Ardit Ferizi, aka Th3Dir3ctorY, from Kosovo was sentenced in federal court in Alexandria, for "providing material support to the Islamic State of Iraq and the Levant (ISIL) and accessing a protected computer without authorization and obtaining information in order to provide material support to ISIL," the Department of Justice announced on Friday.
The 21-year-old ISIS-linked hacker obtained the data by hacking into the US web hosting company's servers on June 13, 2015.
Ferizi then filtered out over 1,300 US military and government employees' information from the stolen data and then handed them over to Junaid Hussain, according to court filings [PDF].
The stolen data contains personally identifiable information (PII), which includes names, email addresses, passwords, locations and phone numbers of US military service members and government workers.
Junaid Hussain, who was a British jihadi and believed to be the then leader and creator of a group of ISIS hackers called the Islamic State Hacking Division (ISHD), posted the names and personal data of 100 US service member's families online.
The Hussain's statements included:
"We are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the Khilafah, who soon with the permission of Allah will strike at your necks in your own lands!"Hussain, who was also known as Abu Hussain Al-Britani and used the moniker TriCk, was later killed in a US drone strike in Syria in August last year.
Discover the Hidden Dangers of Third-Party SaaS Apps
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
The US authorities also tracked down Ferizi to Malaysia, where he was arrested by the local authorities on October 6, 2015, while trying to catch a flight back to Kosovo.
Before helping ISIS, Ferizi had served as an alleged leader of the Kosova Hacker's Security (KHS) hacking group and hacked into a number of government sites belonging to the Presidency of Macedonia, the Greek Ministry of Education, the Greek Decentralized Administration of Macedonia and Thrace (DAMT), Lifelong Learning and Religion. He also stole data from IBM and Greek mobile telecoms firm OTE.
Ferizi was pleaded guilty on June 15, 2016, and faced a sentence of up to 35 years in prison, but the sentence was reduced to a maximum of 25 years after agreeing to plead guilty. However, defense lawyers said he meant no real harm and asked for a six-year sentence.