Kosovan pleads guilty to hacking for ISIS

Islamic State (ISIS) already has a reputation for online media savvy in recruiting and spreading propaganda, but in recent months, the terror group has ramped up its cyber skill set to include computer hacking.

Today, Kosovo citizen Ardit Ferizi pleaded guilty to hacking on behalf of ISIS. Prosecutors say Ferizi broke into the records of a private database and handed over names, email passwords, and phone numbers for more than 1,300 U.S. military service members to the Islamic terror group.

Malaysian officials detained the 20-year old Kosovan hacker, who operated under the online moniker “Th3DirctorY,” in September. Local police said Ferizi moved to Kuala Lumpur just one month earlier to study forensics and computer science.

Last summer, Ferizi allegedly provided the hacked data to Junaid Hussain, also known as Abu Hussain al-Britani, a British hacker considered the most prominent cyber expert to join ISIS. In August, Hussain published Ferizi’s information in a triumphant tweet claiming the U.S. military and government had been effectively hacked by ISIS. The post linked to a 30-page document with a menacing header.

“We are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the [Caliphate], who soon with the permission of Allah will strike at your necks in your own lands,” the document boasted.

Less than three weeks later, Hussain died in a U.S. airstrike in Syria.

Some analysts argued the Twitter threat was overblown, saying Ferizi accessed mostly outdated information.

“To date, the [hacking] attacks attributed or believed to be conducted by ISIS have been embarrassing, but not necessarily complex or sophisticated,” said Christopher Ahlberg, chief executive and co-founder of Recorded Future, a cyber threat intelligence group.

But others warn ISIS is just getting started on its cyber-attack strategy.

“[ISIS] has been recruiting hackers for some time now,” JM Berger, who co-authored Isis: The State of Terror, told the Guardian. “Activity targeting the West is just part of their portfolio. They’re also responsible for maintaining internet access in [ISIS] territories, for instance, and for instructing members on security.”

According to an FBI affidavit, Ferizi led a group of ethnic Albanian hackers known as Kosova Hacker’s Security (KHS), which had reportedly hacked 20,000 websites, including such high-profile domains as IBM and Interpol. A criminal complaint filed against KHS claims the group hacked websites in Serbia, Greece, Ukraine, and Israel, and is responsible for the theft of more than 7,000 Israeli credit card numbers.

Ferizi faces up to 25 years in prison when he is sentenced in September.