National Crime Agency says Brit teen accused of Twitter hack has not been arrested

Bognor Regis man still faces 20 years in clink, though

The British teenager accused of being part of the gang that hacked Twitter and posted a cryptocurrency scam from various US celebrities' accounts has not yet been arrested.

Mason Sheppard, a 19-year-old of Bognor Regis in the English county of West Sussex, has been visited by the National Crime Agency but no arrests have been made on this side of the Atlantic.

However, one of Sheppard's co-accused, 17-year-old Graham Clark of Florida, USA, appeared in a local court on Saturday to enter a not-guilty plea over the account hijackings.

On 15 July, a flurry of tweets from verified Twitter accounts exhorted followers to send Bitcoin to a specified wallet. Those endorsing this bizarre message included Bill Gates, Elon Musk, Kanye West, Joe Biden, Barack Obama, Jeff Bezos, Mike Bloomberg, Warren Buffett, Benjamin Netanyahu, and Kim Kardashian, among others.

Three teenagers alleged to have masterminded the social-engineering attack necessary to pull off the hack were charged last Friday. Among the accused was Sheppard, said to have used the Discord username "ever so anxious#001" and another handle, "Chaewon".

A National Crime Agency spokeswoman told The Register: "The Agency has supported the US investigation and on Friday 31 July officers from the NCA and the South East Regional Organised Crime Unit searched a property in Bognor Regis, West Sussex. We remain in continued liaison with the US authorities."

El Reg understands no arrests have been made by the NCA. In an affidavit against Sheppard published online by the US Department of Justice, it is said that "Chaewon" had "discussed turning themselves in to law enforcement after the Twitter hack became publicly known". US prosecutor Tigran Gambaryan alleged that he was able to identify Sheppard after tracing his Bitcoin wallet back to US-based cryptocurrency exchange Coinbase, which gave investigators access to account records revealing a copy of Sheppard's email address, passport and driving licence, with the latter revealing his address.

Sheppard stands accused of conspiracy to commit wire fraud, computer intrusion and money laundering, all US federal offences. He faces a maximum potential prison sentence of 20 years and a $250,000 fine.

It is said by American prosecutors that Sheppard acted as a middleman, brokering the theft of Twitter accounts and payments by those eager to claim so-called OG (original gangster) usernames as a status symbol; ones that are either very short or consist of one word.

It appears likely that an extradition hearing will form part of Sheppard's medium-term future.

Yesterday's US court hearing for Clark was livestreamed on Zoom, leading to some predictable and unpleasant results, according to infosec journalist Brian Krebs:

A third member of the alleged hacking crew was named last Friday by prosecutors as Nima Fazeli, 22, of Orlando, Florida.

The US Department of Justice has been asked for comment. America's London embassy did not return phone calls to its press office seeking comment. ®

Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021