New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Cyprus Extradites Accused Cyber Criminal to United States, Setting New Precedent

The first ever extradition of a citizen of Cyprus to the United States took place last Friday when 21-year-old Joshua Polloso Epifaniou landed at JFK International Airport in New York on his way to face federal charges in Georgia and Arizona. Epifaniou is accused of wire fraud, conspiracy to commit wire fraud, conspiracy to commit computer fraud, identity theft and extortion related to a protected computer for his alleged role in a group carrying out ransomware attacks and threatening to publish data stolen from victim companies online unless the victim paid a ransom. The group is also alleged to have abused their unauthorized access to the servers of Ripoff Report, a company based in Arizona, to delete complaint reports against companies in return for payment. Cyprus amended its constitution in 2013 to allow for the extradition of its citizens to a European country or a third country on the basis of a bilateral treaty agreement. This extradition is the first to make use of that amendment.

Analyst Notes

Cyber criminals operating from other countries often are able to avoid criminal prosecution because their country’s constitutions do not allow its citizens to be extradited to face justice in another country. This extradition is an example of how laws are changing to allow for prosecutions of cyber criminals operating across international borders. Another recent example of progress being made in prosecuting international cyber-crimes is the trial and successful conviction of three members of the GozNym cybercrime network in Pittsburgh and Tbilisi, Georgia. In that case, the court in Tbilisi allowed FBI investigators to testify remotely and convicted citizens of Georgia were sentenced to prison terms in their country. Even cyber criminals from countries that do not cooperate with international law enforcement efforts, such as Russia, have been arrested when they traveled to European countries. It is important for companies to keep detailed logs and report cyber-crimes to law enforcement when appropriate to stop criminals from continuing to victimize other companies with impunity.