A U.S. Army soldier has been arrested in connection with alleged unauthorized access and transfer of confidential phone records from major telecommunications companies. Cameron John Wagenius, 20, was taken into custody on December 20, 2024, near Fort Hood, Texas, facing two criminal counts related to the unlawful transfer of confidential phone records. The arrest marks the latest in a series of high-profile telecommunications security breaches affecting major carriers.
Wagenius, who previously served as a communications specialist in South Korea, is suspected of operating under the alias “Kiberphant0m.” The alleged cybercriminal claimed responsibility for breaching at least 15 telecommunications companies, including AT&T and Verizon, and subsequently selling and leaking sensitive customer call records. The incident continues a concerning pattern of security breaches at AT&T that have resulted in significant financial losses and privacy violations.
The investigation revealed connections between Wagenius and Connor Riley Moucka, known online as “Judische,” who was arrested in Canada in October for his involvement in cybercrimes targeting companies using the Snowflake cloud service. The connection was confirmed by Wagenius’s mother, Alicia Roen.
In November, following Moucka’s arrest, the individual known as Kiberphant0m posted what they claimed were AT&T call logs belonging to President-elect Donald J. Trump and Vice President Kamala Harris on the hacking forum BreachForums. The post included demands directed at AT&T, threatening to leak additional presidential government call logs.
The cybercriminal’s activities extended to offering unauthorized access to Verizon’s push-to-talk service records, primarily affecting U.S. government agencies and emergency first responders. They also advertised a “SIM-swapping” service targeting Verizon PTT customers. SIM swapping has become an increasingly prevalent form of attack, with the FBI reporting that such schemes cost victims $48 million in 2023 alone.
“Anonymously extorting the President and VP as a member of the military is a bad idea, but it’s an even worse idea to harass people who specialize in de-anonymizing cybercriminals,” said Allison Nixon, chief research officer at Unit 221B, who played a key role in identifying Kiberphant0m’s real identity.
Federal prosecutors have requested Wagenius’s extradition to Washington state. The case connects to a broader investigation involving three suspects in the Snowflake data storage breaches, including Wagenius, Moucka, and John Erin Binns, an American residing in Turkey. The investigation comes amid increased efforts by federal agencies to strengthen mobile security protocols and protect sensitive communications infrastructure.
Sources: KrebsOnSecurity, Slashdot, The Register, SecurityWeek
Follow Us