A hacker named Ardit Ferizi confessed this week to stealing the information of scores of federal employees and soldiers, and sharing the information with the Islamic State, and now faces up to 25 years in prison.
Ferizi, a native Kosovar, pleaded guilty this week to providing material support for the Islamic State, and to, as the justice department puts it, "stealing the personally identifiable information of over 1,000 US service members and federal employees, and providing it to ISIL [also known as IS] with the understanding that they would incite terrorist attacks against those individuals."
Ferizi also goes by the pseudonym Th3Dir3ctorY, and has been billed a cyber terrorist by the FBI for his role in helping IS target assets in the American government.
A federal indictment of Ferizi reads that he provided the identities of the American soldiers and bureaucrats, via Twitter, to IS member Tariq Hamayun — aka Abu Muslim Al-Britani.
A hacking group affiliated with IS later posted the information, which they said contained "emails, passwords, names, phone numbers, and location information."
In a document published by IS' hacking division, the personal details of the federal employees is billed as a "kill list," according to an indictment filed in a Virginia court.
"We are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who will soon with the permission of Allah will strike at your necks in your own lands," the 30-page document reads.
The FBI believes that Hamanyun, under the Twitter handle @Muslim_Sniper_D, had also been in contact with the attackers who opened fire at a 2015 "Draw Mohammed Contest" in Texas. Hamanyun is believed to be based in Raqqa, the de facto capital of the self-proclaimed caliphate.
Initially, after Ferizi obtained access to the compromised server, he demanded two bitcoin — roughly $500 USD — in exchange for details about how he hacked the server. It is believed that he obtained the data on as many as 100,000 individuals, including credit card numbers and some information from social media accounts.
The hacker, who was arrested in Malaysia in 2015, billed himself as leader of the Kosova Hacker's Security. The 20 year-old's affiliation with IS has been relatively recent. He was previously affiliated with left-wing hacker groups, targeting online assets of the government of Israel for its occupation of Gaza; Greece, for its austerity agenda; and pre-Euromaidan Ukraine.
The majority of his work, however, had targeted the Serbian government.
The hacker told the Infosec Institute in 2013 that he had been involved with hacking operations since he was a pre-teen.
"Hacking is part of security, if you don't know hacking you don't know security. So if you want to be good at Cyber Security you need to know hacking," he told the institute.