Federal authorities have arrested and indicted a 20-year-old U.S. Military soldier on suspicion of being Kiberphant0m, a cybercriminal who has been promoting and leaking delicate buyer name data stolen earlier this 12 months from AT&T and Verizon. As first reported by KrebsOnSecurity final month, the accused is a communications specialist who was just lately stationed in South Korea.
Certainly one of a number of selfies on the Fb web page of Cameron Wagenius.
Cameron John Wagenius, 20, was arrested close to the Military base in Fort Hood, Texas on Dec. 20, after being indicted on two legal counts of illegal switch of confidential telephone data.
The sparse, two-page indictment (PDF) doesn’t reference particular victims or hacking exercise, nor does it embody any private particulars in regards to the accused. However a dialog with Wagenius’ mom — Minnesota native Alicia Roen — stuffed within the gaps.
Roen mentioned that previous to her son’s arrest he’d acknowledged being related to Connor Riley Moucka, a.ok.a. “Judische,” a prolific cybercriminal from Canada who was arrested in late October for stealing knowledge from and extorting dozens of firms that saved knowledge on the cloud service Snowflake.
In an interview with KrebsOnSecurity, Judische mentioned he had no real interest in promoting the information he’d stolen from Snowflake prospects and telecom suppliers, and that he most well-liked to outsource that to Kiberphant0m and others. In the meantime, Kiberphant0m claimed in posts on Telegram that he was answerable for hacking into no less than 15 telecommunications corporations, together with AT&T and Verizon.
On November 26, KrebsOnSecurity revealed a narrative that adopted a path of clues left behind by Kiberphantom indicating he was a U.S. Military soldier stationed in South Korea.
An 18-year-old Cameron Wagenius, becoming a member of the U.S. Military.
Ms. Roen mentioned Cameron labored on radio indicators and community communications at an Military base in South Korea for the previous two years, returning to the USA periodically. She mentioned Cameron was all the time good with computer systems, however that she had no thought he may need been concerned in legal hacking.
“I by no means was conscious he was into hacking,” Roen mentioned. “It was positively a shock to me after we discovered these items out.”
Ms. Roen mentioned Cameron joined the Military as quickly as he was of age, following in his older brother’s footsteps.
“He and his brother once they had been like 6 and seven years outdated would ask for MREs from different international locations,” she recalled, referring to military-issued “meals able to eat” meals rations. “They each all the time wished to be within the Military. I’m undecided the place issues went mistaken.”
Instantly after information broke of Moucka’s arrest, Kiberphant0m posted on the hacker group BreachForums what they claimed had been the AT&T name logs for President-elect Donald J. Trump and for Vice President Kamala Harris.
“Within the occasion you don’t attain out to us @ATNT all presidential authorities name logs will probably be leaked,” Kiberphant0m threatened, signing their publish with a number of “#FREEWAIFU” tags. “You don’t suppose we don’t have plans within the occasion of an arrest? Suppose once more.”
Kiberphant0m posting what he claimed was a “knowledge schema” stolen from the NSA through AT&T.
On that very same day, Kiberphant0m posted what they claimed was the “knowledge schema” from the U.S. Nationwide Safety Company.
On Nov. 5, Kiberphant0m supplied name logs stolen from Verizon’s push-to-talk (PTT) prospects — primarily U.S. authorities businesses and emergency first responders. On Nov. 9, Kiberphant0m posted a gross sales thread on BreachForums providing a “SIM-swapping” service concentrating on Verizon PTT prospects. In a SIM-swap, fraudsters use credentials which are phished or stolen from cell phone firm staff to divert a goal’s telephone calls and textual content messages to a tool they management.
The profile photograph on Wagenius’ Fb web page was deleted inside hours of my Nov. 26 story figuring out Kiberphant0m as a probable U.S. Military soldier. Nonetheless, lots of his unique profile photographs stay, together with a number of that present Wagenius in uniform whereas holding numerous Military-issued weapons.
A number of profile photographs seen on the Fb web page of Cameron Wagenius.
November’s story on Kiberphant0m cited his personal Telegram messages saying he maintained a big botnet that was used for distributed denial-of-service (DDoS) assaults to knock web sites, customers and networks offline. In 2023, Kiberphant0m bought distant entry credentials for a significant U.S. protection contractor.
Allison Nixon is chief analysis officer on the New York-based cybersecurity agency Unit 221B who helped observe down Kiberphant0m’s actual life id. Nixon was amongst a number of safety researchers who confronted harassment and particular threats of violence from Judische and his associates.
“Anonymously extorting the President and VP as a member of the navy is a nasty thought, nevertheless it’s an excellent worse thought to harass individuals who specialise in de-anonymizing cybercriminals,” Nixon informed KrebsOnSecurity. She mentioned the investigation into Kiberphant0m exhibits that regulation enforcement is getting higher and quicker at going after cybercriminals — particularly those that are literally dwelling in the USA.
“Between after we, and an nameless colleague, discovered his opsec mistake on November tenth to his final Telegram exercise on December 6, regulation enforcement set the pace file for the quickest turnaround time for an American federal cyber case that I’ve witnessed in my profession,” she mentioned.
Nixon requested to share a message for all the opposite Kiberphant0ms on the market who suppose they’ll’t be discovered and arrested.
“I do know that younger individuals concerned in cybercrime will learn these articles,” Nixon mentioned. “You’ll want to cease doing silly shit and get a lawyer. Regulation enforcement needs to place all of you in jail for a very long time.”
The indictment in opposition to Wagenius was filed in Texas, however the case has been transferred to the U.S. District Courtroom for the Western District of Washington in Seattle.
