A 40-year-old Jordanian national has pleaded guilty to charges relating to selling unauthorised network access to around 50 companies.
Feras Khalil Ahmad Albashiti – also known as “r1z,” “Feras Bashiti,” and “Firas Bashiti” – had been living in the Republic of Georgia at the time of his alleged crimes.
“In May 2023, law enforcement officers were investigating an online forum where malware and malicious code was being offered for sale. Albashiti controlled an online moniker named ‘r1z’ and used it in the online forum,” documents filed in a US court on 15 January said.
“On May 19, 2023, Albashiti sold to an undercover law enforcement officer unauthorised access to the networks of at least 50 victim companies in exchange for cryptocurrency.”
Senior counsel Philip Lamparello credited special agent in charge Stefanie Roddy of the FBI with leading the case that led to the guilty plea. Albashiti was extradited to the US in July 2024 and is expected to be sentenced on 11 May 2026.
The charges of fraud and related activity carry a maximum jail sentence of 10 years and a maximum fine of US$250,000.
What is an access broker?
Access brokers are essentially the middlemen of the cyber criminal underworld, providing access to networks they’ve already penetrated, either for a one-off payment or a cut of any proceeds from a successful breach.
“Access brokers are motivated not only by financial gain but also by the advantages offered by their specialisation in hacking networks and operational systems. Their role usually focuses on acquiring and maintaining network access (via stolen credentials, compromised VPN/RDP, web shells, etc.) and selling it to other cyber criminals,” Jeremy Makowski, senior threat intelligence researcher at Rapid7, told Cyber Daily last year following the release of Rapid7’s 2025 Access Brokers Report.
Rather than deploy malware or ransomware themselves, access brokers take the less risky approach of merely compromising a network and then selling that access on to others to perform the next step in the criminal kill-chain.
“This work segmentation makes their operations scalable and more sustainable; a broker can manage dozens of active accesses simultaneously without attracting the intense law enforcement attention often faced by active extortionists or ransomware affiliates. Essentially, they operate as wholesalers in a criminal supply chain, favouring repeatable, low-risk transactions over high-stakes operations,” Makowski said.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.