In a court motion filed on Wednesday, prosecutors revealed that a U.S. military officer who recently confessed to leaking phone records of high-ranking U.S. officials had searched the internet for countries where extradition is not enforced, as well as sought an answer to the question “can hacking be treason?” The authorities plan to keep him in custody until his military discharge.
One of Cameron Wagenius’s selfies from his Facebook profile.
Cameron John Wagenius, aged 21, was apprehended near Fort Cavazos in Texas on December 20 and accused of two illegal transfers of confidential phone records. Wagenius, a communications specialist stationed at a U.S. base in South Korea, operated under the alias Kiberphant0m and was part of a group of cybercriminals who extorted multiple firms last year using stolen data.
In late 2023, malicious actors discovered that several firms had stored sensitive customer data in Snowflake, a cloud service without robust security measures. Exploiting stolen credentials from dark web markets, the hackers infiltrated data repositories of major organizations.
One of the affected entities was AT&T, which reported that hackers had compromised personal details and phone records of around 110 million individuals—almost all of its clientele. AT&T allegedly paid a ransom of $370,000 to prevent the leak of phone records. Over 160 other companies, including TicketMaster, Lending Tree, Advance Auto Parts, and Neiman Marcus, also suffered data breaches via Snowflake.
In November, Kiberphant0m shared some of the stolen phone records on an underground cyber forum and threatened to disclose all unless a ransom was paid. Prosecutors mentioned that besides the public threats, Wagenius attempted to blackmail “Victim-1,” believed to be AT&T, privately demanding $500,000 in exchange for not exposing the data.
On February 19, Wagenius pleaded guilty to two charges of unlawfully transferring phone records without a plea bargain. Despite his attorneys’ plea for him to stay with his father until sentencing, prosecutors in Seattle argued that he posed a flight risk.
According to a recent court filing (PDF), investigators found that Wagenius had searched for information on fleeing to non-extradition countries even before his arrest. While extorting AT&T, he made searches such as:
-“what countries don’t extradite U.S. military personnel”
-“U.S. army defection to Russia”
-“Russian Embassy Washington, D.C.”
The government memo stated, “The charged offenses may only be the tip of the iceberg concerning Wagenius’ illegal activities.” It mentioned that in November 2024, Wagenius corresponded with an email believed to be from a foreign military intelligence service to sell stolen data. Afterward, he queried “can hacking be considered treason.”
Investigators also discovered on Wagenius’ device a screenshot indicating possession of over 17,000 identity-related files and a false ID with his photo on one of his online accounts.
Prosecutors asserted, “Wagenius must be detained due to the risk of fleeing, his ability and intention to escape, and the likelihood of further charges being pressed against him.”
The filing mentioned that Wagenius is awaiting discharge from the Army, with specific arrangements for his release currently pending.
Wagenius’s desire to flee prosecution echoes that of another suspect, John Erin Binns, a 25-year-old American indicted by the Justice Department for his involvement in a 2021 T-Mobile breach. Binns faces charges related to the Snowflake attack and extortion schemes and is currently detained in Turkey, reportedly after inquiring about Russian citizenship at the Russian embassy.
In late 2024, Canadian authorities apprehended Connor Riley Moucka, a 25-year-old from Kitchener, Ontario, linked to the extortion conspiracy. Moucka and Binns have been indicted by the U.S. government for multiple charges including wire fraud, computer fraud, and identity theft.
Prior to Wagenius’s arrest, KrebsOnSecurity analyzed Kiberphant0m’s online profiles, where he impersonated an Army officer stationed in South Korea.
If found guilty, Wagenius could face a maximum sentence of ten years in prison per count, with fines not exceeding $250,000.
About Author
