A soldier in the U.S. Army has been taken into custody on allegations of extorting AT&T and Verizon, following extensive breaches that resulted in the theft of a significant volume of customer information.
The 20-year-old man was apprehended close to Fort Hood, Texas, suspected of being the hacker identified as Kiberphant0m. Statements made by his mother may complicate matters for him further.
The indictment does not mention specific cases, but Krebs on Security connects the arrest to breaches involving AT&T and Verizon, largely due to comments made by the suspect’s mother.
Federal authorities have apprehended and indicted a 20-year-old U.S. Army soldier suspected of being Kiberphant0m, a hacker who has been selling and leaking sensitive call records from AT&T and Verizon that were stolen earlier this year …
Cameron John Wagenius, 20, was arrested on December 20 after being indicted on two charges of unlawfully transferring confidential phone records.
The brief, two-page indictment (PDF) does not specify individual victims or hacking incidents, nor does it reveal personal details about the accused. However, a conversation with Wagenius’ mother, Alicia Roen from Minnesota, filled in some gaps.
Roen indicated that prior to his arrest, her son had acknowledged links to Connor Riley Moucka, known as “Judische,” a notorious cybercriminal from Canada who was arrested in late October for stealing data from numerous companies utilizing the cloud platform Snowflake.
Moucka was taken into custody in November and has been charged with 20 counts. Reports indicate that while Moucka was the lead hacker, Wagenius’s main responsibility was to extract financial gain from the stolen data.
Significant AT&T Data Breach
One ransom demand is reported to be associated with a substantial data breach at AT&T, during which personal information of nearly all customers was compromised.
A staggering lapse in security allowed hackers to steal not just customer phone numbers, but also detailed records of communications, posing a serious privacy threat …
Moreover, hackers managed to retrieve cell site identification numbers for certain calls and messages, pinpointing customer locations with an accuracy of approximately 300 feet in various areas.
It has been further reported that AT&T paid a ransom of $373,000 in Bitcoin for the deletion of the compromised data.
The telecom stated that the stolen information was acquired from a third-party cloud service, which is now believed to be Snowflake – where data from other companies, including the personal information of 560 million TicketMaster customers, was also compromised.
Wired indicates that AT&T indeed made a ransom payment to the hacker in exchange for the data’s deletion, initially demanding $1 million in Bitcoin, but the final amount settled was about $373,000.
Verizon Call Logs
The other ransom request appears to be linked to call logs from Verizon.
On November 5, Kiberphant0m offered stolen call logs belonging to Verizon’s push-to-talk (PTT) customers, primarily composed of U.S. government agencies and emergency responders. Following this, on November 9, Kiberphant0m created a sales thread on BreachForums advertising a “SIM-swapping” service aimed at Verizon PTT customers. In a SIM-swap attack, fraudsters exploit credentials either phished or stolen from mobile company employees, enabling them to redirect phone calls and text messages from victims to their controlled devices.
The
