A 20-year-old U.S. Army soldier, Cameron John Wagenius, has been arrested and indicted by federal authorities for allegedly selling confidential customer call records stolen from major telecommunications companies AT&T and Verizon.
Known online as “Kiberphant0m,” Wagenius was apprehended near an Army base in Fort Hood, Texas, on December 20. He faces two criminal counts of unlawfully transferring sensitive phone records.
Wagenius, who served as a communications specialist in the U.S. Army and was recently stationed in South Korea, is accused of using his technical expertise to orchestrate a series of cybercrimes.
The indictment links him to the sale and leakage of sensitive data from at least 15 telecommunications companies. These records allegedly included call logs belonging to high-profile individuals, such as government officials.
According to Grebs On Security, the investigation gained traction in November 2024 after cybersecurity journalist Brian Krebs identified Wagenius as a potential suspect.
The trail of evidence, found in Telegram messages and hacker forums like BreachForums, pointed to his involvement in various criminal activities, including SIM-swapping services and distributed denial-of-service (DDoS) attacks.
Wagenius reportedly collaborated with Canadian cybercriminal Connor Riley Moucka, also known as “Judische,” who was arrested in October for extorting companies and stealing data from cloud service provider Snowflake.
Moucka had entrusted Kiberphant0m to sell stolen information, including data from AT&T and Verizon customers, as well as offering access to U.S. defense contractor systems.
After Moucka’s arrest, Kiberphant0m escalated his activities, posting AT&T call logs allegedly belonging to President-elect Donald Trump and Vice President Kamala Harris, further threatening to leak additional government call records.
On November 5, he offered Verizon push-to-talk (PTT) call logs — a service frequently used by U.S. government agencies and emergency responders.
In his final online activities, Kiberphant0m claimed to have stolen data from the National Security Agency (NSA) and advertised compromised credentials of a U.S. defense contractor.
Wagenius’ digital footprint, including Facebook photos showing him in uniform, further linked his real-world identity to his online persona.
Cybersecurity analyst Allison Nixon, from Unit 221B, played a key role in uncovering Wagenius’ identity.
She highlighted the unprecedented speed of law enforcement response, stating it was the fastest resolution to a U.S. federal cyber case in her experience.
Nixon also warned other young cyber criminals of the severe consequences of engaging in illegal activities.“This should serve as a wake-up call,” Nixon said. “Law enforcement is getting better and faster at unmasking cybercriminals. It’s not worth the risk.”
The case has been transferred to the U.S. District Court for the Western District of Washington in Seattle, where Wagenius will face trial.
If convicted, this case will underscore the growing sophistication of law enforcement in tackling cybercrime and the risks posed by insiders with access to sensitive systems.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Cybersecurity researcher "0xdf" has cracked the "Ghost" challenge on Hack The Box (HTB), a premier…
Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering…
The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…
Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…
A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…
EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…