Malaysian authorities have arrested a hacker from Kosovo who allegedly provided the Islamic State of Iraq and Greater Syria with the private information of more than a thousand U.S. security officials, according to a statement released by the U.S. Department of Justice on Thursday night.
The suspect, 20-year-old Ardit Ferizi, was living in Kuala Lumpur, where he had been studying computer science and forensics since August 2014. Officials believe that he led a Kosovar hacking group called Kosovar Hackers Security (KHS), which knew him by the moniker Th3Dir3ctorY.
Between June and August, the Department of Justice said, Ferizi gave Junaid Hussein, a prominent ISIS leader in Syria originally from the U.K., an unspecified volume of personal data he obtained by hacking a U.S. government server based in Phoenix. On Aug. 11, Hussein — who died in an air strike in the city of Raqqah later that month, according to an affidavit — publicly shared a definitive 30-page document that listed the names, e-mail addresses and passwords, locations, and phone numbers of 1,351 U.S. military and government personnel.
The document’s target audience was allegedly ISIS supporters in the U.S. who could use its information to locate and attack the individuals listed.
“We are in your emails and computer systems, watching and recording your every move,” the document began. “We have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!”
The case, U.S. Assistant Attorney General John Carlin said, is “a first of its kind.” Malaysian police told Reuters that they would extradite Ferizi to the U.S., where he faces up to 35 years in prison if convicted.