8 hours Ago By Jessica Lyons
The US Army soldier accused of compromising AT&T and bragging about getting his hands on President Trump's call logs allegedly tried to sell stolen information to a foreign intel agent. The military man even Google searched for "can hacking be treason," and "US military personnel defecting to Russia," according to prosecutors who argue he poses a serious flight risk and should be detained. Cameron John Wagenius, 21, was arrested in Texas in December, and last week told a federal court judge he intends to plead guilty to unlawfully posting and transferring confidential phone records.
Prosecutors have also linked Wagenius to two other men accused of stealing data from more than 150 Snowflake cloud accounts in April 2024, and then demanding payment to keep a lid on that info. Despite admitting his crimes in court, and a willingness to enter a guilty plea, "Wagenius should be detained as both a danger to the community — given his ability to access sensitive datasets — and a serious risk of flight," Uncle Sam's attorneys argued. In federal court documents [ PDF ] filed Wednesday in Seattle, Washington, the US Department of Justice revealed new information about Wagenius' alleged wider extortion and computer intrusion capers, and what could be some very ill-advised Google search terms.
"While engaged in these criminal activities, Wagenius conducted online searches about how to defect to countries that do not extradite to the United States and that he previously attempted to sell hacked information to at least one foreign intelligence service," the documents allege. Wagenius, we're told, while on active military duty and using the online monikers kiberphant0m and cyb3rph4nt0m, bragged about infiltrating 15 telecommunications providers, and then posted on a dark-web forum call records belonging to high-ranking public officials and their family members. While neither the public officials nor the breached firms are named in the court documents, they reportedly included AT&T, Verizon, Donald Trump, and Kamala Harris.
After stealing digital data from one organization, Wagenius then tried "multiple" times to extort this "Victim-1," believed to be AT&T, and threatened the American telco with messages, it is alleged, like this one detailed in the court filing: Let's start off, a little thing you should know about me. I get what I want and when I don't get what I want in my own timeframes that I set I will do what I say. I don't care if I don't receive the money involved in the extortions.
I already made your samples and data on [REDACTED] available to everybody on breachforums. I will leak much much much more, literally all of it. Around the same time in November 2024, Wagenius allegedly communicated with an email address that he believed belonged to another nation's military intelligence service and tried to sell it stolen information.
The court documents don't specify which country, but judging from Wagenius' alleged search history it would appear to be Russia. Before and after allegedly breaking into phone companies' networks, stealing people's call data, and trying to extort organizations for cash, Wagenius also conducted several searches related to fleeing the US, the Feds claim. A "subset" of these searches occurring over "multiple weeks," according to prosecutors, including: The g-men also said they found additional evidence on Wagenius' devices, including thousands of stolen ID documents such as passports and drivers' licenses, at least one fake ID he created for himself, and large sums of cryptocurrency, indicating his intent to flee.
Plus, in October 2024, it's said he messaged a potential co-conspirator with the following: "What's funny is that if I ever get found out, I can't get instantly arrested because of military law, which gives me time to go AWOL." It's unclear who this potential co-conspirator is, but Wagenius has been connected to two other Snowflake extortion suspects - Alexander "Connor" Moucka and John Binns, who allegedly netted at least $2 million from AT&T, Ticketmaster, and other victims of the heist. Moucka was arrested in Canada , and Binns in Turkey.
Both are awaiting extradition. ®.
