A soldier in the U.S. Army has been taken into custody, suspected of extorting funds from AT&T and Verizon after significant data breaches that compromised a vast amount of customer information.
The 20-year-old was apprehended in proximity to Fort Hood, Texas, under the suspicion of being the cybercriminal dubbed Kiberphant0m – and her remarks may not bode well for the situation.
The indictment does not mention specific incidents, but Krebs on Security connects the arrest to hacks involving AT&T and Verizon, largely due to comments made by the accused’s mother.
Federal authorities have captured and indicted a 20-year-old U.S. Army soldier on charges of being Kiberphant0m, a cybercriminal selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon […]
Cameron John Wagenius, 20, was detained […] on December 20, after facing two criminal charges for unlawfully transferring confidential phone records.
The brief, two-page indictment (PDF) does not name specific victims or hacking incidents, nor does it provide any personal information about the accused. However, a conversation with Wagenius’ mother—Alicia Roen, a Minnesota native—helped clarify the situation.
Roen mentioned that before her son’s arrest, he admitted to being connected with Connor Riley Moucka, known as “Judische,” a notorious cybercriminal from Canada who was apprehended in late October for stealing data from and extorting numerous companies using the cloud service Snowflake.
Moucka was captured in November and has been charged with 20 counts. Reports suggest that while Moucka was the principal hacker, Wagenius’s role involved obtaining financial gain from the data.
Enormous AT&T Data Breach
One of the ransom requests seems to be tied to a massive data breach at AT&T, where personal information for nearly every customer was compromised.
In a staggering lapse of security, the stolen information encompasses not only customer phone numbers but also records of individual communications—a potential privacy disaster […]
Compounding the issue, hackers also managed to acquire cell site identification numbers for certain calls and texts, providing customer location accuracy within approximately 300 feet in some areas.
Subsequently, it was revealed that AT&T paid a ransom of $373k in Bitcoin to retrieve the data.
The company stated that the data originated from a third-party cloud platform, which is now thought to be Snowflake—where sensitive data from various companies, including personal information of 560 million TicketMaster customers, was also compromised.
Wired provided evidence that AT&T indeed paid a ransom to the hacker in exchange for the data’s deletion. The hacker’s original demand was $1 million in Bitcoin, but the final amount settled on was $373k.
Verizon Call Logs
The other ransom request seems to relate to Verizon call logs.
On November 5, Kiberphant0m offered call logs stolen from Verizon’s push-to-talk (PTT) clients—primarily U.S. government agencies and emergency first responders. On November 9, Kiberphant0m advertised a sales thread on BreachForums offering a “SIM-swapping” service targeting Verizon PTT clients. A SIM-swap allows fraudsters to leverage credentials that were phished or stolen from mobile phone provider employees to reroute a target’s calls and texts to a device they control.
The charges against Wagenius have been moved to the Western District of Washington in Seattle.
Photo by Levi Meir Clancy on Unsplash
FTC: We use income earning auto affiliate links. More.
