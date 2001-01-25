U.S. Army Soldier Arrested in AT&T, Verizon Extortions:
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea.
Cameron John Wagenius was arrested near the Army base in Fort Hood, Texas on Dec. 20, after being indicted on two criminal counts of unlawful transfer of confidential phone records.
The sparse, two-page indictment (PDF) doesn't reference specific victims or hacking activity, nor does it include any personal details about the accused. But a conversation with Wagenius' mother — Minnesota native Alicia Roen — filled in the gaps.
Roen said that prior to her son's arrest he'd acknowledged being associated with Connor Riley Moucka, a.k.a. "Judische," a prolific cybercriminal from Canada who was arrested in late October for stealing data from and extorting dozens of companies that stored data at the cloud service Snowflake.
In an interview with KrebsOnSecurity, Judische said he had no interest in selling the data he'd stolen from Snowflake customers and telecom providers, and that he preferred to outsource that to Kiberphant0m and others. Meanwhile, Kiberphant0m claimed in posts on Telegram that he was responsible for hacking into at least 15 telecommunications firms, including AT&T and Verizon.
On November 26, KrebsOnSecurity published a story that followed a trail of clues left behind by Kiberphantom indicating he was a U.S. Army soldier stationed in South Korea.
[...] The profile photo on Wagenius' Facebook page was deleted within hours of my Nov. 26 story identifying Kiberphant0m as a likely U.S. Army soldier. Still, many of his original profile photos remain, including several that show Wagenius in uniform while holding various Army-issued weapons.
November's story on Kiberphant0m cited his own Telegram messages saying he maintained a large botnet that was used for distributed denial-of-service (DDoS) attacks to knock websites, users and networks offline. In 2023, Kiberphant0m sold remote access credentials for a major U.S. defense contractor.
Allison Nixon, chief research officer at the New York-based cybersecurity firm Unit 221B, helped track down Kiberphant0m's real life identity. Nixon was among several security researchers who faced harassment and specific threats of violence from Judische and his associates.
"Anonymously extorting the President and VP as a member of the military is a bad idea, but it's an even worse idea to harass people who specialize in de-anonymizing cybercriminals," Nixon told KrebsOnSecurity. She said the investigation into Kiberphant0m shows that law enforcement is getting better and faster at going after cybercriminals — especially those who are actually living in the United States.
"Between when we, and an anonymous colleague, found his opsec mistake on November 10th to his last Telegram activity on December 6, law enforcement set the speed record for the fastest turnaround time for an American federal cyber case that I have witnessed in my career," she said.
Nixon asked to share a message for all the other Kiberphant0ms out there who think they can't be found and arrested.
"I know that young people involved in cybercrime will read these articles," Nixon said. "You need to stop doing stupid shit and get a lawyer. Law enforcement wants to put all of you in prison for a long time."
Related: Cybercriminal Unmasked After Threatening Owner of Cybersecurity Firm
Related Stories
Accused hacker unmasked after threatening woman online:
When the accused Kitchener-based hacker known online as "Waifu" threatened a woman on the messaging app Telegram, it was the beginning of his downfall.
'Waifu" had been bragging about his criminal exploits in open groups on Telegram. But when he threatened Allison Nixon, the chief research officer at the U.S. cybersecurity firm Unit221B, his days were numbered.
Nixon is the co-owner of the U.S.-based cybersecurity firm named after the home address of the fictional detective Sherlock Holmes, and when she saw the violent threats against her, Nixon tasked one of her researchers to uncover his real identity.
After making a critical mistake in what cybersecurity types call "operational security," a member of Nixon's team was able to follow the digital bread crumb on the internet, the dark web and messaging apps to reveal "Waifu's" real identity.
[...] "We put some time into that this year, and we are basically half of the reason he got identified," said Nixon during a telephone interview. "We have had that name for months; we have been waiting for the arrest."
A Washington court issued an arrest warrant for Connor Riley Moucka, 25, for conspiracy, computer fraud and abuse, extortion in relation to computer fraud and aggravated identify theft.
[...] Moucka is alleged to be the mastermind behind the Snowflake hack — one of the biggest data breaches in history.
[...] In the more than 10 years Nixon has spent identifying cybercriminals, the man known as "Waifu" stands out for the jaw-dropping stupidity that brought the police to the quiet residential street in Kitchener where he lived in his grandfather's house.
[...] In response, "Waifu" started writing Telegram posts full of false and misleading information under different names. But he was also bragging about his crimes, and then he started attacking Nixon.
"All this accomplished was to draw a tonne of attention from a bunch of people he should never have attracted attention from," said Nixon.
[...] "The whole situation is so ironic for this Moucka person," said Nixon.
He repeatedly threatened her and her company on Telegram, which were not even working on the Snowflake hack at the time.
"Why would he target a company that is not working on his case and specializes in identifying cybercriminals?" said Nixon. "It is just the stupidest thing ever."