Last week, a Cypriot national was extradited to the US to face charges related to various computer intrusions, including hacking into Ripoff Report.
The man, Joshua Polloso Epifaniou, 21, a resident of Nicosia, Cyprus, was arrested in Cyprus in February 2018, and is the first national Cypriot to be extradited to the United States from the island.
In a five-count indictment filed in Georgia ‘s Northern District, Epifaniou is charged with wire fraud, covered computer-related extorsion, wire fraud conspiracy, and computer fraud and identity theft conspiracy.
Between October 2014 and November 2016, Epifaniou and co-conspirators allegedly targeted websites to steal personal identification information (PII) from databases, and then ransom money from websites by threatening to make the stolen data public.
The man is charged with stealing data from several business websites in the U.S. including a free video gaming retailer, a electronics manufacturer, an online work website, and an online sports news website.
Epifaniou either manipulated vulnerabilities to gain access to data of interest, or a co-conspirator accessed the data. He then used proxy servers to access email accounts, and contacted victim websites to claim a ransom.
He defrauded victims in Bitcoin in the amount of $56,850 according to the indictment. Two of the victims suffered damages of more than $530,000 from the hacking-related remediation costs.
In the Arizona district, Epifanou is charged with obtaining information from a protected computer, conspiring to commit computer hacking, threatening to harm a protected computer, and intentional damage to a protected computer in a 24-count indictment.
According to the indictment, Epifaniou was hacked into Phoenix database, Ripoff Study (ROR), located in Arizona, in October 2016. He contacted ROR ‘s CEO the next month, threatening to leak the stolen data and demanding payment of a $90,000 ransom.
A privately owned and run for-profit website, ROR allows anyone over the age of 14 to complain about businesses or entities but does not require users to reveal their true identity. These complaints can appear on Google, thereby potentially damaging the target entity’s profile.
Epifaniou reportedly partnered with an employee at a search engine marketing firm between October 2016 and May 2017 to find businesses that would be interested in removing comments posted on ROR’s web site.
The two charged between $3,000 and $5,000 for those firms to unlawfully delete each complaint from the ROR database. They also reportedly deleted at least 100 reports from the site.
Epifaniou is set to be arraigned on Monday, July 20.
