A US Army soldier suspected of leaking presidential call logs was reportedly arrested in Texas on December 20, after being charged on two counts of unlawful transfer of confidential phone records.
The suspect, Cameron John Wagenius, 20, was arrested in Fort Hood, Texas, under the suspicion of being a cybercriminal who, using the online moniker of Kiberphant0m, had been offering and leaking call records stolen from telecommunication providers AT&T and Verizon.
The arrest came roughly one month after investigative journalist Brian Krebs revealed that a US soldier could be involved in the Snowflake hacking campaign that impacted hundreds of organizations, including Anheuser-Busch, Allstate, Advance Auto Parts, Mitsubishi, Neiman Marcus, Progressive, Santander Bank, State Farm, and Ticketmaster.
In a new report, Krebs reveals that Wagenius, a communications specialist who was at one point stationed in South Korea, is likely Kiberphant0m, and that he is associated with Connor Riley Moucka, also known as Judische, a Canadian national arrested in late October in connection to the Snowflake account hacking.
Shortly after Moucka was arrested, Kiberphant0m – in an effort to extort AT&T – published on the cybercriminal portal BreachForums what appeared to be stolen call logs for President Donald Trump and for Vice President Kamala Harris.
He also offered an alleged “data schema” from the National Security Agency, call logs for US government agencies and emergency first responders allegedly stolen from Verizon, and a SIM-swapping service targeting Verizon’s push-to-talk (PTT) customers.
Kiberphant0m also boasted on Telegram about hacking more than 15 telecom providers, including AT&T and Verizon, and about maintaining a distributed denial-of-service (DDoS) botnet.
A December 20 indictment (PDF) alleges that, in early November, Wagenius was involved in the sale and transmission of confidential phone records information, but provides no further details on the suspect’s identity or on his connection to the Snowflake attacks.
According to Krebs, however, Wagenius’ mother has confirmed his involvement in cybercriminal activities, while Moucka previously revealed that he had outsourced the sale of data stolen from Snowflake customers to Kiberphant0m.
To date, three arrests were made in connection to the Snowflake attacks. In addition to Moucka and Wagenius, authorities arrested John Erin Binns, who previously took credit for hacking T-Mobile in 2021, and who is currently held in prison in Turkey.
Related: LockBit Ransomware Developer Arrested in Israel at Request of US
Related: Rydox Cybercrime Marketplace Disrupted, Administrators Arrested
Related: Another NetWalker Ransomware Affiliate Gets 20-Year Prison Sentence in US
Related: Seattle Woman Gets Probation for Massive Capital One Hack