CYBER-HACKERS NAILED: Feds Snatch Pair of Tech Hezbollah Felons from Cyprus to USA
First Cypriot National Extradited from the Republic of Cyprus to the United States Under Extradition Treaty
A Lebanese national wanted in Florida who is alleged to have conspired to engage in, and actually engaged, in the laundering of drug proceeds through the use of the black market peso exchange in support of Hezbollah’s global criminal-support network and a Cypriot national who is wanted in the Northern District of Georgia and the District of Arizona for cyber intrusion and extortion, were both extradited yesterday from the Republic of Cyprus to the United States.
“These successful extraditions demonstrate the commitment of the Department of Justice to support local, state and federal law enforcement agencies throughout the United States and our strong working relationship with dedicated foreign partners who assist in apprehending foreign fugitives wherever they may be hiding,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division. “Thanks to the efforts of our law enforcement partners in Cyprus, Ghassan Diab and Joshua Polloso Epifaniou will now be held accountable in the United States for their alleged crimes.”
Ghassan Diab, 37, a citizen of Lebanon, arrived in Miami yesterday after being extradited from the Republic of Cyprus. Diab is charged in the State of Florida, Circuit Court of the Eleventh Judicial Circuit in and for Miami-Dade County, with two counts of money laundering over $100,000, two counts of conspiracy to launder over $100,000, two counts of unlicensed transmission of currency over $100,000, and two counts of unlawful use of a two-way communications device to further the commission of money laundering, all felonies under Florida law.
Diab was previously identified as an alleged Hezbollah associate and charges were announced by the Miami-Dade State Attorney’s Office in October 2016 as a part of the Drug Enforcement Administration (DEA) Miami Field Division’s “Operation Reconquista,” a joint State/Federal partnership to attack money laundering which resulted in the arrest of two co-defendants. At that time, Ghassan Diab’s specific whereabouts were unknown.
Diab was provisionally arrested in Cyprus for purposes of extradition on March 9, 2019, at the Larnaca International Airport upon his arrival from Beirut, Lebanon, based on a request from the United States in accordance with the U.S.-Cyprus Extradition Treaty. On September 27, 2019, the court in Cyprus found him extraditable to the United States.
Joshua Polloso Epifaniou, 21, a resident of Nicosia, Cyprus, arrived at John F. Kennedy Airport in New York on July 17, 2020, after being extradited from the Republic of Cyprus, where he was arrested in February 2018.
Epifaniou is the first Cypriot national extradited by Cyprus to the United States. Cyprus amended its Constitution in 2013 to allow for the extradition of Cypriot nationals to a European country or to a third country on the basis of a European arrest warrant or on the basis of a bilateral or multilateral treaty that the Republic of Cyprus has signed, with the understanding that the corresponding country would extradite its citizens as well. In 2003, the United States and the European Union entered into an extradition agreement. The articles of the U.S.-E.U. agreement were incorporated into the pre-existing bilateral treaty to create a new bilateral treaty with Cyprus, signed in 2006.
A five-count indictment filed in the Northern District of Georgia charges Epifaniou with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud and identity theft, and extortion related to a protected computer.
According to the indictment, between approximately October 2014 and November 2016, Epifaniou worked with coconspirators to steal personal identifying information from user and customer databases at victim websites in order to extort the websites into paying ransoms under threat of public disclosure of the sensitive data.
The indictment alleges that Epifaniou obtained confidential personal identifying information from these websites including from a free online game publisher based in Irvine, California; a hardware company based in New York, New York; an online employment website headquartered in Innsbrook, Virginia; and an online sports news website owned by Turner Broadcasting System Inc. in Atlanta, Georgia, either by directly exploiting a security vulnerability at the websites and stealing user and customer data or by obtaining a portion of the victim website’s user data from a co-conspirator who had hacked into the victim network.
After obtaining the personal identifying information, Epifaniou allegedly used proxy servers located in foreign countries to log into online email accounts and send messages to the victim websites threatening to leak the sensitive data unless a ransom was paid.
After obtaining the personal identifying information, Epifaniou allegedly used proxy servers located in foreign countries to log into online email accounts and send messages to the victim websites threatening to leak the sensitive data unless a ransom was paid. He is alleged to have defrauded the entities of $56,850 in bitcoin, and two victims incurred losses of over $530,000 from remediation costs associated with the incident.
Epifaniou is scheduled for his arraignment on Monday, July 20, before U.S. Magistrate Judge Alan J. Baverman in the Northern District of Georgia.
Epifaniou is charged in the District of Arizona in a 24-count indictment with conspiracy to commit computer hacking, obtaining information from a protected computer, intentional damage to a protected computer, and threatening to damage a protected computer.
Epifaniou allegedly used the attack to successfully override ROR’s login and password protection to access its database through an existing account for a ROR employee.
The indictment alleges that on Oct. 30, 2016, Epifaniou obtained unauthorized access to the database of Ripoff Report (ROR), a company located in Phoenix, Arizona, through a brute force attack. A brute force attack is a trial-and-error method used to obtain information, such as a user password or personal identification number. Epifaniou allegedly used the attack to successfully override ROR’s login and password protection to access its database through an existing account for a ROR employee. On Nov. 18, 2016, Epifaniou emailed ROR’s CEO using an email address, threatening to publicly disseminate stolen ROR data unless the company paid him $90,000 within 48 hours. According to the indictment, Epifaniou emailed again the following day with a hyperlink to a video recording demonstrating Epifaniou’s unauthorized access to the ROR CEO’s account.
The indictment additionally alleges that between October 2016 and May 2017, Epifaniou worked with an associate at “SEO Company,” which was a search engine marketing company based in Glendale, California, to identify companies that might be interested in paying for the removal of complaints posted on ROR’s website, which Epifaniou would then illegally remove through unauthorized access to the ROR database. Epifaniou and his co-conspirator removed at least 100 complaints from the ROR database, charging SEO Company’s “clients” approximately $3,000 to $5,000 for removal of each complaint.
The charges contained in the indictment are merely accusations, and the defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
The Diab case was investigated by DEA’s Miami Field Division and Special Operations Division. Assistant State Attorney Adam C. Korn, Executive Director of the South Florida Financial Crimes Strike Force of the Miami-Dade State Attorney Katherine Fernandez Rundle Office is prosecuting the case. The Epifaniou case was investigated by the FBI Atlanta and Phoenix Field Offices. Assistant U.S. Attorney Nathan Kitchens of the Northern District of Georgia is handling the prosecution in that District and Assistant U.S. Attorneys James Knapp and Andrew Stone are handling the prosecution in the District of Arizona.