The U.S. Department of Justice has charged a 20-year-old U.S. Army soldier, Cameron John Wagenius, in connection with a hacking scheme to sell stolen phone records. According to an indictment, Wagenius allegedly sold “confidential phone records” through online forums and communication platforms last November. While the indictment does not specify the exact data stolen, cybersecurity journalist Brian Krebs reported that Wagenius is linked to significant breaches attributed to the alias “Kiberphant0m.”
According to a report by KrebsonSecurity, Wagenius is charged with two counts of unlawful transfer of confidential phone records information.
The indictment alleges that in November 2024, he knowingly sold stolen phone records online. While court documents do not detail the extent of the hacked material, cybersecurity sources suggest that Wagenius operated under the alias “Kiberphant0m” and was involved in hacking at least 15 telecom firms.
‘Kiberphant0m’ is also reportedly connected to the “Snowflake data breaches,” a series of cyberattacks that exposed sensitive data from multiple corporations. These breaches allegedly included the theft of remote access credentials for a U.S. defense contractor and AT&T customer call records, which reportedly included high-profile figures such as President-elect Donald Trump and Vice President Kamala Harris.
Investigations revealed that Wagenius worked on communications systems at a U.S. Army base in South Korea.
He is believed to have collaborated with Connor Riley Moucka, another hacker implicated in the Snowflake data breaches. Moucka and accomplice John Binns are accused of stealing and distributing massive volumes of data, including billions of call and text records of AT&T users.
Cybersecurity experts, including Allison Nixon of Unit 221B, played a key role in identifying Kiberphant0m’s identity. Nixon and her team faced harassment during the investigation, but their work led to the arrests of Moucka and Wagenius, effectively dismantling part of the hacking operation.
