A man whose real name is Feras Albashiti and who used “Feras Bashiti” and “Firas Bashiti” as two of of his aliases has pleaded guilty in federal court to his role as an access broker. Albashiti also used the alias “r1z,” and was active on the Russian-language forum XSS.is (now XSS.pro) in 2023 when the alleged crimes occurred.
NEWARK, N.J. – A Jordanian man who was residing in the Republic of Georgia admitted his role as an “access broker” who sold unauthorized access to computer networks of at least 50 victim companies, Senior Counsel Philip Lamparello announced.
Feras Khalil Ahmad Albashiti, a/k/a “r1z,” a/k/a “Feras Bashiti,” and a/k/a “Firas Bashiti, 40, pleaded guilty before U.S. District Judge Michael A. Shipp in Trenton federal court today to an information charging Albashiti with fraud and related activity in connection with access credentials.
According to documents filed in this case and statements made in court:
In May 2023, law enforcement officers were investigating an online forum where malware and malicious code was being offered for sale. Albashiti controlled an online moniker named “r1z” and used it in the online forum. On May 19, 2023, Albashiti sold to an undercover law enforcement officer unauthorized access to the networks of at least 50 victim companies in exchange for cryptocurrency.
The charge of fraud and related activity in connection with access devices carries a maximum penalty of 10 years in prison and a maximum fine of $250,000, or twice the gross amount of gains or losses resulting from the offense. Sentencing is scheduled for May 11, 2026.
Senior Counsel Lamparello credited special agents and members of the Federal Bureau of Investigation, under the direction of Special Agent in Charge Stefanie Roddy in Newark, with the investigation leading to the guilty plea.
The government is represented by Assistant U.S. Attorney Benjamin Levin, Deputy Chief of the Cybercrime Unit in Newark.
###
Defense Counsel: Rahul Agarwal, Esq.
albashiti.information.pdf
Updated January 15, 2026