A U.S. Army communications specialist was arrested in Texas for allegedly leaking presidential call logs and hacking telecommunications firms as part of a broader cybercriminal operation linked to the Snowflake hacking campaign.
What happened
A U.S. Army soldier, Cameron John Wagenius, was arrested in Fort Hood, Texas, on December 20, facing charges of unlawfully transferring confidential phone records. The 20-year-old communications specialist is suspected of being "Kiberphant0m," a cybercriminal linked to the theft and sale of call records from major telecommunications companies AT&T and Verizon. His arrest follows a month-long investigation into the Snowflake hacking campaign, which impacted hundreds of organizations.
The backstory
AT&T
In April 2024, AT&T faced a data breach that impacted over 70 million customers. It included information from approximately 7.6 million current and 65.4 million former account holders. Discovered in early 2024, the breach exposed sensitive details such as Social Security numbers, email addresses, mailing addresses, phone numbers, and birth dates on the dark web.
Go deeper: AT&T data breach leaks info of over 70 million users to the dark web
Verizon
On October 10, 2024, Verizon experienced a second service outage affecting customers across the United States, particularly in the Great Plains region. Over 1,500 reports were made, affecting voice calls, internet access, and SOS signals on some phones. Nebraska and Minnesota faced the biggest disruptions, but issues were also reported in major cities like New York, Los Angeles, and Washington, DC. Verizon confirmed that its cell service had been restored, but the issue continued to affect customers in cities like Seattle and Washington, DC, with reduced data speeds and limited 5G service.
Go deeper: Verizon faces second major outage in 10 days
Going deeper
Wagenius, stationed in South Korea at one point, is believed to have collaborated with Canadian national Connor Riley Moucka, also known as “Judische.” Moucka was arrested in October for his role in the Snowflake campaign, which targeted companies like Anheuser-Busch, Mitsubishi, and Santander Bank. Shortly after Moucka’s arrest, Kiberphant0m reportedly leaked what appeared to be call logs for former President Donald Trump and Vice President Kamala Harris on the cybercriminal portal BreachForums.
Kiberphant0m also advertised sensitive data, including an alleged NSA data schema and SIM-swapping services targeting Verizon's push-to-talk customers. According to investigative journalist Brian Krebs, Wagenius’ online activities extended to hacking over 15 telecom providers and operating a botnet for distributed denial-of-service (DDoS) attacks.
What was said
According to Krebs on Security, Alicia Roen, Wagenius’ mother provided information on her son’s possible involvement in the breach. Roen revealed that Wagenius had acknowledged a connection with Moucka. “I never was aware he was into hacking,” Roen said. “It was definitely a shock to me when we found this stuff out.” She added that her son, who had worked with radio signals and network communications during his Army service in South Korea, had always excelled with computers.
After Moucka’s arrest, Kiberphant0m published a series of threats and leaks on BreachForums. These included purported AT&T call logs for President Donald Trump and Vice President Kamala Harris, accompanied by a demand: “In the event you do not reach out to us @ATNT all presidential government call logs will be leaked,” the post read, signed with “#FREEWAIFU” tags.
Cybersecurity expert Allison Nixon, who helped identify Wagenius, emphasized the dangers of such actions: “Anonymously extorting the President and VP as a member of the military is a bad idea,” Nixon said. “But it’s an even worse idea to harass people who specialize in de-anonymizing cybercriminals.” Nixon lauded law enforcement’s swift response, noting that it took less than a month to identify, track, and arrest Wagenius. “This was the fastest turnaround time for an American federal cyber case that I have witnessed in my career,” she added.
Why it matters
The breach of presidential call logs and sensitive government data raises serious concerns about vulnerabilities in telecom systems and the broader implications for U.S. national security.
See also: HIPAA Compliant Email: The Definitive Guide
The bottom line
Wagenius’ arrest marks a significant development in the ongoing Snowflake hacking investigation, which has so far led to three arrests, including that of John Erin Binns, the hacker behind T-Mobile’s 2021 breach. As authorities work to unravel the full scope of the cybercriminal network, the case highlights the critical need for enhanced cybersecurity measures to protect sensitive data.
FAQs
Why are call logs and telecommunications data valuable to hackers?
Call logs often contain sensitive information, such as timestamps, phone numbers, and communication patterns, which can be exploited for blackmail, fraud, espionage, or further cyberattacks.
What are the risks of presidential or government officials’ call logs being leaked?
Leaks of government officials’ call logs pose significant national security risks, including exposing sensitive communication patterns, compromising classified operations, and creating opportunities for blackmail or espionage.
How can individuals or organizations identify if they’ve been targeted in a telecom-related data breach?
Signs include unauthorized access to accounts, suspicious activity on phone bills, unexpected account lockouts, or alerts from the telecom provider about unusual activity.
Tshedimoso Makhene
