figure 4 – Ferizi’s Twitter account
At the end of January 2016, Ferizi appeared in
federal court in Alexandria, the U.S. prosecutors confirmed that Ferizi
had earlier contacted another member of the ISIS from Britain, Tariq
Hamayun, also known as “Abu Muslim Al-Britani.”
Hamayun asked Ferizi to travel to ISIS territory, but the young
hacker never reached him, it seems that Ferizi also passed American
credit card information to the terrorist organization.
The U.S. federal complaint added that Hamayun was using a Twitter
account that is believed to have also been accessed by Elton Simpson,
one of two shooters who participated in the assault at the “Draw
Muhammad” event in Texas on May 3, 2015, and that were killed by law
enforcement.
The federal complaint describes Ferizi as an ambitious and skilled
hacker, he was planning the development of software that would prevent
their online propaganda from being deleted.
The young hacker is facing four counts of hacking into the online
sales company’s server with the specific malicious intent to assist the
activities of the ISIS collective, extortion, and identity theft.
Cyber terrorism cases
Cyber terrorism is a controversial term; we recognize an operation on
the Internet as an act of cyber terrorism when threat actors
deliberately launch a cyber assault on a large-scale with the intent to
cause disruption.
In other cases, the attackers could target computer systems with the purpose of creating alarm and panic.
Cyber terrorism is also used to reference hacking campaign with political or ideological motivations.
Cyber terrorism is not a novelty for law enforcement worldwide, searching on the internet it is possible to find several cases.
One of the first cases occurred in 2004; the alleged WebTV 911 hacker was charged with cyber terrorism under the Patriot Act.
The FBI agents arrested David Jeansonne, 43, for tricking a handful
of MSN TV users into running a malicious e-mail attachment that
reprogrammed their set-top boxes to dial 9-1-1 emergency response.
According to prosecutors, in July 2002, Jeansonne targeted 18
specific MSN TV users when he developed a specifically crafted script
and sent it out disguised as a tool to change the colors on MSN TV’s
user interface. Personally, I consider this case, simply an ordinary
computer crime.
Another example of cyber terrorism is the case of U.S. v. Mitra. In
2003, Rajib K. Mitra attacked a police emergency radio system. In a
first time, US authorities investigated Mitra’s attack as a violation of
Wisconsin state law, but, ultimately, they consider the act as an
attack on a critical infrastructure of the country. The case was
prosecuted under the Computer Fraud and Abuse Act federal law and Mitra
convicted on March 12, 2004, and later sentenced to 96 months
imprisonment.
The above cases are not related to a terror organization like the
ISIL or Al Qaeda, but in other countries, individuals have been already
charged with cyber terrorism for supporting terror organizations or
radical groups.
In December 2014, Mehdi Masroor Biswas
was offering support to the ISIS spreading propaganda message on
Twitter. Biswas has been charged under IPC section 125, which deals with
waging war against the Indian government or its allies, he has also
been charged with sections 18 and 39 of the Unlawful Activities
(Prevention) Act and section 66(F) of the IT Act, which deals with
conspiracy and cyber-terrorism.
The Ferizi’s case is the first one in which the US Government charged an individual with cyber terrorism.