Hacker Extradited from Cyprus, Partly for Breaking Into RipOffReport to Delete Complaints
I've posted a lot about people attempting to get material taken down from the Internet—attempts that often use various shady tactics (e.g., forged court orders, lawsuits against fake defendants, and more). Here's another, even more clearly criminal, alleged scheme; Tim Cushing at Techdirt has the story, and you can also see the indictment, a Justice Department press release about another indictment of the same hacker, and a City News Service article. From the indictment, as quoted by Cushing:
On or about November 8, 2016, SEO Company negotiated a "reputation management service agreement," charging the client an initial $4000 for removal of a complaint from ROR.
On or about November 9, 2016, EPIFANIOU and his co-conspirator via an instant messaging service discussed their plan to remove data from the ROR website for a fee but pretend to SEO Company's clients that it was accomplished through court orders rather than computer hacking….
On or about February 13, 2017, SEO Company negotiated a "reputation management service agreement" with another client, charging an initial $4,000 for removal of a complaint from ROR.
On or about February 14, 2017, EPIFANIOU and his co-conspirator via an instant messaging service discussed the status and profits of their ROR hack, and their intent to hack-additional customer complaint and review websites (including through website vulnerabilities and stolen employee login credentials).
On or about March 3, 2017, SEO Company negotiated a "reputation management service agreement" with another client, charging an initial $4,150 for removal of two complaints from ROR.
On or about March 31, 2017, SEO Company negotiated a "reputation management service agreement" with another client, charging $11,000 for removal of two complaints from ROR.
On or about April 27, 2017, EPIFANIOU and his co-conspirator via an instant messaging service discussed another method for unauthorized access to ROR's database, "in case the original exploit gets patched so we can drag this out for another at least 6-7 months."
Between October 2016 and May 2017, EPIFANIOU and his co-conspirator removed at least 100 complaints from the ROR database, charging SEO Company's clients approximately $3,000 to $5,000 for removal of each Complaint.
"SEO Company" here is a pseudonym; but I should note that Pierre Zarokian pleaded guilty to conspiracy with Epifaniou related to Ripoff Report, and Zarokian runs an SEO (Search Engine Optimization) company called Submit Express.
Epifaniou is also accused of other, even more serious, computer crimes; from the DoJ press release:
The indictment alleges that Epifaniou obtained confidential personal identifying information from these websites including from a free online game publisher based in Irvine, California; a hardware company based in New York, New York; an online employment website headquartered in Innsbrook, Virginia; and an online sports news website owned by Turner Broadcasting System Inc. in Atlanta, Georgia, either by directly exploiting a security vulnerability at the websites and stealing user and customer data, or by obtaining a portion of the victim website's user data from a co-conspirator who had hacked into the victim network.
After obtaining the personal identifying information, Epifaniou allegedly used proxy servers located in foreign countries to log into online email accounts and send messages to the victim websites threatening to leak the sensitive data unless a ransom was paid. He is alleged to have defrauded the entities of $56,850 in bitcoin, and two victims incurred losses of over $530,000 from remediation costs associated with the incident.