Federal authorities have apprehended a serving member of the U.S. military in connection with a breach of Snowflake customer accounts and subsequent extortion. Cameron John Wagenius, 20, was taken into custody on December 20 near Fort Cavazos, formerly known as Fort Hood, in Texas. The arrest came following a two-count indictment filed against Wagenius in Seattle federal court on December 18, accusing him of unlawfully selling and transferring confidential phone records information obtained fraudulently.
The indictment did not specifically reference the cloud-based data warehousing platform Snowflake, but Wagenius’ mother confirmed that her son had been associating with Connor Riley Moucka, also known as “Judische” or “Waifu.” Moucka, along with American John Binns, has been accused of stealing terabytes of data from Snowflake and extorting millions of dollars in cryptocurrency from victims, according to a separate U.S. indictment.
It was reported that at least 10 organizations whose data was compromised in the Snowflake breach received ransom demands ranging from $300,000 to $5 million. One of the victims, AT&T, paid a ransom of $370,000 to prevent the leaked data from being exposed. Moucka has already been arrested by Canadian authorities, while Binns was apprehended in Turkey in connection with a previous hacking incident targeting T-Mobile.
Following the successful breach of Snowflake accounts, the cloud provider has implemented various security enhancements, including mandatory multifactor authentication for new accounts and regular prompts for established users to enable this additional layer of security. Investigators believe that a contributor to a cybercriminal site selling data from Snowflake victims may be a U.S. soldier stationed in South Korea.
The individual, operating under the handle “Kiberphant0m,” has reportedly offered sensitive data and hacking services for sale on the dark web, including information allegedly stolen from Verizon and other organizations. Kiberphant0m’s activities escalated after Moucka’s arrest, with threats to leak confidential information unless certain demands were met. This ongoing cybercrime saga underscores the challenges faced by organizations in securing sensitive data and protecting against extortion attempts by malicious actors.
Overall, the interconnected web of cybercrime, data breaches, and extortion schemes highlights the critical need for robust cybersecurity measures and proactive defense strategies to safeguard against evolving threats in an increasingly digital world. The collaboration between law enforcement agencies and cybersecurity experts is crucial in identifying, apprehending, and prosecuting individuals involved in such criminal enterprises to uphold the integrity of digital infrastructure and protect organizations and individuals from financial and reputational harm.