Connect with us

Hi, what are you looking for?



Alleged Ripoff Report Hacker Extradited to United States

A Cypriot national was extradited to the United States last week to face charges related to various computer intrusions, including the hacking into Ripoff Report.

A Cypriot national was extradited to the United States last week to face charges related to various computer intrusions, including the hacking into Ripoff Report.

The man, Joshua Polloso Epifaniou, 21, a resident of Nicosia, Cyprus, was arrested in Cyprus in February 2018 and is the first Cypriot national to be extradited from the country to the United States.

In a five-count indictment filed in the Northern District of Georgia, Epifaniou is charged with wire fraud, extortion related to a protected computer, conspiracy to commit wire fraud, and conspiracy to commit computer fraud and identity theft.

Between October 2014 and November 2016, Epifaniou and co-conspirators allegedly targeted websites to steal personal identifying information (PII) from databases and then extort money from the websites by threatening to make the stolen data public.

The man is charged with stealing data from the websites of multiple companies in the United States, including a free online game publisher, a hardware company, an online employment website, and an online sports news website.

Epifaniou either exploited vulnerabilities to gain access to the data of interest or obtained the data from a co-conspirator. He then accessed email accounts using proxy servers and emailed the victim websites to demand a ransom.

According to the indictment, he defrauded victims of $56,850 in Bitcoin. Two of the victims incurred losses of more than $530,000 from remediation costs associated with the hacking.

Advertisement. Scroll to continue reading.

In the District of Arizona, Epifanou is charged in a 24-count indictment with obtaining information from a protected computer, conspiracy to commit computer hacking, threatening to damage a protected computer, and intentional damage to a protected computer.

According to the indictment, in October 2016, Epifaniou hacked into the database of Phoenix, Arizona-based Ripoff Report (ROR). The next month, he emailed ROR’s CEO, threatening to leak stolen data and demanding a $90,000 ransom be paid.

A privately owned and operated for-profit website, ROR allows anyone over the age of 14 to complain about firms or persons, but does not require users to provide their real identity. Such complaints might appear on Google, thus potentially damaging the image of the targeted entity.

Between October 2016 and May 2017, Epifaniou allegedly worked with an associated at a search engine marketing provider to identify companies that would be interested in removing complaints posted on ROR’s website.

The two charged those companies between $3,000 and $5,000 to illegally remove each complaint from the ROR database. They allegedly removed at least 100 complaints from the database.

Epifaniou is scheduled for arraignment on Monday, July 20.

Related: Feds Unseal 2018 Indictment Charging Kazakh Man in Hacks

Related: New Yorker Indicted for Stealing Card Data via SQL Injection Attacks

Related: WikiLeaks Founder Assange Faces New Indictment in US

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...