A 20-year-old Estonia man has pleaded guilty to stealing data on more than 1,300 U.S. military and government personnel and providing it to the Islamic State.
Ferizi’s goal was to “incite terrorist attacks,” the U.S. Department of Justice said on Wednesday.
Ferizi once led a hacking group called Kosova Hacker’s Security, or KHS, which claims to have defaced over 20,000 websites.
Last June he hacked into a U.S. Internet hosting company to steal the personnel data, which included addresses, telephone numbers and email logins.
Ferizi used an online account with the name “KHS”, which led the FBI to suspect his involvement. He also neglected to cover his tracks. When the FBI examined the hacked server, they found the IP address Ferizi had used to carry out his attack. The same IP address had been used to access his Facebook and Twitter accounts.
He was arrested in Malaysia last year and extradited to the U.S. for trial. He faces a maximum 25 years in prison.
The data he stole was passed to an ISIS member named Junaid Hussain, also a hacker. Hussain was later killed in an airstrike in Syria.
It's not the only time Ferizi supplied information to ISIS. Last April, he provided data on dozens of U.S., British and French citizens, by sending screenshots of their credit card information.
The DOJ called it the first case of its kind. Last year, the U.S. also jailed a 17-year-old from Virginia for using Twitter to provide financial support and recruitment help to ISIS.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.