Show vulnerabilities with patch / with exploit
21 July 2020

Alleged Ripoff Report hacker exradited to the US


Alleged Ripoff Report hacker exradited to the US

A Cypriot national has been extradited to the United States to face charges related to various computer-oriented crimes, includind the hacking into Ripoff Report portal and the extortion attempt. An alleged cyber criminal became the first Cypriot national to be extradited from the Republic of Cyprus to the United States.

According to the press release published by the United States Department of Justice, the suspect, Joshua Polloso Epifaniou, 21, a resident of Nicosia, was arrested in Cyprus in February 2018. A five-count indictment filed in the Northern District of Georgia charges Epifaniou with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud and identity theft, and extortion related to a protected computer.

The indictment alleges that between October 2014 and November 2016 the suspect together with his accomplices had gained access to several websites and stolen personal information from user and customer databases at victim websites in order to extort websites into paying ransoms threatening to publish the data if the asked amount was not paid. Epifaniou is alleged to have defrauded the entities of $56,850 in bitcoin, and two victims incurred losses of over $530,000 from remediation costs associated with the incident.

Another 24-count indictment filed in the District of Arizona charges the alleged hacker with conspiracy to commit computer hacking, obtaining information from a protected computer, intentional damage to a protected computer, and threatening to damage a protected computer. According to the indictment, in October 2016 Epifaniou compromised the database of Ripoff Report (ROR), the site notorious for posting unverified anonymous reviews and complaints, via a brute force attack. Epifaniou used the attack to override ROR’s login and password protection to access its database through an existing account for a ROR employee.

In November 2016, he emailed ROR’s CEO using an email address, threatening to publicly disseminate stolen ROR data unless the company paid him $90,000 within 48 hours. Epifaniou then worked with an SEO (search engine optimization) company to remove bad reviews from the Ripoff Report website for the SEO firm's paying customers.

“Epifaniou and his co-conspirator removed at least 100 complaints from the ROR database, charging SEO Company's 'clients' approximately $3,000 to $5,000 for removal of each complaint,” the US Department of Justice said.

The court documents did not identify Epifaniou’s accomplice, but Fox 11 investigation claims that the other suspect may be Pierre Zarokian, who runs a reputation management company called Submit Express.

Back to the list

Latest Posts

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020
Maze operators published dozens of GBs of data from LG and Xerox

Maze operators published dozens of GBs of data from LG and Xerox

Stolen information may include Xerox support records and source code for the firmware of various LG products.
4 August 2020