Malaysia arrests hacker for stealing U.S. security data

NBC News has learned federal prosecutors have charged a Kosovo man they believe is responsible for assembling an ISIS 'kill list" of more than 1,000 military personnel and U.S. government employees. USA TODAY

A Kosovar man living in Malaysia who accessed the personal data of more than 1,300 government and military employees, and passed that data onto the Islamic State, has been arrested in Malaysia on U.S. charges, the Department of Justice announced Thursday.
Ardit Ferizi also accessed customer data from an unidentified Internet retailer, obtaining credit card information on 100,000 customers, according to a federal indictment unsealed in Virginia. Ferizi, allegedly head of a group of Albanian hackers from Kosovo, even went so far as to admonish employees of the retailer via email when they detected his penetration of their system and blocked him.
According to a lengthy affidavit filed by FBI special agent Kevin Gallagher, who is based out of the Washington field office, Ferizi had unauthorized access to a federal computer and used that access to obtain email addresses, cities of residence, dates of birth and other personal identifying information on 1,351 government and military workers, and passed those names onto the Islamic State terrorist group between April and August.
He transferred the information via links he posted to Twitter, the affidavit said, "for the purpose of encouraging terrorist attacks against against the individuals." He also used the social media site to communicate to two known Islamic State members, Tariq Hamayun — also known as Abu Muslim al-Britani — and Junaid Hussain — also known as Abu Hussain al-Britani. Hussain died in August in an air strike in Raqqah, Syria.
The activity prompted the Islamic State Hacking Division to tweet a message to "crusaders" engaged in a "bombing campaign" against Muslims: "We are in your emails and computer systems, watching and recording your every move, we have your names and addresses … we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike your necks in your own lands!”
Regarding the retailer, not named in the document, Ferizi accessed a server in Phoenix in June that belongs to an Internet hosting company that maintain's the company's website, according to the affidavit. On Aug. 13, the retailer contacted the FBI to report unauthorized access to its site, Gallagher wrote.
As of spring 2015, Ferizi has been living in Malaysia on a student visa and studying at Limkokwing University of Creative Technology in Cyberjaya, Malaysia.