A 20-year-old U.S. Army soldier has been indicted on two criminal counts related to the unlawful transfer of confidential phone records from major telecommunications carriers. Cameron John Wagenius, who was arrested on December 20, 2024, near Fort Hood, Texas, is alleged to be the cybercriminal known as “Kiberphant0m.” The case represents the latest in a series of high-profile telecom security breaches that have highlighted vulnerabilities in carrier authentication systems.
The charges stem from the theft and sale of sensitive customer call records from AT&T and Verizon. The stolen data included customer phone numbers, call records, and cell site identification numbers, which can potentially reveal customer locations within approximately 300 feet in certain areas. The precise location tracking capability has raised particular concerns among privacy advocates and security experts, as it exceeds typical cellular tracking capabilities.
Federal investigators connected Wagenius to Connor Riley Moucka, also known as “Judische,” a Canadian cybercriminal arrested in October for data theft and extortion involving multiple companies storing data on the Snowflake cloud platform. According to chat logs analyzed during the investigation, Kiberphant0m was identified as a U.S. soldier stationed in South Korea. The international nature of this collaboration demonstrates the growing complexity of cybersecurity threats facing telecommunications providers.
The investigation revealed that the perpetrator posted on BreachForums claiming to possess AT&T call logs for President-elect Donald J. Trump and Vice President Kamala Harris, accompanied by threats to release presidential government call logs. AT&T reportedly paid $373,000 in Bitcoin following a data breach that affected nearly their entire customer base. The company stated that the data was accessed through a third-party cloud platform, similar to vulnerabilities identified by the NSA and CISA in their recent guidelines for cloud security.
Allison Nixon, chief research officer at Unit 221B, a New York-based cybersecurity firm, assisted in identifying Kiberphant0m’s real identity. Nixon noted that law enforcement agencies are becoming more efficient at apprehending cybercriminals operating within the United States. The improved efficiency comes as telecommunications providers have been implementing enhanced security measures, including new authentication solutions and identity verification systems.
The case highlights the increasing intersection between cybercrime and telecommunications security, particularly involving major carriers and cloud service providers. The investigation remains ongoing as authorities continue to examine the full scope of the data breaches and their impact. The incident has prompted renewed discussions about the need for stronger security protocols in telecommunications infrastructure, especially regarding third-party access to sensitive customer data.
Sources: KrebsOnSecurity, 9to5Mac, Buffalo Police Benevolent Association
Follow Us