A former US soldier accused of hacking into AT&T and Verizon systems and leaking presidential call logs pleaded guilty to fraud and identity theft charges, the US Department of Justice announced.
According to court documents, the individual, Cameron John Wagenius, 21, engaged in hacking and extortion activities between April 2023 and December 2024, while on active duty with the US Army.
Using the nickname ‘kiberphant0m’, Wagenius and his co-conspirators aimed to defraud at least 10 organizations after obtaining login credentials for their networks.
The credentials, documents presented in court show, were obtained using a hacking tool called SSH Brute and through other means. The miscreants used Telegram group chats to share the stolen login information and to discuss obtaining access to the victims’ networks.
The hackers exfiltrated data from the compromised networks and extorted the victims, both via private communication and on public forums, threatening to publish the stolen information on cybercrime portals such as BreachForums and XSS.is.
According to court documents, the suspects also offered the data for sale on these forums, and successfully sold some of it. Furthermore, they used the data in other fraud schemes, such as SIM swapping.
The former US Army soldier and his co-conspirators attempted to extort over $1 million from the victim companies, the DoJ says.
Wagenius, who was arrested in December 2024, pleaded guilty to wire fraud conspiracy and extortion charges, which carry maximum penalties of 20 and five years in prison, and to identity theft charges, for which he could be sentenced to a mandatory two-year prison sentence, consecutive to any other prison time.
Previously, he pleaded guilty to sharing confidential phone records, in connection with these attacks.
The victim organizations have not been named, but investigative journalist Brian Krebs revealed that Wagenius was selling phone records stolen from AT&T and Verizon, and was likely involved in the Snowflake hacking campaign that affected hundreds of organizations.
Wagenius’ co-conspirators include Canadian national Connor Riley Moucka, also known as Judische, who was arrested in late October 2024 in connection to the Snowflake account hacking, and John Erin Binns, who was involved in the AT&T hack and previously took credit for the 2021 T-Mobile hack. Binns was arrested in Turkey in May 2024.
Related: Man Who Hacked Organizations to Advertise Security Services Pleads Guilty
Related: Iranian Man Pleads Guilty to Role in Baltimore Ransomware Attack
