In a shocking turn of events, a 20-year-old U.S. Army soldier has been charged with two criminal counts of unlawfully transferring confidential phone records for high-ranking U.S. government officials.
Cameron John Wagenius, a communications specialist at a U.S. Army base in South Korea, was arrested on December 20 near the Army base in Fort Cavazos, Texas. He had been secretly using the nickname Kiberphant0m and was part of a trio of criminal hackers that extorted dozens of companies last year over stolen data.
According to prosecutors, Wagenius's online activities prior to his arrest suggest that he was searching for ways to defect from the U.S. military and avoid prosecution. His computer searches included phrases such as "where can I defect the u.s government military which country will not hand me over" and "U.S. military personnel defecting to Russia."
Additionally, Wagenius had been in contact with an email address he believed belonged to a foreign military intelligence service in an attempt to sell stolen information. After this communication, he Googled the question "can hacking be treason?" suggesting that he was seeking guidance on whether his actions were considered treasonous.
Prosecutors have also found evidence of Wagenius's malicious activities, including over 17,000 files containing passports, driver's licenses, and other identity cards belonging to victims of a breach. Furthermore, they discovered a fake identification document with his picture in one of his online accounts.
Wagenius was initially charged with two counts of unlawfully transferring confidential phone records, but he pleaded guilty to these charges without the benefit of a plea agreement. He is currently being held in custody pending his discharge from the military, which is expected to happen in early March.
The government has expressed concerns that Wagenius presents a serious risk of flight and should not be released to his father until his discharge from the Army is finalized. His proposed release to his father was rejected due to this reason, as well as the possibility that he may attempt to flee the country once discharged.
This case highlights the growing threat of cybercrime and the need for vigilance in protecting sensitive information. The U.S. government has indicted three alleged members of the extortion conspiracy, including Wagenius's co-conspirator John Erin Binns, who is currently in custody in a Turkish prison.
Binns was indicted by the Justice Department for a 2021 breach at T-Mobile that exposed the personal information of at least 76.6 million customers. He has since been charged with the Snowflake hack and subsequent extortion activity. A third alleged member, Connor Riley Moucka, was arrested in Canada last month and is also facing charges related to the conspiracy.
The maximum penalty Wagenius could face at sentencing includes up to ten years in prison for each count, and fines not to exceed $250,000. This case serves as a reminder of the importance of cybersecurity and the need for individuals to take responsibility for their online activities.