On Monday (December 30), the US federal authorities publicly released an indictment accusing an Army soldier of selling and attempting to sell stolen confidential phone records.
According to Reuters, Cameron John Wagenius was arrested on December 20 and charged with two counts of illegal transfer of confidential phone record information in the Western District Court of Waco, Texas. Court records did not disclose his rank or place of service. A US Army public affairs officer was also unable to immediately provide these details.
Per court documents, a Texas magistrate judge has ordered Wagenius to be sent to Seattle, the office location of the federal prosecutor handling the case. According to an indictment dated October 10, that office is dealing with the prosecution of Connor Moucka and John Binns, who are accused of being involved in a series of data leakage incidents related to “billions of sensitive customer service records”, text message history, bank and financial information, driver’s license numbers, passport numbers, social security numbers, and other personal information.
Allison Nixon, Chief Research Officer of the cybersecurity company Unit 221B, told Reuters that after Moucka’s hacker group “threatened us out of the blue,” she and an anonymous colleague identified Wagenius’ true identity. She stated that Wagenius is a member of that group.
“The response time of the law enforcement was the fastest I’ve seen in my entire career, it’s truly incredible,” Nixon said.
According to Reuters, Wagenius’ lawyer could not be immediately reached for comment. The Department of Justice and the Federal Bureau of Investigation (FBI) did not immediately respond to requests for comments on Tuesday (December 31).
As reported by the renowned security blog “KrebsOnSecurity,” the 20-year-old Wagenius is suspected to be the same person as the cybercriminal known as “Kiberphant0m”. “Kiberphant0m” has been selling and leaking sensitive customer call logs stolen earlier this year from AT&T and Verizon. As reported first by “KrebsOnSecurity” last month, the defendant is a recent communication expert stationed in South Korea.
“KrebsOnSecurity” mentioned that the indictment did not specify specific victims or hacking activities, nor did it include any detailed personal information about the defendant. Following Moucka’s arrest, “Kiberphant0m” promptly posted what they claimed to be AT&T call logs of Trump and call logs of Vice President Harris on the hacker community BreachForums.
Wagenius’ mother, Alicia Roen, told “KrebsOnSecurity” that before her son’s arrest, he had admitted to being associated with Moucka.
Roen stated that for the past two years, Wagenius had been working on radio signals and network communications at a military base in South Korea, regularly returning to the US. She mentioned that her son was skilled with computers, but she had never imagined he could be involved in criminal hacking activities.
“I never knew he was involved in hacking operations,” Roen said. “I was truly shocked when we found out about these things.”