The British teenager accused of being part of the gang that hacked Twitter and posted a cryptocurrency scam from various US celebrities' accounts has not yet been arrested.
Mason Sheppard, a 19-year-old of Bognor Regis in the English county of West Sussex, has been visited by the National Crime Agency but no arrests have been made on this side of the Atlantic.
However, one of Sheppard's co-accused, 17-year-old Graham Clark of Florida, USA, appeared in a local court on Saturday to enter a not-guilty plea over the account hijackings.
On 15 July, a flurry of tweets from verified Twitter accounts exhorted followers to send Bitcoin to a specified wallet. Those endorsing this bizarre message included Bill Gates, Elon Musk, Kanye West, Joe Biden, Barack Obama, Jeff Bezos, Mike Bloomberg, Warren Buffett, Benjamin Netanyahu, and Kim Kardashian, among others.
Three teenagers alleged to have masterminded the social-engineering attack necessary to pull off the hack were charged last Friday. Among the accused was Sheppard, said to have used the Discord username "ever so anxious#001" and another handle, "Chaewon".
A National Crime Agency spokeswoman told The Register: "The Agency has supported the US investigation and on Friday 31 July officers from the NCA and the South East Regional Organised Crime Unit searched a property in Bognor Regis, West Sussex. We remain in continued liaison with the US authorities."
El Reg understands no arrests have been made by the NCA. In an affidavit against Sheppard published online by the US Department of Justice, it is said that "Chaewon" had "discussed turning themselves in to law enforcement after the Twitter hack became publicly known". US prosecutor Tigran Gambaryan alleged that he was able to identify Sheppard after tracing his Bitcoin wallet back to US-based cryptocurrency exchange Coinbase, which gave investigators access to account records revealing a copy of Sheppard's email address, passport and driving licence, with the latter revealing his address.
Sheppard stands accused of conspiracy to commit wire fraud, computer intrusion and money laundering, all US federal offences. He faces a maximum potential prison sentence of 20 years and a $250,000 fine.
It is said by American prosecutors that Sheppard acted as a middleman, brokering the theft of Twitter accounts and payments by those eager to claim so-called OG (original gangster) usernames as a status symbol; ones that are either very short or consist of one word.
It appears likely that an extradition hearing will form part of Sheppard's medium-term future.
Yesterday's US court hearing for Clark was livestreamed on Zoom, leading to some predictable and unpleasant results, according to infosec journalist Brian Krebs:
Predictably, the Zoom hearing for the 17-year-old alleged Twitter hacker in Fla. was bombed multiple times, with the final bombing of a pornhub clip ending the zoom portion of the proceedings.— briankrebs (@briankrebs) August 5, 2020
A third member of the alleged hacking crew was named last Friday by prosecutors as Nima Fazeli, 22, of Orlando, Florida.
The US Department of Justice has been asked for comment. America's London embassy did not return phone calls to its press office seeking comment. ®