A U.S. soldier who pleaded guilty to hacking AT&T and Verizon attempted to sell stolen data to what he believed was a foreign military intelligence service, according to newly filed court records reviewed by Media.
The documents also reveal that the soldier, Cameron John Wagenius, searched online for “U.S. military personnel defecting to Russia” and “can hacking be treason.”
Wagenius, who operated under the online aliases “kiberphant0m” and “cyb3rph4nt0m,” unlawfully obtained and transferred confidential phone records, including those of high-ranking public officials.
Prosecutors allege that he posted these records for sale in November 2024 and demanded $500,000 from AT&T in exchange for deleting the stolen information, all while on active duty at Fort Cavazos.
His activities were part of a larger cyberattack against multiple Snowflake customers during the summer of 2024, impacting at least ten organizations, including Live Nation Entertainment Inc. and Advance Auto Parts Inc.
Court documents state that hackers linked to the AT&T breach targeted records associated with prominent figures, including former First Lady Melania Trump, Ivanka Trump, Vice President Kamala Harris, and the wife of Senator Marco Rubio. However, it remains unclear what specific data Wagenius attempted to sell to the foreign intelligence service.
Prosecutors have described the extortion attempt as “only a small part of Wagenius’ malicious activity.” According to a government memorandum filed Wednesday, Wagenius allegedly communicated with an email address he believed was linked to a foreign intelligence agency and, days later, searched for information about countries that do not extradite to the U.S.
The memorandum states, “Wagenius conducted online searches about how to defect to countries that do not extradite to the United States and that he previously attempted to sell hacked information to at least one foreign intelligence service.”
Authorities have also uncovered thousands of stolen identification documents, including passports and driver’s licenses, on Wagenius’ devices, along with access to large amounts of cryptocurrency.
Additionally, he researched the Russian embassy in Washington, D.C., raising further concerns about his intentions.
Wagenius’ co-conspirator, Connor Moucka, a Canadian citizen, is set to face an extradition hearing in Canada on charges of stealing AT&T and Snowflake customer data. Another alleged accomplice, John Binns, an American living in Turkey, was reportedly fearful of being tracked by U.S. intelligence agencies.
The extensive hacking operation, which prosecutors say resulted in millions of dollars in ransom payments, has prompted warnings from the FBI about potential risks to national security. The agency has cautioned that the breach could compromise communications between FBI agents and confidential sources.
