TL;DR: A US Army soldier arrested in December for leaking the private call logs of then-President-elect Donald Trump and Vice President Kamala Harris has pleaded guilty to stealing phone records from at least two major US carriers. He faces up to 20 years in jail if convicted.
According to a filing in a federal court in Seattle, Cameron John Wagenius, a 20-year-old communications specialist stationed in South Korea, pleaded guilty to two counts of unlawfully transferring confidential phone records. The filing by Wagenius’ lawyer also revealed that the suspect faces up to 10 years in jail for each of the two counts of data leak and a fine of up to $250,000.
Wagenius was arrested near Fort Cavazos, Texas, on December 20 for attempting to sell stolen telecom data from AT&T and Verizon on the dark web. Following his arrest, federal authorities indicted him for “unlawful transfer of confidential phone records information.” The indictment was filed in the US District Court for the Western District of Texas in Waco, but it did not reveal the victims’ names and other details.
Krebs on Security revealed more information about Wagenius, including his status as a US soldier. The report also identified him as the notorious cybercriminal who operated on the dark web under the alias ‘Kiberphant0m.’
According to investigators, Kiberphant0m had warned AT&T that he would release customers’ call logs unless somebody from the company got in touch with him soon. To show he was serious, he released a sample of the stolen data. He also reportedly threatened to leak classified US government call records, including presidential call logs, if his demands were not met.
Wagenius’ actions are believed to be related to the hacking of cloud computing services company Snowflake, for which the feds indicted Alexander Connor Moucka and John Binns. The two are alleged to have netted around $2 million from the heist. According to US attorney Tessa Gorman, both the AT&T and Verizon hacks are part of the “same computer intrusion and extortion and include some of the same stolen victim information.”
In July 2024, AT&T announced that hackers were able to access its customer call and text records from 2022 through Snowflake. Fortunately for the victims, the data did not include social security numbers, but it was still a massive violation of privacy for many subscribers.
Along with AT&T and Verizon, the Snowflake breaches resulted in hackers gaining access to personal data from around 160 companies, including LendingTree, Santander Bank, Ticketmaster, and more. Customers of Indian state-owned telecom firm BSNL are believed to have also been affected.
