According to a press release from the US Attorneys Office in the Eastern District of Virginia, a malevolent hacker associated with the Islamic State (also called ISIL or ISIS) has received 20 years in US prison for activities conducted last summer.
Officials acquired extradition of the Kosovo citizen named Ardit Ferizi, alleging that he, then around the age of 19 and going under the handle Th3Dir3ctorY, had illegally accessed the database of a US firm and from it extrapolated personally identifiable information of around 1,300 US military personnel in June of 2015. Ferizi then subsequently leaked the data via Twitter with a message which included the following onerous statement:
We are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the Khilafah, who soon with the permission of Allah will strike at your necks in your own lands!
Previously, an ISIS-linked group had claimed to have doxed some 100 or so military members, as Hacked reported last March.
After months of investigation, an international warrant was prosecuted by the Malaysian government in October. Just over a year after gaining root on a system in a country the young man had presumably never seen but nevertheless felt a deep hatred for, he plead guilty to the hack on June 15 of this year.
Then on Friday a sentence was decided on – 20 years. The US’s Computer Fraud and Abuse Act, one of the most stringent laws in relation to computers in the world, provide wide latitude for sentencing, but it would seem that Ferizi would have had to have done a lot more damage to receive much more time than he has.
The CFAA allows for up to ten years for some individual offenses, five for others, and overall has language broad enough that, historically speaking, groups like the EFF have called for serious reforms of the law. Perhaps reforms of the law are necessary when international terrorism isn’t on the menu. In the case of Aaron Swartz, in which the Reddit founder committed suicide rather than face the potentially long sentence for what he saw as helping information to attain its natural state of free, no lives were put at risk. Just profitable restriction of access to educational documents.
The fact that these two cases were charged under virtually the same statutes is disconcerting. In this case, Ferizi specifically sought to put American lives at risk. In the case of Swartz, the young man used his skills in an effort to make scholarly journals free to the public. No rational person would agree that these two things are even in the same universe of judgment, but our criminal justice system currently makes no real distinction aside from provisions in the USA Patriot Act.
Images from Shutterstock.