US Army Soldier Arrested Over Alleged Role in AT&T, Verizon Hacking Scandal
In a surprising and troubling case, a 20-year-old U.S. Army soldier has been charged with playing a key role in a cybercrime operation that targeted major telecom giants like AT&T and Verizon. Cameron John Wagenius, arrested on December 20 at Fort Hood, Texas, allegedly leaked confidential phone records, including those tied to high-profile government officials.
This arrest is part of an ongoing investigation into a sprawling cybercrime campaign linked to the hacking group responsible for the infamous Snowflake attacks.
Table of Contents
Unmasking “Kiberphant0m”: The Cybercriminal Persona
Wagenius, a communications specialist who previously served in South Korea, is suspected of operating under the alias Kiberphant0m. Using this online moniker, he allegedly infiltrated telecom systems to steal sensitive data. Reports indicate that the stolen information included:
- Call logs for former President Donald Trump and Vice President Kamala Harris.
- Records from U.S. government agencies and emergency first responders.
- Data purportedly linked to the National Security Agency (NSA).
- A SIM-swapping service targeting Verizon’s push-to-talk (PTT) customers.
In addition to these activities, Kiberphant0m claimed responsibility for hacking more than 15 telecom providers and boasted about running a distributed denial-of-service (DDoS) botnet.
Links to the Snowflake Hacking Campaign
The arrest follows a report by investigative journalist Brian Krebs, who previously hinted at a U.S. soldier's involvement in the Snowflake hacking campaign. This campaign compromised hundreds of organizations, including major corporations like Anheuser-Busch, Allstate, and Mitsubishi.
Krebs identified Wagenius as a key associate of Connor Riley Moucka, a Canadian hacker arrested in October. Moucka, also known as "Judische," allegedly collaborated with Wagenius to sell data stolen from Snowflake victims.
In a chilling development, shortly after Moucka's arrest, Kiberphant0m escalated his activities by leaking sensitive call logs and offering stolen data for sale on cybercriminal platforms such as BreachForums.
An Arrest That May Not Be the Last
Wagenius is now the third individual arrested in connection with the Snowflake attacks. Authorities previously detained Moucka and John Erin Binns, a hacker linked to the 2021 T-Mobile breach. Binns is currently in custody in Turkey.
A December 20 indictment accuses Wagenius of selling and transmitting confidential phone records but offers limited details on his alleged role in the Snowflake campaign. However, additional evidence, including statements from Wagenius’ own mother, appears to corroborate his involvement in cybercrime activities.
A Growing Threat
The arrest highlights the alarming rise of insider threats and the vulnerabilities of critical communication networks. With hackers increasingly targeting telecom providers to access confidential data, the fallout from such breaches extends far beyond financial losses. The exposure of high-level government officials’ call logs poses serious national security risks.
While authorities have taken decisive action in apprehending key suspects, the scope of the Snowflake attacks underscores the need for heightened cybersecurity measures, particularly within sectors handling sensitive communications.
Final Thoughts
The arrest of Cameron John Wagenius sends a strong message about the consequences of engaging in cybercrime. However, it also serves as a sobering reminder of the ongoing battle against increasingly sophisticated hacking operations. With multiple arrests linked to the Snowflake campaign, law enforcement agencies are making strides, but the broader fight to secure digital systems and protect sensitive data is far from over.
Cybercriminals may think they are untouchable, but as this case shows, they are being brought to justice—one step at a time.