Security Experts:

Connect with us

Hi, what are you looking for?



‘IS Hacker’ Accused of Stealing US Data Arrested in Malaysia

Malaysian police have arrested a “terrorist hacker” wanted by Washington for allegedly stealing data related to more than a thousand US military and government personnel and providing the information to the Islamic State group.

Malaysian police have arrested a “terrorist hacker” wanted by Washington for allegedly stealing data related to more than a thousand US military and government personnel and providing the information to the Islamic State group.

In a statement late Thursday, Malaysian police said the 20-year-old man was arrested on September 15 and that he had arrived in the Southeast Asian country last year to study computer science in a private university.

The US Department of Justice said in a statement on Thursday it was seeking the extradition of the man, which it identified as Kosovo citizen Ardit Ferizi, known by his hacking moniker “Th3Dir3ctorY.”

“This case is a first of its kind and, with these charges, we seek to hold Ferizi accountable for his theft of this information and his role in ISIL’s targeting of US government employees,” the statement quoted Assistant Attorney General John P. Carlin saying, referring to the Islamic State group (IS).

The justice department statement dubbed Ferizi “a terrorist hacker”, saying he had submitted hacked data to an IS member who then posted a 30-page document on twitter containing “the names, e-mail addresses, e-mail passwords, locations and phone numbers for approximately 1,351 US military and other government personnel.”

The twitter message read: “NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!”

“We are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the (caliphate), who soon with the permission of Allah will strike at your necks in your own lands!” the document said, according to the justice department.

The statement added that the document was meant for IS supporters in the US and elsewhere to use the data “belonging to the listed government employees for the purpose of encouraging terrorist attacks against those individuals”.

If found guilty in the US, the hacker will face up to 35 years in jail.

Over the past year, Malaysian police have arrested numerous suspects whom they say were IS sympathizers plotting attacks in the country.

Malaysia’s senior counter-terrorism official Ayob Khan Mydin Pitchay told AFP in June that authorities had so far arrested 108 people who had suspected links to IS or were trying to travel to Syria or Iraq.

Muslim-majority Malaysia practices a moderate brand of Islam and has not seen any notable terror attacks in recent years.

But concern has risen in the multi-faith nation over growing hardline Islamic views and the country’s potential as a militant breeding ground.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.