Advertisement
Subscribe to our daily newsletter.
Subscribe

Jordanian national pleads guilty after unknowingly selling FBI agent access to 50 company networks

Authorities linked the 40-year-old to multiple crimes by tracing the email address he used for a cybercrime forum to the same account he used to apply for a U.S. visa in 2016.

By

Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
The Department of Justice building is seen in Washington, DC, on August 9, 2022. (Photo by Stefani Reynolds / AFP) (Photo by STEFANI REYNOLDS/AFP via Getty Images)

A 40-year-old Jordanian national pleaded guilty Thursday to operating as an access broker, selling access to at least 50 victim company networks he broke into by exploiting two commercial firewall products in 2023, according to the Justice Department.

Feras Khalil Ahmad Albashiti, who lived in the Republic of Georgia at the time, sold an undercover FBI agent unauthorized access to the victim networks on a cybercrime forum under the moniker “r1z” in May 2023, authorities said in court records.

The undercover FBI agent continued communicating with Albashiti for the next five months, uncovering evidence of additional alleged crimes. He’s accused of selling malware that could turn off endpoint detection and response products from three different companies.

Albashiti proved the malware worked when, unbeknownst to him, the FBI observed him use the EDR-killing malware on an FBI server the agency granted him access to as part of its investigation. 

Advertisement

The undercover agent purchased additional malware from Albashiti capable of elevating internal user privileges without authorization and a modified version of a commercially available pentesting tool, according to an affidavit filed in the U.S. District Court of New Jersey.

Investigators discovered the IP address Albashiti used to access the FBI server was previously used to intrude government systems belonging to a U.S. territory and a ransomware attack against a U.S. manufacturing company in June 2023 that resulted in at least $50 million in losses.

Authorities linked Albashiti to the “r1z” account on the cybercrime forum by tracing the Gmail address he used to establish the account in 2018, which was the same email address Albashiti used to apply to the State Department for a visa to enter the United States in Oct. 2016. 

The FBI said it obtained records for the cybercrime forum as part of an unrelated investigation.

Albashiti was arrested in July 2024 and has been held in custody since then. He waived prosecution by indictment and pleaded guilty to trafficking unauthorized access devices and login credentials. 

Advertisement

Albashiti is scheduled to be sentenced in May and faces up to 10 years in prison and a fine of $250,000, which prosecutors said is double the amount of gains or losses resulting from his crimes.

You can read the affidavit below.

Albashiti-affidavit-12-2023Download
Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

Justice Department headquarters at night
Traffic along Pennsylvania Avenue streaks by the Department of Justice (DOJ) headquarters building at night with the US Capitol in the background on Jan. 24, 2025, in Washington. (J. David Ake/Getty Images)

Leader of 764 offshoot pleads guilty, faces up to 60 years in jail

Alexis Chavez admitted to coercing multiple victims during a yearslong crime spree, landing law enforcement another win against the violent extremist collective he joined as a minor…
By Matt Kapko

Latest Podcasts

What happens if CISA 2015 lapses?

What’s powering the ‘Steroid Era’ of cybercrime?

The Access‑Trust Gap: Why security can’t see what work depends on

How AI has complicated enterprise mobile security

Government

Technology

Threats

Policy