The hacker admitted stealing the personal data of 1,351 US military and government employees — from computers whose ownership has not been disclosed — and forwarding it to Daesh chief hacker, Junaid Hussain.
Hussain had then organized the data into a terrorist "kill list," which he used to make explicit death threats. In August 2015, he tweeted a link to a long document revealing the hack to the US authorities.
"We are in your emails and computer systems, watching and recording your every move," Hussain's 30-page document read.
"[We] have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!"
Hussain was killed shortly after his tweet in an American drone strike. The US then, managed track down Ferizi, exploiting some mistakes he made during his hacking escapades: for instance, the Kosovo-born hacker failed to conceal his IP address on various occasions. That ultimately led to his arrest in October 2015.
While much has been speculated about the Islamic State's cyberwar capabilities, this is the first time a hacker is prosecuted for aiding Daesh, and in general, for aiding a terrorist group through actions carried out in cyberspace.
"Ferizi endangered the lives of over 1,000 Americans," US Attorney for the Eastern District of Virginia Dana Boente said in a statement.
"Cyber terrorism has become an increasingly prevalent and serious threat here in America, both to individuals and businesses. However, cyber terrorists are no different from other terrorists: No matter where they hide, we will track them down and seek to bring them to the United States to face justice."
Ferizi will eventually be sentenced in September of this year, when he could be meted out a sentence of up to 25 years.
