Convicted Hacker Charged with Fraud and Identity Theft Committed While Incarcerated in Federal Prison

There’s an update to the case involving Ardit Ferizi, whose criminal history and conviction for hacking and providing material support to a terrorist organization have been covered previously.  Just last month, Ferizi had been sentenced to 20 years in prison, but was granted a reduction to time served plus 10 years supervised release, to be served in Kosovo. And he would have been on his way home, except that the FBI discovered that while he had been in prison, he had continued his criminal activities.  The following is a press release, issued today by the U.S. Attorney’s Office for the Northern District of California. SAN FRANCISCO – A federal complaint was unsealed today charging Ardit Ferizi with wire fraud and aggravated identity theft, announced United States Attorney David L. Anderson and Federal Bureau of Investigation, Special Agent in Charge Rachel L. Rojas, of the Jacksonville, Florida, FBI Division. Ardit Ferizi, 25, a Kosovo citizen, last resided in Malaysia before being brought to the Eastern District of Virginia (EDVA) in 2016 to face federal criminal charges.  Ferizi pleaded guilty to unauthorized access of computer information and to providing material support to a foreign terrorist group by providing personally identifiable information of United States government personnel to the Islamic State of Iraq and al-Sham (ISIS).  He was sentenced to 20 years incarceration in the federal Bureau of Prisons. According to the complaint, Ferizi’s sentence was reduced in December 2020 to time-served, plus 10 years of supervised release to be served in Kosovo, following the granting of a motion for compassionate release by an EDVA federal judge.  Ferizi was awaiting deportation when the FBI determined he continued his criminal activities and had committed multiple new federal offenses while incarcerated at the Federal Correctional Institute in Terre Haute, Indiana. “We allege Ferizi provided access to personal information of U.S. citizens, even as he was serving his prison sentence for providing similar information to ISIS,” said U.S. Attorney Anderson. “Ferizi’s alleged criminal conduct continued in prison notwithstanding his petition for an early prison release.” “Ardit Ferizi is an admitted criminal who endangered the lives of over 1,000 Americans by sharing their personal information with members of a dangerous terrorist organization,” said Special Agent in Charge Rojas, in charge of the FBI Jacksonville Division.  “The FBI has never wavered in our commitment to seek justice for his innocent victims, and we will continue to vigorously investigate him and anyone else who is intent on harming our nation and citizens.” According to an FBI agent’s affidavit filed in support of the criminal complaint, in 2017 and 2018 Ferizi had been involved in multiple fraudulent schemes from prison by coordinating with a family member who was operating Ferizi’s email accounts while Ferizi was incarcerated.  Ferizi instructed the family member to “keep my email alive and not expiring” and passed his email addresses and passwords on to his family member.  The FBI was able to determine that at least one email account included large databases of stolen personally identifiable information, extensive lists of stolen email accounts, partial credit card numbers, passwords, and other confidential information.  According to the complaint affidavit, the databases of stolen personal information were the fruits of Ferizi’s criminal hacking activity.  Based on an IP address resolving to Kosovo, login activity to Ferizi’s other e-mail accounts, and other investigative information, it was determined the family member downloaded the databases of stolen information to liquidate the proceeds of Ferizi’s previous criminal hacking activity. In the course of these new crimes, Ferizi and his family member are alleged to have used electronic services of Google, PayPal, and Coinbase, each of which is located in the Northern District of California.  The affidavit further alleges that Ferizi continued to communicate with others to further this scheme while in custody.  It is alleged that electronic communications were used to further the scheme and that personal data and information used belonged to real individuals who were victimized. Ferizi is charged with one count of aggravated identity theft in violation of Title 18, United States Code, Section 1028A, and one count of wire fraud in violation of Title 18, United States Code, Section 1343.  If convicted of wire fraud, he faces a maximum penalty of 20 years in prison and a fine of $250,000.  If convicted of aggravated identity theft, he faces a mandatory penalty of 2 years in prison in addition to the punishment imposed for a wire fraud conviction.  However, any sentence following conviction would be imposed by the court only after consideration of the U.S. Sentencing Guidelines and the federal statute governing imposition of a sentence, 18 U.S.C. § 3553. The charges contained in the criminal complaint are mere allegations.  As in any criminal case, the defendant is presumed innocent unless and until proven guilty in a court of law. Ferizi currently is in federal custody and will be transported to the Northern District of California to face the new federal charges.  His initial federal court appearance to face the new charges has not yet been scheduled. The Corporate Fraud Strike Force of the Northern District of California U.S. Attorney’s Office is prosecuting the case.  The prosecution is the result of an investigation by the Federal Bureau of Investigation Jacksonville and Washington field offices. Further Information: Case #: CR 21-mj-70014 (Complaint posted on U.S. Attorney’s website, see below.)  DataBreaches.netRead More