In a significant development for cybersecurity, a former US Army soldier has admitted to his role in one of the largest telecommunications data breaches in recent history, affecting over 100 million customers of major carriers AT&T and Verizon.
The Guilty Plea
Cameron John Wagenius, a 20-year-old former US Army communications specialist stationed in Texas, has pleaded guilty to two counts of unlawful transfer of confidential phone records information. The charges carry serious consequences, with each count potentially resulting in up to 10 years in prison and fines of up to USD 250,000.
- Criminal Charges:
- Maximum fine per count: USD 250,000
- Maximum prison sentence per count: 10 years
- Extortion proceeds: 36 bitcoin (USD 2.5 million)
The Scope of the Breach
The breach's impact was staggering, with AT&T reporting that hackers gained access to nearly all of their customers' phone records during a six-month period in 2022. The compromised data included detailed call and text histories, affecting more than 110 million customers who had to be notified of the breach. Verizon also suffered significant losses of customer call logs in the attack.
- Breach Impact:
- Number of affected customers: 110+ million
- Duration of breach: 6 months (2022)
- Number of companies affected through Snowflake: 160+
The Snowflake Connection
The breaches were linked to a larger cybersecurity incident involving Snowflake, a cloud services and data analytics provider. The attackers exploited unprotected accounts to access data from over 160 companies, including prominent names like Ticketmaster and LendingTree. The stolen information ranged from social security numbers and driver's licenses to passport details and banking information.
The Criminal Network
Wagenius, who operated under the alias Kiberphant0m, worked alongside two other alleged perpetrators: Connor Moucka and John Binns. The group conducted an extensive extortion campaign from November 2023 to October 2024, successfully extracting payments of 36 bitcoin (valued at USD 2.5 million at the time) from three victims. Notably, Wagenius attempted to extort AT&T and even claimed to possess call logs of high-profile individuals, including President Donald Trump and Vice President Kamala Harris.
The Investigation and Arrests
While Moucka and Binns were more open about their involvement, even communicating with media outlets prior to their arrests, Wagenius maintained a lower profile. However, his poor operational security led to his identification through forum posts and online activities, as noted by security researchers including Brian Krebs. The case represents a significant victory for law enforcement in combating cybercrime targeting critical telecommunications infrastructure.