What just happened? A US Army soldier has been arrested on suspicion that he attempted to sell stolen sensitive customer data belonging to telecommunications companies AT&T and Verizon last year. Twenty-year-old Cameron John Wagenius was arrested on December 20 and charged with two counts of unlawful transfer of confidential phone records information.
Cybersecurity journalist Brian Krebs wrote that Wagenius went by the name Kiberphant0m online. Shortly after the arrest of Connor Riley Moucka, one of the men accused of stealing sensitive customer data housed by cloud storage service Snowflake, Kiberphant0m posted on BreachForums what he claimed to be the stolen AT&T call logs for President-elect Donald Trump and for Vice President Kamala Harris. He signed the post “#FREEWAIFU.”
Kiberphant0m threatened to release all government call logs unless AT&T contacted him or someone called Reddinton, whose identity remains unknown.
“In the event you do not reach out to us @ATNT, all presidential government call logs will be leaked,” Wagenius allegedly threatened. ” You don’t think we don’t have plans in the event of an arrest? Think again.”
Kiberphant0m also posted sales threads for call logs stolen from Verizon’s push-to-talk (PTT) customers, mainly US government agencies and emergency first responders.
The Desk reports that Wagenius was detained by federal law enforcement authorities in Waco, Texas, on December 20, two days after a grand jury in Washington state indicted him on two criminal counts related to the unauthorized collection and attempted distribution of confidential phone records.
Krebs spoke with Wagenius’ mother, Alicia Roen. She said he’d acknowledged being associated with Moucka, a.k.a. “Judische,” adding that her son worked on radio signals and network communications at an Army base in South Korea for the past two years, returning to the United States periodically.
“I never was aware he was into hacking,” Roen said. “It was definitely a shock to me when we found this stuff out.”
Wagenius is not accused of targeting Snowflake directly, but investigators believe he obtained call records from either Moucka or John Binns, who was also identified as a suspect in the attack, with the direction to distribute them in online hacking forums. Binns and Moucka face 20 counts of conspiracy, computer fraud and abuse, wire fraud, and aggravated identity theft. Both men allegedly demanded ransom payments from victims before eventually selling the data.
Leave a Comment