In August 2015 an online retailer based in Illinois contacted the FBI, claiming that a hacker had breached the company’s system and was demanding a ransom of two bitcoins, or roughly $500. Such reports are not unusual, with cyber ransom becoming something of a cottage industry.
"Most companies today pay the 500 bucks and go back to business," said John P. Carlin, assistant attorney general for national security, according to McClatchy.
Investigators found, however, that the ransom demand was only a cover. The hacker had actually spent the previous two months scanning the company’s files for.gov and.mil email addresses, compiling a list for Daesh, also known as IS/Islamic State.
The investigation revealed that the company would not have known about the intrusion if not for the ransom demand.
With the stolen data, the terrorist group compiled a 30-page kill list containing the names of roughly 1,350 US government personnel. A link to the list was tweeted by Junaid Hussain, a self-proclaimed Daesh cyber army leader, last August.
Hussain said that followers would "strike at your necks in your own lands."
The theft was revealed in US federal court records, obtained by McClatchy. Identified as Kosovo-born Ardit Ferizi, the hacker traveled to Malaysia to get better bandwidth access to carry out his exploits. From Singapore, Ferezi was extradited to the US, where he signed a plea agreement in which he admitted to hacking and providing material support to terrorists.
It is unknown how much was given, or promised, to Ferizi in exchange for the stolen data.
The theft points to a growing concern for cybersecurity experts.
"Their capabilities are 1,000 times what they were four years ago," one expert told McClatchy, speaking on condition of anonymity.