Thursday, January 23, 2025
HomeCyber Security NewsUS Army Soldier Arrested for Allegedly Selling Customer Call Records From AT&T...

US Army Soldier Arrested for Allegedly Selling Customer Call Records From AT&T & Verizon

Published on

SIEM as a Service

Follow Us on Google News

A 20-year-old U.S. Army soldier, Cameron John Wagenius, has been arrested and indicted by federal authorities for allegedly selling confidential customer call records stolen from major telecommunications companies AT&T and Verizon.

Known online as “Kiberphant0m,” Wagenius was apprehended near an Army base in Fort Hood, Texas, on December 20. He faces two criminal counts of unlawfully transferring sensitive phone records.

One of several selfies on the Facebook page of Cameron Wagenius.
One of several selfies on the Facebook page of Cameron Wagenius.

Cybercrime Allegations and Shocking Ties

Wagenius, who served as a communications specialist in the U.S. Army and was recently stationed in South Korea, is accused of using his technical expertise to orchestrate a series of cybercrimes.

The indictment links him to the sale and leakage of sensitive data from at least 15 telecommunications companies. These records allegedly included call logs belonging to high-profile individuals, such as government officials.

According to Grebs On Security, the investigation gained traction in November 2024 after cybersecurity journalist Brian Krebs identified Wagenius as a potential suspect.

The trail of evidence, found in Telegram messages and hacker forums like BreachForums, pointed to his involvement in various criminal activities, including SIM-swapping services and distributed denial-of-service (DDoS) attacks.

Wagenius reportedly collaborated with Canadian cybercriminal Connor Riley Moucka, also known as “Judische,” who was arrested in October for extorting companies and stealing data from cloud service provider Snowflake.

Moucka had entrusted Kiberphant0m to sell stolen information, including data from AT&T and Verizon customers, as well as offering access to U.S. defense contractor systems.

After Moucka’s arrest, Kiberphant0m escalated his activities, posting AT&T call logs allegedly belonging to President-elect Donald Trump and Vice President Kamala Harris, further threatening to leak additional government call records.

Kiberphant0m posting what he claimed was a “data schema” stolen from the NSA via AT&T.
Kiberphant0m posting what he claimed was a “data schema” stolen from the NSA via AT&T.

On November 5, he offered Verizon push-to-talk (PTT) call logs — a service frequently used by U.S. government agencies and emergency responders.

In his final online activities, Kiberphant0m claimed to have stolen data from the National Security Agency (NSA) and advertised compromised credentials of a U.S. defense contractor.

Wagenius’ digital footprint, including Facebook photos showing him in uniform, further linked his real-world identity to his online persona.

Cybersecurity analyst Allison Nixon, from Unit 221B, played a key role in uncovering Wagenius’ identity.

She highlighted the unprecedented speed of law enforcement response, stating it was the fastest resolution to a U.S. federal cyber case in her experience.

Nixon also warned other young cyber criminals of the severe consequences of engaging in illegal activities.“This should serve as a wake-up call,” Nixon said. “Law enforcement is getting better and faster at unmasking cybercriminals. It’s not worth the risk.”

The case has been transferred to the U.S. District Court for the Western District of Washington in Seattle, where Wagenius will face trial.

If convicted, this case will underscore the growing sophistication of law enforcement in tackling cybercrime and the risks posed by insiders with access to sensitive systems.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...