Cybercrime , Fraud Management & Cybercrime , Standards, Regulations & Compliance
Hacker Blows Chance at Early Release by Hacking More
DOJ: Convicted Hacker Ardit Ferizi Faces Additional Criminal ChargesThe U.S. Department of Justice has charged Ardit Ferizi, a Kosovo citizen, with fraud and identity theft, accusing him of continuing to commit cybercrimes while he was behind bars serving a 20-year prison sentence for aiding Islamic terrorist groups.
Ferizi, 25, has been charged with one count of wire fraud and one count of aggravated identity theft related to a series of hacking attempts that he committed while incarcerated at the Federal Correctional Institute in Terre Haute, Indiana, the Justice Department says.
See Also: Ransomware Demystified: What Security Analysts Need to Know
"We allege Ferizi provided access to personal information of U.S. citizens, even as he was serving his prison sentence for providing similar information to ISIS," said David Anderson, the U.S. attorney for the Northern District of California. "Ferizi's alleged criminal conduct continued in prison notwithstanding his petition for an early prison release."
If convicted on both charges, Ferizi faces up to 22 years in prison and a $250,000 fine, the Justice Department says.
Prison Criminal Activity
At the time Ferizi allegedly committed these actions, he was serving a 20-year federal prison term after pleading guilty in 2016 to unauthorized access of computer information and providing material support to a foreign terrorist group by providing personally identifiable information of U.S. government personnel to the Islamic State of Iraq and ISIS, according to court documents.
Ferizi's sentence, however, was commuted in December 2020 to time served and 10 years of supervised release to be served in Kosovo after he was granted a compassionate release. As he was awaiting deportation to Kosovo, the FBI discovered new criminal activities that he had allegedly conducted during the previous two years while he had been in prison.
While incarcerated, Ferizi was allowed to send and receive email and make telephone calls, which were monitored by the U.S. Bureau of Prisons, the FBI says.
The FBI discovered through his communications that in 2017 and 2018, Ferizi had been involved in multiple fraudulent schemes conducted from his cell by coordinating with a family member who was operating his email accounts while Ferizi was in prison, court documents say.
During the investigation, the FBI found at least one email account that contained large databases of stolen personally identifiable information, extensive lists of stolen email accounts, partial credit card numbers, passwords and other confidential information. This data had been gathered by Ferizi during his previous criminal activity, according to the Justice Department.
"Based on an IP address resolving to Kosovo, login activity to Ferizi's other email accounts, and other investigative information, it was determined the family member downloaded the databases of stolen information to liquidate the proceeds of Ferizi's previous criminal hacking activity," the Justice Department says.
Previous Criminal Activity
In 2016, Ferizi accessed a database belonging to a U.S. e-commerce company and culled the personally identifiable information that belonged to about 1,300 U.S. military and other government employees, who were identified through their use of ".mil" and ".gov" email addresses, court documents say.
"Ferizi then knowingly provided that [personally identifiable information] to a Syria-based member of the Islamic State of Iraq and al-Sham named Junaid Hussain. At the time, Hussain served as a hacker, recruiter, and attack facilitator for ISIS," according to the documents.
Hussain published the data in August 2015 as part of a directive that ISIS supporters kill the named U.S. military members and other government employees. Hussain was subsequently killed in an airstrike, according to court documents.