News: 1735720328

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

US Army soldier who allegedly stole Trump's AT&T call logs arrested

(2025/01/01)


A US Army soldier has been arrested in Texas after being indicted on two counts of unlawful transfer of confidential phone records information.

While the indictment

[1]PDF

doesn't specify any hacking activity or victims' names, Cameron John Wagenius, 20, is suspected of being a cybercriminal known as Kiberphant0m, who claimed to have breached at least 15 telecommunications firms including AT&T and Verizon, according to KrebsOnSecurity.

Wagenius is allegedly an associate of [2]Connor Riley Moucka , one of the men accused of compromising multiple organizations' Snowflake-hosted environments, stealing sensitive customer data housed in the cloud storage service, and then extorting victims for millions of dollars.

[3]

Infosec journalist Brian Krebs spoke with Wagenius' mother, Alicia Roen, who said her son worked on radio signals and network communications at an Army base in South Korea.

[4]

[5]

"I never was aware he was into hacking," Roen [6]said . "It was definitely a shock to me when we found this stuff out."

On November 6, shortly after Moucka's arrest, Kiberphant0m [7]bragged on BreachForums about stealing AT&T call logs for President-elect Donald Trump and for Vice President Kamala Harris. The crook threatened to leak all of the call logs unless AT&T contacted either Kiberphant0m or Reddinton, and signed the post "#FREEWAIFU."

[8]

The identity of Reddinton remains unknown.

According to the court documents, on or about November 6, Wagenius did "knowingly and intentionally sell and transfer, and attempt to sell and transfer, confidential phone records information of a covered entity, without prior authorization from the customer to whom such confidential phone records information was obtained fraudulently."

Wagenius appeared in a Texas court on December 20, and federal prosecutors requested his extradition to Washington state, TheDesk [9]reported .

[10]Here's what we know about the suspected Snowflake data extortionists

[11]Alleged Snowflake attacker gets busted by Canadians – politely, we assume

[12]Snowflake slams 'more MFA' button again – months after Ticketmaster, Santander breaches

[13]Suspected LockBit dev, facing US extradition, 'did it for the money'

Wagenius' indictment and subsequent arrest bring the number of suspects in the Snowflake data storage hacks to three. In addition to Wagenius and Moucka, who lives and was arrested in Canada, John Erin Binns, an American living in Turkey, was arrested earlier this year and is being held in a Turkish prison.

The Feds [14]unsealed an indictment against Moucka and Binns in November. Both men face 20 counts of conspiracy, computer fraud and abuse, wire fraud, and aggravated identity theft after allegedly breaking into at least 10 organizations' online environments and accessing "billions of sensitive customer records."

[15]

Federal prosecutors allege the duo also demanded ransom payments from the victims before ultimately selling the stolen data.

Previous reports indicated digital intruders compromised at least [16]165 Snowflake customers , including [17]AT&T , Santander Bank, [18]Ticketmaster , and [19]Advance Auto Parts .

The criminals may have ties to [20]Scattered Spider , which Google tracks as [21]UNC3944 . Scattered Spider is also believed to be behind the 2023 [22]Las Vegas casino digital heists. ®

Get our [23]Tech Resources



[1] https://regmedia.co.uk/2024/12/31/cameron_john_wagenius_indictment.pdf

[2] https://www.theregister.com/2024/11/11/infosec_in_brief/

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z3UgVFPLBgOPLAjC-o6GngAAAEw&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z3UgVFPLBgOPLAjC-o6GngAAAEw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z3UgVFPLBgOPLAjC-o6GngAAAEw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[6] https://krebsonsecurity.com/2024/12/u-s-army-soldier-arrested-in-att-verizon-extortions/

[7] https://x.com/elizzeserna/status/1854163024308994216

[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z3UgVFPLBgOPLAjC-o6GngAAAEw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[9] https://thedesk.net/2024/12/cameron-wagenius-kiberphant0m-arrested-indicted/

[10] https://www.theregister.com/2024/11/12/snowflake_hackers_indictment/

[11] https://www.theregister.com/2024/11/11/infosec_in_brief/

[12] https://www.theregister.com/2024/09/16/snowflake_mfa_default/

[13] https://www.theregister.com/2024/12/23/lockbit_ransomware_dev_extradition/

[14] https://www.theregister.com/2024/11/12/snowflake_hackers_indictment/

[15] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z3UgVFPLBgOPLAjC-o6GngAAAEw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[16] https://www.theregister.com/2024/06/11/crims_targeting_snowflake_customers/

[17] https://www.theregister.com/2024/07/12/att_110_million_call_text_logs/

[18] https://www.theregister.com/2024/05/29/breachforums_ticketmaster_data/

[19] https://www.theregister.com/2024/06/24/snowflake_breach_accelerating_into_snowball/

[20] https://www.theregister.com/2023/09/15/scattered_spider_snares_100_victims/

[21] https://www.theregister.com/2024/05/23/mandiant_cto_scattered_spider/

[22] https://www.theregister.com/2023/12/28/casino_ransomware_attacks/

[23] https://whitepapers.theregister.com/



#FREEWAIFU

Pascal Monett

Yeah.

Looks like you're going to need a #FREEME now.

Abou Ben Adhem (may his tribe increase!)
Awoke one night from a deep dream of peace,
And saw, within the moonlight in his room,
Making it rich, and like a lily in bloom,
An angel writing in a book of gold.
Exceeding peace had made Ben Adhem bold,
And to the presence in the room he said,
"What writest thou?" The vision raised its head,
And with a look made of all sweet accord,
Answered, "The names of those who love the Lord."
"And is mine one?" said Abou. "Nay not so,"
Replied the angel. Abou spoke more low,
But cheerly still; and said, "I pray thee then,
Write me as one that loves his fellow-men."
The angel wrote, and vanished. The next night
It came again with a great wakening light,
And showed the names whom love of God had blessed,
And lo! Ben Adhem's name led all the rest.
-- James Henry Leigh Hunt, "Abou Ben Adhem"