Hacker behind Ripoff Report extortion attempt extradited to the US

Hacker emailed the Ripoff Report CEO, shared a video accessing the exec's account, and asked for a $90,000 payment.

Hacker

Image: Setyaki Irham, ZDNet

A Cypriot national has been extradited to the US to face charges of hacking into review portal Ripoff Report, extorting the company, and selling access to its backend to a third-party.

The man, named Joshua Polloso Epifaniou, 21 years, and a resident of Nicosia, Cyprus, arrived in the US on Friday and is scheduled to be arraigned in front of a US court on Monday, July 20, where he'll be formally charged.

The Ripoff Report hack

According to court documents obtained by ZDNet, US authorities believe Epifaniou used a brute-force attack to gain access to the credentials of a Ripoff Report employee in October 2016.

The Cypriot then worked with an SEO (search engine optimization) company to remove bad reviews from the Ripoff Report website for the SEO firm's paying customers.

"Epifaniou and his co-conspirator removed at least 100 complaints from the ROR database, charging SEO Company's 'clients' approximately $3,000 to $5,000 for removal of each complaint," the US Department of Justice said in a press release on Saturday.

ror-deleted.png

Investigators said that when a local Cyprus bank blocked the co-conspirator's payments to the hacker, the two also arranged for the SEO company to issue bogus backdated invoices to justify the bank transfers for Epifaniou's hacking.

The court documents did not identify Epifaniou's partner, but a Fox 11 investigation claims the Cypriot hacker worked with Pierre Zarokian, the founder of Submit Express, a reputation management company.

The scheme came undone after Epifaniou emailed the Ripoff Report CEO in November 2016 and tried to extort the company while also actively removing bad reviews from its database.

According to investigators, the hacker requested a payment of $90,000 within 48 hours from the CEO, threatening otherwise to leak the Ripoff Report database online.

When he did not receive a reply from the CEO, the hacker emailed again the second day with a video showing himself accessing the exec's account.

The FBI started an investigation into the hacks in 2017, and the Submit Express CEO was arrested in 2018 and pleaded guilty earlier this year.

Pre-2016 hacks

In addition to his Ripoff Report hack and extortion, US officials have also accused Epifaniou of hacking and extorting other websites between October 2014 and November 2016.

Victims listed by the DOJ include a free online game publisher based in Irvine, California; a hardware company based in New York, New York; an online employment website headquartered in Innsbrook, Virginia; and an online sports news website owned by Turner Broadcasting System Inc. in Atlanta, Georgia.

To extort victims, officials said Epifaniou used two techniques.

He used security bugs to hack target sites and then steal user data himself, or he bought the victim site's user data from other hackers and then used it to extort the victim into paying a ransom.