Oct 20, 2016 - 9:15am

How a Cyber Ransom Demand Led to an Islamic State Plot Against American Service Members

Policy Manager, National Security and Emergency Preparedness

Imagine that you are a company executive for a well-known retailer with a recognized brand name. Your information technology (IT) team walks into your office and tells you there is a problem.

IT detected an unsophisticated, small-scale intrusion into the company’s network. There’s no need to worry because IT isolated the intrusion and can kick the intruder out.

Cybercrime costs the global economy up to $575 billion annually.

A week later, IT returns and reports that the intruder was kicked off the network, but a small amount of personally identifiable information (PII) was stolen. And to make matters worse, the hackers threatened the company—pay us 2 bitcoins, equivalent to $500, or we’re going to release this information.

This type of extortion attack is all too common for businesses. Ransomware and business email compromise attacks have become increasingly dominant and are expected to continue. A concerning number of cyber incidents are not reported to law enforcement, and cybercrime costs the global economy up to $575 billion annually.

In this instance, however, the company voluntarily contacted law enforcement. A coordinated international, law enforcement, and private sector investigation learned that this was not the work of a low-level hacker. Kosovo citizen Ardit Ferizi was responsible for the intrusion.

Ferizi was believed to be the leader of a Kosovar internet hacking group called Kosova Hacker’s Security. Working in Malaysia, Ferizi hacked into a U.S.-based company, stole PII, and then provided that information to Juanid Hussain, aka Abu Hussai al-Britani, a member of the Islamic State of Iraq and the Levant (ISIL). Hussain then posted the PII of 1,351 U.S. service members and federal employees on Twitter with this chilling message: Islamic State “soldiers … will strike at your necks in your own lands!”


As a result of efforts from the FBI, the Department of Justice, the U.S. Attorney of the Eastern District of Virginia, the Malaysian authorities, and the victimized company, Ferizi was arrested and in September 2016 sentenced to 20 years in prison. Assistant Attorney General John Carlin said that this case was a first of its kind and that it “demonstrates our resolve to confront and disrupt ISIL’s efforts to target America’s.” Hussain was killed in a drone strike in the ungoverned land of Raqqa, Syria, in October 2015.

This is just one example of the complex cyber threat environment businesses face today. The same technology that drives the digital economy has compressed space and time and blended cybercrime and national security threats. To combat this threat, the public and private sectors must cooperate on investigations, make public attributions, and impose consequences.

Business Tips to Combat Cybercrime:

  1. Identify your crown jewels (i.e., data your organization needs to function ) and control who has access to it.
  2. Train your employees not to open emails from unknown senders, use secure connections (https://) when entering sensitive data online, and avoid public Wi-Fi when accessing sensitive data.
  3. Deploy intrusion prevention and detection technology.
  4. Develop and exercise a cyber incident response plan.
  5. Establish relationships with law enforcement and information-sharing organizations.

Cybercrime is booming, and the number of high-profile incidents continues to increase in frequency, scale, and sophistication. The good news is that the bad guys do get caught (see www.arresttracker.com). Private-sector collaboration with law enforcement is paying dividends. Working together we can raise the cost and risk for cybercriminals conducting illicit activity. 

More Articles On: 

About the Author

About the Author

Vince Voci
Policy Manager, National Security and Emergency Preparedness

Vincent Voci is a policy manager for National Security and Emergency Preparedness at the U.S. Chamber of Commerce.