Cameron John Wagenius, a 20-year-old U.S. Army soldier who recently pleaded guilty to leaking phone records for high-ranking U.S. government officials, is currently facing the prospect of remaining in custody until his discharge from the military. According to prosecutors involved in the case, Wagenius was found to have searched online for non-extradition countries and had been contemplating whether hacking could be considered treason.
Wagenius, also known by the alias Kiberphant0m, was apprehended near the Army base in Fort Cavazos, Texas, on December 20. He has been charged with unlawfully transferring confidential phone records. As a communications specialist stationed at a U.S. Army base in South Korea, Wagenius was part of a group of criminal hackers who extorted multiple companies last year by leveraging stolen data.
The hacking spree began when malicious actors discovered that several companies had stored sensitive customer records on the cloud data storage service Snowflake, with minimal security measures in place. After obtaining stolen account credentials from darknet markets, the hackers proceeded to pilfer data repositories belonging to major corporations, including AT&T, TicketMaster, Lending Tree, Advance Auto Parts, and Neiman Marcus.
In a series of online posts on a cybercrime forum, Kiberphant0m threatened to leak the pilfered phone records unless a ransom was paid. Specifically targeting AT&T, Wagenius demanded $500,000 to prevent the release of all the stolen records. Despite entering a guilty plea for two counts of unlawfully transferring phone records, Wagenius faces the likelihood of continued detention due to flight risk concerns raised by prosecutors.
The government cited evidence indicating that Wagenius had engaged in additional malicious activities beyond the charged offenses. His online searches included queries related to defection to countries with no extradition treaties with the United States, such as Russia. Furthermore, investigators found extensive personal identification files on Wagenius’ laptop, as well as evidence suggesting attempts to sell stolen information to a foreign military intelligence service.
Prosecutors argued that Wagenius posed a substantial flight risk and possessed the means and intent to flee prosecution. They emphasized his interest in evading charges by defecting to another country, echoing the actions of his alleged co-conspirator John Erin Binns. Binns, currently detained in a Turkish prison for his involvement in the Snowflake hack, also explored the possibility of seeking refuge in Russia.
In a separate development, Canadian authorities apprehended another member of the extortion conspiracy, Connor Riley Moucka, in late November 2024. Both Moucka and Binns have been indicted by the U.S. government for various counts of wire fraud, computer fraud, extortion, and aggravated identity theft.
As Wagenius awaits his sentencing, he faces a potential sentence of up to ten years in prison and fines of up to $250,000 for each count of unlawfully transferring phone records. The government’s concern over his flight risk highlights the severity of the charges and the defendant’s perceived intent to evade justice.