Federal prosecutors have filed a detention memorandum urging the court to indefinitely detain Cameron John Wagenius, a 21-year-old active-duty U.S. Army soldier stationed at Fort Cavazos, Texas, following his alleged involvement in a multi-state cybercrime campaign targeting at least 15 telecommunications providers.
The charges, unsealed ahead of a March 3 detention hearing, reveal a sprawling operation involving data theft, extortion attempts, and communications with foreign intelligence services.
The Charges and Extortion Scheme
Wagenius faces federal charges under 18 U.S.C. § 1039 for allegedly stealing and attempting to sell call detail records (CDRs) belonging to high-ranking government officials and their families.
According to court documents, he used the aliases kiberphant0m and cyb3rph4nt0m to post samples of stolen data on cybercrime forums in November 2024, threatening to release “literally all of it” unless a major telecom provider paid a $500,000 ransom.
The indictment alleges Wagenius enriched raw CDRs with personally identifiable information (PII), violating privacy protections Congress established specifically to shield victims of domestic violence, law enforcement personnel, and public figures.
Prosecutors note the stolen records included geolocation data and contact frequency metrics that could compromise national security if disseminated.
Ties to Foreign Intelligence and Attempted Defection
Investigators uncovered evidence suggesting Wagenius attempted to monetize stolen data beyond public extortion.
For two weeks in November 2024, he allegedly negotiated via email with an entity he believed to be Country-1’s military intelligence service, offering exclusive access to telecom datasets.
Subsequent Google searches on his devices included queries about whether “hacking can be treason” and instructions to “defect[] to Russia”.
His search history from October 2024 paints a portrait of premeditated flight risk:
- “where can i defect the u.s government military which country will not hand me over”
- “Embassy of Russia – Washington, D.C.”
- “how to get passport fast”
In encrypted chats, Wagenius allegedly boasted to a co-conspirator that military jurisdiction would buy him time to “go AWOL” if authorities discovered his activities.
Post-Arrest Misconduct and Technical Capabilities
Even after his December 2024 arrest, Wagenius reportedly violated direct orders from commanding officers by purchasing a new laptop and using VPN software to mask his online activity.
Army investigators seized the device, which contained evidence of continued data access through cloud storage platforms.
Prosecutors warn he retains “gigabytes of sensitive victim information” not yet recovered by law enforcement, including a cache of 17,000 stolen identity documents such as passports and driver’s licenses.
The case has alarmed cybersecurity experts due to Wagenius’ security clearance and military status.
“When someone with access to military networks starts funneling data to adversarial states, it blurs the line between cybercrime and espionage,” said Dr. Elena Torres of the Center for Strategic Cyber Studies.
“The depth of his access—and his apparent disregard for operational security—makes this a worst-case scenario”.
In their filing, prosecutors emphasized Wagenius’ technical aptitude and repeated defiance of authority as justification for detention:
- Flight Risk: Possession of fake ID materials, cryptocurrency holdings, and detailed defection plans
- Danger to Community: Demonstrated ability to weaponize sensitive datasets despite military supervision
- Non-Compliance: Violation of post-arrest restrictions within 48 hours of enforcement
The government rejected defense proposals for house arrest, noting his December 2024 laptop purchase occurred while under Army monitoring at Fort Cavazos.
“No combination of conditions can mitigate these risks,” the memorandum concludes.
Authorities confirm parallel probes into potential co-conspirators and foreign contacts, including a related case (United States v. Connor Riley Moucka and John Erin Binns) involving overlapping victims.
With Wagenius’ military discharge pending, the case tests jurisdictional boundaries between civilian and military justice systems.
As of publication, the defendant remains in custody awaiting his plea hearing.
The case underscores growing concerns about insider threats within defense infrastructure and the vulnerability of telecom networks to privileged actors.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
