A U.S. Military soldier who pleaded responsible final week to leaking cellphone information for high-ranking U.S. authorities officers searched on-line for non-extradition international locations and for a solution to the query “can hacking be treason?” prosecutors within the case mentioned Wednesday. The federal government disclosed the small print in a court docket movement to maintain the defendant in custody till he’s discharged from the army.
Considered one of a number of selfies on the Fb web page of Cameron Wagenius.
Cameron John Wagenius, 20, was arrested close to the Military base in Fort Cavazos, Texas on Dec. 20, and charged with two felony counts of illegal switch of confidential cellphone information. Wagenius was a communications specialist at a U.S. Military base in South Korea, who secretly glided by the nickname Kiberphant0m and was a part of a trio of felony hackers that extorted dozens of firms final 12 months over stolen information.
On the finish of 2023, malicious hackers realized that many firms had uploaded delicate buyer information to accounts on the cloud information storage service Snowflake that had been protected with little greater than a username and password (no multi-factor authentication wanted). After scouring darknet markets for stolen Snowflake account credentials, the hackers started raiding the info storage repositories utilized by a number of the world’s largest firms.
Amongst these was AT&T, which disclosed in July that cybercriminals had stolen private info and cellphone and textual content message information for roughly 110 million folks — practically all of its clients. AT&T reportedly paid a hacker $370,000 to delete stolen cellphone information. Greater than 160 different Snowflake clients had been relieved of information, together with TicketMaster, Lending Tree, Advance Auto Elements and Neiman Marcus.
In a number of posts to an English-language cybercrime discussion board in November, Kiberphant0m leaked a number of the cellphone information and threatened to leak all of them except paid a ransom. Prosecutors mentioned that along with his public posts on the discussion board, Wagenius had engaged in a number of direct makes an attempt to extort “Sufferer-1,” which seems to be a reference to AT&T. The federal government states that Kiberphant0m privately demanded $500,000 from Sufferer-1, threatening to launch the entire stolen cellphone information except he was paid.
On Feb. 19, Wagenius pleaded responsible to 2 counts of unlawfully transferring confidential cellphone information, however he did so with out the advantage of a plea settlement. In coming into the plea, Wagenius’s attorneys had requested the court docket to permit him to stick with his father pending his sentencing.
However in a response filed immediately (PDF), prosecutors in Seattle mentioned Wagenius was a flight threat, partly as a result of previous to his arrest he was looking on-line for easy methods to defect to international locations that don’t extradite to america. In response to the federal government, whereas Kiberphant0m was extorting AT&T, Wagenius’s searches included:
-“the place am i able to defect the u.s authorities army which nation is not going to hand me over”
-“U.S. army personnel defecting to Russia”
-“Embassy of Russia – Washington, D.C.”
“As mentioned within the authorities’s sealed submitting, the federal government has uncovered proof suggesting that the charged conduct was solely a small a part of Wagenius’ malicious exercise,” the federal government memo states. “On high of this, for greater than two weeks in November 2024, Wagenius communicated with an e-mail tackle he believed belonged to Nation-1’s army intelligence service in an try to promote stolen info. Days after he apparently completed speaking with Nation-1’s army intelligence service, Wagenius Googled, ‘can hacking be treason.’”
Prosecutors advised the court docket investigators additionally discovered a screenshot on Wagenius’ laptop computer that recommended he had over 17,000 information that included passports, driver’s licenses, and different identification playing cards belonging to victims of a breach, and that in certainly one of his on-line accounts, the federal government additionally discovered a pretend identification doc that contained his image.
“Wagenius must also be detained as a result of he presents a severe threat of flight, has the means and intent to flee, and is conscious that he’ll probably face further expenses,” the Seattle prosecutors asserted.
The court docket submitting says Wagenius is presently within the technique of being separated from the Military, however the authorities has not acquired affirmation that his discharge has been finalized.
“The federal government’s understanding is that, till his discharge from the Military is finalized (which is predicted to occur in early March), he might solely be launched on to the Military,” reads a footnote within the memo. “Till that course of is accomplished, Wagenius’ proposed launch to his father needs to be rejected for this extra purpose.”
Wagenius’s curiosity in defecting to a different nation with a purpose to escape prosecution mirrors that of his alleged co-conspirator, John Erin Binns, an 25-year-old elusive American man indicted by the Justice Division for a 2021 breach at T-Cellular that uncovered the non-public info of at the very least 76.6 million clients.
Binns has since been charged with the Snowflake hack and subsequent extortion exercise. He’s at present in custody in a Turkish jail. Sources near the investigation advised KrebsOnSecurity that previous to his arrest by Turkish police, Binns visited the Russian embassy in Turkey to inquire about Russian citizenship.
In late November 2024, Canadian authorities arrested a 3rd alleged member of the extortion conspiracy, 25-year-old Connor Riley Moucka of Kitchener, Ontario. The U.S. authorities has indicted Moucka and Binns, charging them with one rely of conspiracy; 10 counts of wire fraud; 4 counts of laptop fraud and abuse; two counts of extortion in relation to laptop fraud; and two counts aggravated identification theft.
Lower than a month earlier than Wagenius’s arrest, KrebsOnSecurity printed a deep dive into Kiberphant0m’s varied Telegram and Discord identities through the years, revealing how the proprietor of the accounts advised others they had been within the Military and stationed in South Korea.
The utmost penalty Wagenius might face at sentencing contains as much as ten years in jail for every rely, and fines to not exceed $250,000.
