Security Experts:

Connect with us

Hi, what are you looking for?



Alleged Ripoff Report Hacker Extradited to United States

A Cypriot national was extradited to the United States last week to face charges related to various computer intrusions, including the hacking into Ripoff Report.

A Cypriot national was extradited to the United States last week to face charges related to various computer intrusions, including the hacking into Ripoff Report.

The man, Joshua Polloso Epifaniou, 21, a resident of Nicosia, Cyprus, was arrested in Cyprus in February 2018 and is the first Cypriot national to be extradited from the country to the United States.

In a five-count indictment filed in the Northern District of Georgia, Epifaniou is charged with wire fraud, extortion related to a protected computer, conspiracy to commit wire fraud, and conspiracy to commit computer fraud and identity theft.

Between October 2014 and November 2016, Epifaniou and co-conspirators allegedly targeted websites to steal personal identifying information (PII) from databases and then extort money from the websites by threatening to make the stolen data public.

The man is charged with stealing data from the websites of multiple companies in the United States, including a free online game publisher, a hardware company, an online employment website, and an online sports news website.

Epifaniou either exploited vulnerabilities to gain access to the data of interest or obtained the data from a co-conspirator. He then accessed email accounts using proxy servers and emailed the victim websites to demand a ransom.

According to the indictment, he defrauded victims of $56,850 in Bitcoin. Two of the victims incurred losses of more than $530,000 from remediation costs associated with the hacking.

In the District of Arizona, Epifanou is charged in a 24-count indictment with obtaining information from a protected computer, conspiracy to commit computer hacking, threatening to damage a protected computer, and intentional damage to a protected computer.

According to the indictment, in October 2016, Epifaniou hacked into the database of Phoenix, Arizona-based Ripoff Report (ROR). The next month, he emailed ROR’s CEO, threatening to leak stolen data and demanding a $90,000 ransom be paid.

A privately owned and operated for-profit website, ROR allows anyone over the age of 14 to complain about firms or persons, but does not require users to provide their real identity. Such complaints might appear on Google, thus potentially damaging the image of the targeted entity.

Between October 2016 and May 2017, Epifaniou allegedly worked with an associated at a search engine marketing provider to identify companies that would be interested in removing complaints posted on ROR’s website.

The two charged those companies between $3,000 and $5,000 to illegally remove each complaint from the ROR database. They allegedly removed at least 100 complaints from the database.

Epifaniou is scheduled for arraignment on Monday, July 20.

Related: Feds Unseal 2018 Indictment Charging Kazakh Man in Hacks

Related: New Yorker Indicted for Stealing Card Data via SQL Injection Attacks

Related: WikiLeaks Founder Assange Faces New Indictment in US

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.