Feds: Army Soldier Accused of AT&T Heist Googled ‘Can Hacking Be Treason,’ ‘Defecting to Russia’
A U.S. Army soldier suspected of compromising AT&T and bragging about getting his hands on President Trump's call logs has allegedly tried to sell stolen information to a foreign intelligence agent. Cameron John Wagenius, 21, was arrested in Texas in December and has since pleaded guilty to unlawfully posting and transferring confidential phone records.
The military man even Googled “can hacking be treason,” and "US military personnel defecting to Russia," according to prosecutors who argue he poses a serious flight risk and should be detained. Wagenius, who was using the online monikers kiberphant0m and cyb3rph4nt0m while on active military duty, bragged about infiltrating 15 telecommunications providers and posted call records belonging to high-ranking public officials and their family members on a dark-web forum.
Prosecutors have linked Wagenius to two other men accused of stealing data from more than 150 Snowflake cloud accounts in April 2024. These individuals, Alexander "Connor" Moucka and John Binns, allegedly netted at least $2 million from AT&T, Ticketmaster, and other victims of the heist.
The court documents filed by the U.S. Department of Justice revealed fresh allegations of Wagenius' wider extortion and computer intrusion capers. The documents also include search terms that Wagenius allegedly used while engaged in these criminal activities, including “can hacking be treason,” "US military personnel defecting to Russia," and phrases related to fleeing the US.
“While engaged in these criminal activities, Wagenius conducted online searches about how to defect to countries that do not extradite to the United States and that he previously attempted to sell hacked information to at least one foreign intelligence service,” the documents allege. Wagenius also messaged a potential co-conspirator with the following: “What's funny is that if I ever get found out, I can't get instantly arrested because of military law, which gives me time to go AWOL.”
Prosecutors argue that Wagenius poses a serious flight risk and should be detained. The court documents also reveal additional evidence on Wagenius' devices, including thousands of stolen ID documents such as passports and drivers' licenses, at least one fake ID he created for himself, and large sums of cryptocurrency, indicating his intent to flee.
In October 2024, it's said he messaged a potential co-conspirator with the following: "What's funny is that if I ever get found out, I can't get instantly arrested because of military law, which gives me time to go AWOL." It's unclear who this potential co-conspirator is.
Wagenius has been connected to two other Snowflake extortion suspects - Alexander "Connor" Moucka and John Binns. Both Moucka and Binns are awaiting extradition. The case highlights the serious consequences of cybercrime and the importance of online security measures to protect sensitive information.