Select Page

The United States Department of Justice has extradited two criminals from the Republic of Cyprus—one is a computer hacker suspected of cyber intrusions and extortion, and the other is a money launderer with known connections to the terrorist organisation Hezbollah.

Both suspects—Joshua Polloso Epifaniou, 21, a resident of Nicosia, and Ghassan Diab, 37, a citizen of Lebanon—were arrested earlier last year and extradited to the United States last weekend.

According to the indictment, Epifaniou conducted a brute force attack against the Phoenix-based online review portal Ripoff Report (ROR) in October 2016 and successfully override ROR’s login and password protection to gain access to its database through an existing account associated with a ROR employee.

In November 2016, Epifaniou tried to extort the company by emailing ROR’s CEO with a hyperlink to a video demonstrating Epifaniou’s unauthorised access to the ROR CEO’s account, threatening him to publicly disseminate stolen ROR data unless he paid $90,000 within 48 hours.

Between October 2016 and May 2017, Epifaniou also worked with an associate at Glendale-based “SEO Company” to illegally remove complaints posted on ROR’s website for whoever interested in paying the company approximately $3,000 to $5,000 per complaint removal.

According to the court documents, Epifaniou and his co-conspirator removed at least 100 complaints from the compromised ROR database for their “clients,” which could have profited the SEO Company somewhere between $300,000 and $500,000.

Besides ROR, Epifaniou has also been accused of hacking and extorting websites between October 2014 and November 2016, which included:

  • a free online game publisher based in Irvine, California;
  • a hardware company based in New York;
  • an online employment site headquartered in Innsbrook, Virginia; and
  • an online sports news website owned by Turner Broadcasting System Inc. in Atlanta, Georgia.

To hack into these websites, Epifaniou either directly exploited a security flaw in it and stole its user and customer data, or obtained a portion of the victim website’s user data from a co-conspirator who had hacked into the victim network.

Epifaniou allegedly defrauded the victim websites of $56,850 in bitcoin, and two victims incurred losses of more than $530,000 from remediation costs associated with the incident.​

images from Hacker News