Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Defense of Convicted Cypriot Hacker in US Not Seeking Appeal

A lawyer for a Cypriot hacker who has served almost four years behind bars said he will not appeal against a one-year jail sentence in the US for cyber-crimes he committed as a minor.

A lawyer for a Cypriot hacker who has served almost four years behind bars said he will not appeal against a one-year jail sentence in the US for cyber-crimes he committed as a minor.

A Georgia court handed down the jail term on Thursday in the trial of Joshua Pelloso Epifaniou, now 22, who was arrested in Cyprus in May 2017 and last year became the first Cypriot national ever extradited to the United States.

“This historic extradition and sentencing would not have been possible without the determination of our FBI investigators and the help of our federal and foreign partners,” Chris Hacker, an FBI Special Agent in Atlanta, Georgia, said in a Department of Justice statement.

“It is further proof that no matter where criminals who prey on US companies and citizens are hiding, either geographically or virtually, we will pursue them and bring them to justice,” Hacker said.

Cyprus-based lawyer Michael Chambers, in an email to AFP, said an appeal would not be filed although Epifaniou had confessed and was expecting to be freed on time served.

“I do not believe that the sentence is worth appealing against as he will be released in 10 months,” said Chambers.

The Cypriot’s legal team had hoped Epifaniou would be released as he had pleaded guilty and paid compensation.

Advertisement. Scroll to continue reading.

Epifaniou pleaded guilty to federal computer fraud charges brought in Arizona and Georgia.

As a result of the conviction, Epifaniou forfeited $389,113 and €70,000 ($83,000) to the government and paid $600,000 in restitution to his fraud victims, on the back of his cryptocurrency takings.

Epifaniou was extradited last July 16 to face charges for crimes committed at night from his bedroom in his mother’s Nicosia home as a teenager.

The maximum sentence for the charges he faced was 20 years.

Between October 2014 and May 2017, Epifaniou hacked websites and monitored online traffic to identify extortion targets.

After selecting target websites, he worked with co-conspirators to steal information from the websites’ databases.

Epifaniou then used proxy servers located in foreign countries to log into email accounts and send messages to the websites threatening to leak the sensitive data unless a ransom was paid in bitcoins, which have since shot up in value.

Initially arrested in Nicosia at the age of 17, he spent more than three years in a Cypriot jail without being convicted and fighting extradition.

His Filipina mother Vivina Polloso, a supermarket employee, has expressed heartbreak at his treatment, especially after he was whisked out of the country after a brief and tearful farewell at the island’s international airport in the midst of the coronavirus crisis.

“They deprived him of his youth, he became an adult in prison,” his mother said.

Related: ‘Money Mule’ Operator Gets Seven-Year Prison Sentence

Related: Hacker Closing Out Prison Sentence in Chicago Halfway House

Related: Russian Sentenced to Prison in U.S. for Role in Cybercrime Scheme

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...