Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

US Arrests Army Soldier Over AT&T, Verizon Hacking

US soldier Cameron John Wagenius was arrested and charged over his suspected connection to presidential phone records leaks.

Snowflake hacker arrested

A US Army soldier suspected of leaking presidential call logs was reportedly arrested in Texas on December 20, after being charged on two counts of unlawful transfer of confidential phone records.

The suspect, Cameron John Wagenius, 20, was arrested in Fort Hood, Texas, under the suspicion of being a cybercriminal who, using the online moniker of Kiberphant0m, had been offering and leaking call records stolen from telecommunication providers AT&T and Verizon.

The arrest came roughly one month after investigative journalist Brian Krebs revealed that a US soldier could be involved in the Snowflake hacking campaign that impacted hundreds of organizations, including Anheuser-Busch, Allstate, Advance Auto Parts, Mitsubishi, Neiman Marcus, Progressive, Santander Bank, State Farm, and Ticketmaster.

In a new report, Krebs reveals that Wagenius, a communications specialist who was at one point stationed in South Korea, is likely Kiberphant0m, and that he is associated with Connor Riley Moucka, also known as Judische, a Canadian national arrested in late October in connection to the Snowflake account hacking.

Shortly after Moucka was arrested, Kiberphant0m – in an effort to extort AT&T – published on the cybercriminal portal BreachForums what appeared to be stolen call logs for President Donald Trump and for Vice President Kamala Harris.

He also offered an alleged “data schema” from the National Security Agency, call logs for US government agencies and emergency first responders allegedly stolen from Verizon, and a SIM-swapping service targeting Verizon’s push-to-talk (PTT) customers.

Kiberphant0m also boasted on Telegram about hacking more than 15 telecom providers, including AT&T and Verizon, and about maintaining a distributed denial-of-service (DDoS) botnet.

A December 20 indictment (PDF) alleges that, in early November, Wagenius was involved in the sale and transmission of confidential phone records information, but provides no further details on the suspect’s identity or on his connection to the Snowflake attacks.

Advertisement. Scroll to continue reading.

According to Krebs, however, Wagenius’ mother has confirmed his involvement in cybercriminal activities, while Moucka previously revealed that he had outsourced the sale of data stolen from Snowflake customers to Kiberphant0m.

To date, three arrests were made in connection to the Snowflake attacks. In addition to Moucka and Wagenius, authorities arrested John Erin Binns, who previously took credit for hacking T-Mobile in 2021, and who is currently held in prison in Turkey.

Related: LockBit Ransomware Developer Arrested in Israel at Request of US

Related: Rydox Cybercrime Marketplace Disrupted, Administrators Arrested

Related: Another NetWalker Ransomware Affiliate Gets 20-Year Prison Sentence in US

Related: Seattle Woman Gets Probation for Massive Capital One Hack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.