Mason John Sheppard is a resident of Bognor Regis, West Sussex, England, United Kingdom. He was one of the four people behind the biggest security and privacy breach in Twitter’s history that happened in July 2020.
Graham Ivan Clark, a high school graduate born in Tampa, Florida, United States on January 9, 2003, was the mastermind of the Twitter hack. There were almost 130 accounts including high-profile verified accounts such as those of Barack Obama, Benjamin Netanyahu, Bill Gates, Elon Musk, Floyd Mayweather, Jeff Bezos, Joe Biden, Kanye West, Kim Kardashian West, Michael Bloomberg, Wiz Khalifa and Warren Buffet, cryptocurrency exchanges AngeloBTC, Binance, Bitfinex, Coinbase, Gemini and Kucoin and companies Apple and Uber.
The hacked accounts tweeted about “giving back to the community” and doubling any Bitcoin users sent to them. It netted the cryptocurrency worth more than $180,000, The New York Times estimated.
Aside from Sheppard and Clark, Nima Fazeli, a resident of Orlando, Florida, USA born in 1998, also participated in the cyberattack. On the gaming chatroom service Discord, Clark and Fazeli’s respective aliases were Kirk#5270 and Rolex#0373 while Sheppard used Chaewon and ever so anxious#0001.
U.S. Magistrate Judge Alex G. Tse authorized a search warrant, which federal agents executed on July 21, 2020 at a residence in the Northern District of California, USA. A juvenile, one of the occupants of the home, admitted to working with Sheppard to illegally sell Twitter account access.
According to the authorities, the Twitter hack may have started on May 3, 2020 and ended on July 16, 2020. Here are 10 more facts about Sheppard:
- On April 29, 2017, the IP address 126.96.36.199 was used to connect to his OGUsers account named Chaewon as well as another account on the forum named Mas, which he also controlled. The IP address resolves to Talk Talk Communications, an internet service provider based in the U.K. He controlled two Binance accounts related to his Chaewon bitcoin cluster bc1qdme7m3zy450m5gl0w9n2mrh8t8h6448xfzdlvv.
- On August 13, 2017, he created a Coinbase account with the user ID 599094f007e57a01cf67121d.
- When he exchanged private messages on OGUsers with another user of the forum on February 4, 2020, he made a purchase of a video game username and was instructed to send bitcoin to address 188ZsdVPv9Rkdiqn4V4V1w6FDQVk7pDf4.
- On February 5, 2020, his purchase address as Chaewon received approximately .088 bitcoin from his bitcoin cluster.
- On February 11, 2020, using his Chaewon account, he repeatedly announced on OGUsers that he was the person behind Mas.
- On February 15, 2020, he used his Chaewon account again to repeatedly announce on OGUsers that he was the person behind Mas.
- On July 15, 2020, as ever so anxious#0001, he received bitcoin from his Chaewon bitcoin cluster and sent bitcoin to Kirk#5270. On the same day, he sent to Clark several large deposit of bitcoin totaling approximately 3.69 bitcoin, which was approximately $33,000 at the time of payment. He brokered the sale of at least 10 Twitter addresses including @drug, @w and @L.
- After the cyberattack in July 2020, he told the New York Times that he got involved because he wanted to acquire unique Twitter user names. He explained that “just kinda found it cool having a username that other people would want.”
- He acted as a broker for Clark as Kirk#5270 by sending criminally derived proceeds from the sale of Twitter accounts to Kirk#5270 for the exchange for compromised accounts on the microblogging site. On July 22, 2020, he told KrebsOnSecurity, “Encountering Kirk was the worst mistake I’ve ever made due to the fact it has put me in issues I had nothing to do with. If I knew Kirk was going to do what he did, or if even from the start if I knew he was a hacker posing as a rep I would not have wanted to be a middleman.”
- He was 19 years old when the U.S. Department of Justice charged him in 2020 with conspiracy to commit wire fraud, conspiracy to commit money laundering and the intentional access of a protected computer in relation to the Twitter hack that also involved Clark and Fazeli.