Case Document3 Filed 09/27/17 . ere

 

FILED LODGED
RECEIVED COPY
SEP 2 7 2017

CLERK 8 DISTRICT COURT
DISTRICT OF ARIZONA
  PEPUTY

 

 

 

  

IN THE UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF ARIZONA

United States of America,
Plaintiff,
vs.
Joshua Polloso Epifaniou,
a.k.a. 

a.k.a. Giorgos Petrou,

Defendant.

 

 

 

THE GRAND JURY CHARGES:





V10: 18 U.S.C. 1030(b)
(Conspiracy to Commit Computer
Hacking)
Count 1

18 U.S.C. 1030(a)(2), 

.

gObtaimng In ormatlon from
rotected Computer)

Count 2

l8 U.S.C. 1030(a)(5)(A) 

Intentlonal Damage to Protected

Computer)
Counts 3?23

18 U.S.C. 1030(a)(7)(B) 
Ec .
hreatemng Damage to Protected
Computer)
Count 24

18 U.S.C. 982 2 &1030'
(1)

At all times material to this indictment, within the District of Arizona and elsewhere:

INTRODUCTION

1. Ripoff Report (ROR), a company based in Phoenix, Arizona, hosts a website

where customers can post anonymous complaints about people and businesses. The subject

 






 

Case Document 3 Filed 09/27/17 Page 2 of 8

of the complaint can then post a rebuttal. ROR does not remove complaint reports; instead,
persons about whom complaints are posted are only permitted to post rebuttals.

2. The company identi?ed below as Company? is a search engine
marketing company based in Glendale, California. Its website claims that the company
offers, among other services, ?reputation management services, as well as Ripoff Report
Removal Service, Yelp Negative Review Repair, TheDirty.com Post Removal, Scamcom
Post Removal, ComplaintsBoard.com Post Removal and ScamBook.com Post Removal.?

3. On October 30, 2016, JOSHUA POLLOSO EPIFANIOU, a resident of
Nicosia, Cyprus, obtained unauthorized access to database through a brute force
attack. A brute force attack is a trial-and?error method used to obtain information, such as
a user password or personal identi?cation number (PIN). In this case, EPIFANIOU used
the attack to successfully override login and password protection to access its
database through an existing account for an ROR employee.

4. On November 18, 2016, EPIFANIOU emailed CEO using the email
address threatening to publicly disseminate stolen ROR data unless
the company paid him $90,000 USD within 48 hours. EPIFANIOU emailed again the
following day with a hyperlink to a video recording demonstrating 

unauthorized access to the ROR account.

5. Between October 2016 and May 2017, EPIFANIOU worked with an
associate at SEO Company to identify companies that might be interested in paying for
remOval of complaints posted on website, which EPIFANIOU would then illegally
remove through unauthorized access to the ROR database. EPIFANIOU and his
coconspirator removed at least 100 complaints from the ROR database, charging SEO
Company?s ?clients? approximately $3,000 to $5,000 for removal of each complaint.



Conspiracy to Commit Computer Hacking
(18 U.S.C. 1030(b))

6. The factual allegations from Paragraphs 1 through 5 are incorporated herein

 



Nit?l w-A r?t r?t h?i r? r?t t?l r?t


 

Case Document 3 Filed 09/27/17 Page 3 of 8

by reference and re-alleged as though fully set forth herein.

7. From on or about October 2016 through May 2017, in the District of Arizona
and elsewhere, the defendant, JOSHUA POLLOSO EPIFANIOU, and others known and
unknown to the Grand Jury unlawfully, willfully, and knowingly agreed, combined, and
conspired to obtain information from a protected computer in violation of 18 U.S.C. 
1030(a)(2), access a protected computer in furtherance of fraud in violation of 18 U.S.C. 
1030(a)(4), and intentionally damage a protected computer in violation of 18 U.S.C. 
1030(a)(5)(A), all in violation of 18 U.S.C. 1030(b).

8. To accomplish the objects of the conspiracy, EPIFANIOU and others did (1)
solicit companies interested in paying for removal of complaints posted on website,
(2) obtain unauthorized access to database and delete complaint records, (3) conceal
their activities through false names, fake invoices, and the deletion of inoriminating
evidence, and (4) attempt to gain unauthorized access to other customer complaint websites
to further the scheme.

9. In furtherance of the conspiracy, and to achieve the objects of the conspiracy,
EPIFANIOU and others committed the following overt acts:

A. On or about November 8, 2016, SEO Company negotiated a ?reputation
management service agreement,? charging the client an initial $4000 for
removal of a complaint from ROR.

B. On or about November 9, 2016, EPIFANIOU and his coconspirator via an
instant messaging service discussed their plan to remove data from the ROR
website for a fee but pretend to SEO Company?s clients that it was
accomplished through court orders rather than computer hacking.

C. On or about November 16, 2016, EPIFANIOU and his coconspirator via an
instant messaging service discussed ways to market their ROR removal
services using an alias.

D. On or about November 18, 2016?the same day that EPIFANIOU sent his
extortion demand to and his coconspirator. via

-3-

 






 

Case Document 3 Filed 09/27/17 Page 4 of 8

an instant messaging service discussed methods to obtain unauthorized
access to the email account of CEO and ways to conceal evidence of
their crime.

E. On or about January 13, 2017, EPIFANIOU told his coconspirator via an
instant messaging service that the Bank of Cyprus had frozen his account,
and that he needed fake invoices to convince the bank to release the funds
his coconspirator had transferred to him as his portion of the computer
hacking scheme. They discussed how to backdate the invoices and falsely
report the payment of at least $32,200 to EPIFANIOU, labeling the invoices
?reputation management services? to ?make it look legit.?

F. On or about February 3, 2017, EPIFANIOU and his coconspirator via an
instant messaging service discussed ?spearphishing? the ROR CEO.
?Spearphishing? is a method for distributing malware to a speci?c individual,
usually to gain unauthorized access to the individual?s computer or online
accounts.

G. On or about February 7, 2017, EPIFANIOU and his coconspirator via an
instant messaging service discussed how the coconspirator could post a fake
complaint to ROR to help ?trigger [the] payload? in furtherance of the
scheme to delete ROR data through computer hacking.

H. On or about February 13, 2017, SEO Company negotiated a ?reputation
management service agreement? with another client, charging an initial
$4,000 for removal of a complaint from ROR. 7

I. On or about February 14, 2017, EPIFANIOU and his coconspirator via an
instant messaging service discussed the status and pro?ts of their ROR hack,
and their intent to hack-additional customer complaint and review websites
(including through website vulnerabilities and stolen employee login
credentials). I

J. On or about March 3, 2017, SEO Company negotiated a ?reputation

-4-

 






 

Case Document 3 Filed 09/27/17 Page 5 of 8

10.

12.

management service agreement? with another client, charging an initial
$4,150 for removal of two complaints from ROR.

On or about March 31, 2017, SEO Company negotiated a ?reputation
management service agreement? with another client, charging $11,000 for
removal of two complaints from ROR.

On or about April 27, 2017, EPIFANIOU and his coconspirator via an instant
messaging service discussed another method for unauthorized access to
database, ?incase the original exploit gets patched so we can drag
this out for another at least 6-7 months.?

Between October 2016 and May 2017, EPIFANIOU and his coconspirator
removed at least 100 complaints from the ROR database, charging SEO
Company?s clients approximately $3,000 to $5,000 for removal of each
Complaint.

COUNT 2

Obtaining Information from Protected Computer
(18 U-S-C- 1030000), 

The factual allegations in paragraphs 1 through 9 are re-alleged and

incorporated as if fully set forth here.
1 1.
Arizona and elsewhere, the defendant, JOSHUA POLLOSO EPIFANIOU, intentionally

From on or about October 2016 through May 2017, within the District of

accessed without authorization and thereby obtained information from a protected
computer associated with Ripoff Report, which Was committed for the purpose of
commercial advantage and private ?nancial gain and where the value of the information
obtained exceeded $5,000 in value, in Violation of 18 U.S.C. 1030(a)(2) and 
and 

COUNTS 3-23
Intentional Damage to Protected Computer
(18 U.S.C. 1030(a)(5)(A) 

The factual allegations in paragraphs 1 through 11 are re-alleged and

 



b?l t?t r?t r?n l-nCase Document 3 Filed 09/27/17 Page 6 of 8

incorporated as if fully set forth here.

13. On or about each of the dates set forth below, within the District of Arizona
and elsewhere, the defendant, JOSHUA POLLOSO EPIFANIOU, knowingly caused the
transmission of a program, information, code, and command, and, as a result of such
conduct, intentionally caused damage without authorization to a protected Computer
associated with Ripoff Report, which caused a loss to persons during a one-year period I
resulting from the defendant?s course of conduct affecting protected computers aggregating
at least $5,000 in value, each transmission constituting a separate count in Violation of 18

U.S.C. 1030(a)(5)(A) and 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3 12/9/2016 5 records deleted from ROR database
4 1/1/2017 9 records deleted from ROR database
5 1/5/2017 5 records deleted from ROR database
6 1/ 10/2017 5 records deleted from ROR database
7 1/11/2017 7 records deleted from ROR database
8 1/ 18/2017 5 records deleted from ROR database
9 1/30/2017 3 records deleted from ROR database
10 1/31/2017 4 records deleted from ROR database
11 2/13/2017 4 records deleted from ROR database
12 2/ 16/2017 4 records deleted from ROR database
13 2/24/2017 4 records deleted from ROR database
14 3/16/2017 1 record deleted from ROR database
15 3/23/2017 2 records deleted from ROR database
16 3/26/2017 8 records deleted from ROR database
17 3/31/2017 5 records deleted from ROR database
18 4/6/2017 7 records deleted from ROR database

 

 






 

Case Document 3 Filed 09/27/17 Page 7 of 8

 

 

 

 

 

19 4/ 16/2017 3 records deleted from ROR database
20 5/1/2017 1 record deleted from ROR database
21 5/6/2017 8 records deleted from ROR database
22 5/7/2017 8 records deleted from ROR database
23 5/9/2017 3 records deleted from ROR database

 

 

 

 

 

COUNT 24
Threatening to Damage Protected Computer
(18 U.S.C. 1030(a)(7)(B) 

14. The factual allegations in paragraphs 1 through 13 are re-alleged and
incorporated as if fully set forth here.

15. On or about November 18, 2016, within the District of Arizona and
elsewhere, the defendant, JOSHUA POLLOSO intent to extort from a
person a thing of value, did transmit in interstate and foreign commerce a communication
containing a threat to impair the con?dentiality of information obtained from a protected

computer Without authorization, in violation of 18 U.S.C. 1030(a)(7)(B) and 

Forfeiture Allegation
(18 U.S.C. 982(a)(2)(B) 1030(i))

16. The factual allegations in paragraphs 1 through 15 are re-alleged and
incorporated as if fully set forth here for the purpose of alleging forfeitures pursuant to 18
U.S.C. 982(a)(2)(B) and 1030(i).

17. Upon conviction of the offenses in violation of 18 U.S.C. 1030 set forth in
Counts 1 through 24 of this Indictment, the defendant, JOSHUA POLLOSO EPIFANIOU,
shall forfeit to the United States of America the following:

Pursuant to 18 U.S.C. 982(a)(2)(B) and 1030(i), any property, real or
personal, constituting, or derived from, proceeds obtained directly or

indirectly as a result of such offense.

 






 

Case Document 3 Filed 09/27/17 Page 8 of 8

18. Pursuant to 21 U.S.C. 853(p), as incorporated by 18 U.S.C. 982(b) and
1030(i), the defendant, JOSHUA POLLOSO EPIFANIOU, shall forfeit substitute
property, up to the value of the forfeitable property, or any portion thereof, if by any act or

omission of the defendant the forfeitable property:

A. cannot be located upon the exercise of due diligence;

B. has been transferred or sold to or deposited with, a third person;

C. has been placed beyond the jurisdiction of the Court;

D. has been substantially diminished in value; or

E. has been commingled with other property which cannot be subdivided

Without dif?culty.

A TRUE BILL


OREPERSON OF THE GRAND JURY
Date: September 27, 2017

ELIZABETH A. STRANGE
Acting United States Attorney
of Arlzona



JAMES R. KNAPP
ANDREW C. STONE
Assistant US. Attorneys