There’s an update to the case of a young Cypriot hacker who pleaded guilty in January to hacking Armor Games and Ripoff Report. A Nicosia court had ruled in 2019 that Joshua Epiphaniou was to be extradited here. He is the first Cypriot national ever extradited from Cyprus to the United States.
Today, the U.S. Attorney’s Office for the District of Arizona announced that Ephiphaniou, now 22, was sentenced in the Northern District of Georgia to 12 months and one day in prison, on top of the nearly four years he has already served in custody since his arrest in Cyprus in May, 2017.
As a result of his conviction, Epifaniou forfeited $389,113 and 70,000 euros to the government and paid $600,000 in restitution to the victims of his fraud in Arizona and the Northern District of Georgia.
While many news reports these days talk about threat actors making extortion demands under threat that they will dump sensitive data stolen from entities, such extortion is nothing new, as this site has noted in other posts. Rex Mundi was doing it a decade ago, and between October 2014 and May 2017, Epifaniou would target websites, work with co-conspirators to steal personally identifiable information from the websites’ databases, and then threaten to leak sensitive data if web site owners did not pay him in cryptocurrency.
Victims of Epifaniou’s computer terrorism included an online sports news website owned by Turner Broadcasting System Inc. in Atlanta, Georgia, Armor Games in Irvine, California, a hardware company based in New York, New York, an online employment website headquartered in Innsbrook, Virginia, and Ripoff Report, headquartered in Phoenix, Arizona.
According to the USAO and court filings:
After extorting Ripoff Report, Epifaniou also hacked into its website to remove online complaints at the request of paying clients. Epifaniou and his co-conspirator, Pierre Zarokian, charged clients between $1,000 and $5,000 for each complaint removal and falsely told clients that the removals were court-ordered. Epifaniou was charged by indictment in Arizona in CR-17-1280-SMB and Zarokian was sentenced last year in CR-18-1626-MTL.
The Federal Bureau of Investigation conducted the investigation in this case. Foreign law enforcement partners also made significant contributions to the investigation, including the Office for Combating Cybercrime of the Cyprus Police. The U.S. Attorney’s Offices for the District of Arizona and for the Northern District of Georgia handled the prosecution, with assistance from the Criminal Division’s Office of International Affairs.
CASE NUMBER: CR17-00327-MHC-JKL
RELEASE NUMBER: 2021-014_Epifaniou