U.S. Army soldier Cameron John Wagenius, accused of being the hacker 'Kiberphant0m,' is at the center of a cybercrime investigation that has rocked military cybersecurity. Image Credit: Twitter/X
In a disturbing revelation, U.S. Army soldier Cameron John Wagenius has been arrested and charged with unlawfully transferring confidential phone records, including those allegedly belonging to President-elect Donald Trump and Vice President Kamala Harris. Operating under the online alias “Kiberphant0m,” Wagenius is accused of infiltrating telecommunications firms to obtain and sell sensitive information. This incident brings to light significant concerns about cybersecurity vulnerabilities and the potential misuse of insider access within secure institutions.
The Arrest and Charges
Wagenius was arrested on December 20, 2024, near Fort Cavazos, Texas (formerly known as Fort Hood). He is facing two felony charges for the unlawful transfer of confidential phone records.
Although the indictment does not explicitly name the victims, authorities believe Wagenius operated under the alias “Kiberphant0m” and hacked into over a dozen telecommunications companies, including AT&T and Verizon.
The case has been transferred to the U.S. District Court for the Western District of Washington in Seattle, where Wagenius is expected to be extradited. If convicted, he could face a prison sentence of up to 10 years for his unauthorized actions. His arrest is part of a broader investigation into a series of data breaches, including the high-profile Snowflake data storage hacks. Wagenius is the third person to be arrested in connection with these cyber intrusions. Initially filed in the U.S. District Court for the Western District of Texas, the indictment provides limited details about the specific activities or victims involved.
The “Kiberphant0m” Persona
Kiberphant0m is the online alias of a cybercriminal involved in various hacking activities and data breaches, primarily targeting telecommunications companies. Emerging in early 2024, Kiberphant0m was active on English- and Russian-speaking cybercrime forums, including platforms like BreachForums, Telegram, and Discord. The persona claimed to have hacked over a dozen major firms, including AT&T and Verizon and offered stolen data and unauthorized access to sensitive systems such as government servers, defense contractors, and critical infrastructure.
Among Kiberphant0m’s most notable claims was obtaining and attempting to sell call logs allegedly belonging to President-elect Donald Trump and Vice President Kamala Harris. The persona also boasted about possessing a “spy schema” from the U.S. National Security Agency, reportedly acquired through the Snowflake data breach. Additionally, Kiberphant0m offered a SIM-swapping service targeting Verizon push-to-talk customers, which included U.S. government agencies and emergency responders.
Using multiple aliases like “@cyb3rph4nt0m” on Telegram and “Buttholio” in some chat rooms, Kiberphant0m appeared connected to the UNC5537 hacking group responsible for the Snowflake breach. The persona also used the hashtag #FREEWAIFU, referencing another individual, Alexander “Connor” Moucka, arrested in connection with the Snowflake incident.
In a disturbing revelation, U.S. Army soldier Cameron John Wagenius has been arrested and charged with unlawfully transferring confidential phone records, including those allegedly belonging to President-elect Donald Trump and Vice President Kamala Harris. Operating under the online alias “Kiberphant0m,” Wagenius is accused of infiltrating telecommunications firms to obtain and sell sensitive information. This incident brings to light significant concerns about cybersecurity vulnerabilities and the potential misuse of insider access within secure institutions.
The Arrest and Charges
Wagenius was arrested on December 20, 2024, near Fort Cavazos, Texas (formerly known as Fort Hood). He is facing two felony charges for the unlawful transfer of confidential phone records.
Although the indictment does not explicitly name the victims, authorities believe Wagenius operated under the alias “Kiberphant0m” and hacked into over a dozen telecommunications companies, including AT&T and Verizon.
The case has been transferred to the U.S. District Court for the Western District of Washington in Seattle, where Wagenius is expected to be extradited. If convicted, he could face a prison sentence of up to 10 years for his unauthorized actions. His arrest is part of a broader investigation into a series of data breaches, including the high-profile Snowflake data storage hacks. Wagenius is the third person to be arrested in connection with these cyber intrusions. Initially filed in the U.S. District Court for the Western District of Texas, the indictment provides limited details about the specific activities or victims involved.
The “Kiberphant0m” Persona
Kiberphant0m is the online alias of a cybercriminal involved in various hacking activities and data breaches, primarily targeting telecommunications companies. Emerging in early 2024, Kiberphant0m was active on English- and Russian-speaking cybercrime forums, including platforms like BreachForums, Telegram, and Discord. The persona claimed to have hacked over a dozen major firms, including AT&T and Verizon and offered stolen data and unauthorized access to sensitive systems such as government servers, defense contractors, and critical infrastructure.
Among Kiberphant0m’s most notable claims was obtaining and attempting to sell call logs allegedly belonging to President-elect Donald Trump and Vice President Kamala Harris. The persona also boasted about possessing a “spy schema” from the U.S. National Security Agency, reportedly acquired through the Snowflake data breach. Additionally, Kiberphant0m offered a SIM-swapping service targeting Verizon push-to-talk customers, which included U.S. government agencies and emergency responders.
Using multiple aliases like “@cyb3rph4nt0m” on Telegram and “Buttholio” in some chat rooms, Kiberphant0m appeared connected to the UNC5537 hacking group responsible for the Snowflake breach. The persona also used the hashtag #FREEWAIFU, referencing another individual, Alexander “Connor” Moucka, arrested in connection with the Snowflake incident.
Authorities suspect Kiberphant0m to be Cameron John Wagenius, a 20-year-old U.S. Army soldier arrested near Fort Hood, Texas, on December 20, 2024. Wagenius has been indicted on two counts of unlawfully transferring confidential phone records. His activities allegedly included operating a large botnet for distributed denial-of-service (DDoS) attacks, selling remote access credentials to a major U.S. defense contractor, and offering the source code for “Shi-Bot,” a custom Linux DDoS botnet based on Mirai malware.
The Kiberphant0m case underscores the sophistication of modern cyber criminals and the challenges law enforcement faces in identifying and capturing them. It also highlights the need for robust cybersecurity measures to counter such advanced threats.
Connections to Other Cybercrimes
Cameron John Wagenius, allegedly operating under the alias “Kiberphant0m,” has been connected to numerous cybercrimes and hacking activities that span various industries and targets. One of the most significant incidents linked to him is the Snowflake data breach. Kiberphant0m is believed to have ties to UNC5537, the group behind the breach, and was reportedly tasked with selling data stolen from Snowflake customers who refused to pay ransoms.
In addition to the Snowflake breach, Wagenius claimed responsibility for hacking into over a dozen telecommunications companies, including major players like AT&T and Verizon. Through these breaches, he allegedly offered stolen data and unauthorized access to critical systems. He also engaged in distributed denial-of-service (DDoS) activities, selling the source code for “Shi-Bot,” a Linux-based botnet built on Mirai malware. Kiberphant0m operated a Telegram channel called “Dstat,” which provided DDoS-for-hire services to other cybercriminals.
Wagenius’s activities extended beyond telecom and DDoS attacks. In 2023, he allegedly sold remote access credentials for a major U.S. defense contractor. He also claimed to have access to sensitive systems, including a Ukrainian government research server, critical infrastructure networks, and even a “spy schema” reportedly linked to the U.S. National Security Agency. These claims highlight his focus on high-profile and highly sensitive targets.
Further data breaches attributed to Kiberphant0m involved selling access to a variety of systems, including servers for a UK bank, Indian and Asian telecom companies, a European biomedical company, and a mobile social media app. His operations were not confined to a single region, indicating a broad reach across global cybercrime networks.
Authorities believe Wagenius has been active in cybercrime since at least 2022, using multiple aliases and operating across several cybercrime forums and chat platforms. His ability to infiltrate diverse systems and sell stolen data highlights the growing sophistication of modern cybercriminals and underscores the urgent need for enhanced cybersecurity measures.
Military Background and Access
Cameron John Wagenius has a military background that shaped his skills and access to technology. Before his arrest, he spent about two years at an Army base in South Korea, serving as a communications specialist. His role focused on radio signals and network communications, a position that likely equipped him with valuable technical knowledge.
Wagenius’s interest in the military began at a young age. Inspired by his older brother, who also joined the Army, Cameron enlisted as soon as he was eligible. Their shared enthusiasm for military life was evident even in childhood, with the brothers requesting MREs (Meals Ready to Eat) from different countries as a way to connect with military culture.
His role as a communications specialist likely gave him insight into telecommunications systems, potentially contributing to the knowledge he used in his alleged cybercrimes. The combination of technical skills, military training, and access to sensitive systems paints a picture of how Wagenius’s background may have played a role in his cyber activities.
Cybersecurity Community’s Response
Allison Nixon, the chief research officer at Unit 221B, emphasized the community’s ability to unmask cybercriminals and pointed out the futility of targeting experts who specialize in tracking down online offenders. The investigation also demonstrated improved coordination between cybersecurity professionals and law enforcement. Authorities have shown increasing efficiency in identifying and apprehending cybercriminals, particularly those operating within the United States.
The case also raised important concerns about insider threats. Wagenius, a U.S. Army communications specialist with access to sensitive systems and technical knowledge, underscored the risks posed by individuals with military backgrounds engaging in cybercrime. This incident highlights the importance of addressing insider threats and ensuring robust security measures within sensitive institutions.
The cybersecurity community’s response reflects the ongoing challenges in combating cybercrime and underscores the critical role of collaboration between security experts and law enforcement agencies in addressing these threats.
🚨 Army Soldier Exposed as Alleged Trump Phone Hacker 🚨 Cameron John Wagenius, a 20-year-old U.S. Army soldier, was arrested on Dec. 20 near Fort Hood, Texas.
The arrest of Cameron John Wagenius, allegedly known as Kiberphant0m, for selling confidential phone records has brought several important concerns to light. At the forefront are the national security risks. This case highlights vulnerabilities in military cybersecurity, particularly the dangers posed by insider threats. It demonstrates how individuals with access to sensitive government information can potentially compromise national security.
The incident also reflects the growing sophistication of cybercrime. With advancements in artificial intelligence, even individuals with limited technical skills can now carry out complex cyberattacks using AI-powered tools. This evolution in cybercrime tactics presents new challenges for both cybersecurity experts and law enforcement.
The psychological impact on victims of such cybercrimes is another pressing issue. Beyond financial losses, the breach of trust caused by an insider can lead to increased anxiety and reduced confidence in security systems. This emphasizes the need for organizations to rebuild trust while addressing these vulnerabilities.
For military organizations, the Wagenius case underscores the importance of strengthening cybersecurity protocols. Insider threat protection programs, better supervision, and stricter access controls are now being reevaluated to prevent similar incidents in the future.
On a broader scale, this case highlights the wider implications of cybercrime on national security, public safety, and critical infrastructure. It serves as a reminder of the urgent need for improved cybersecurity education and awareness across all sectors of society. The Wagenius case is a clear example of the evolving nature of cyber threats and the critical importance of robust, comprehensive security measures, particularly within military and government contexts.
Legal Proceedings and Future Actions
The legal proceedings and potential actions against Cameron John Wagenius, who was arrested on December 20, 2024, near Fort Cavazos, Texas, are shaping up to be significant. He faces two criminal charges for the unlawful transfer of confidential phone records. Shortly after his arrest, Wagenius appeared in a Texas court, where federal prosecutors requested his extradition to Washington state. The case has since been transferred to the U.S. District Court for the Western District of Washington in Seattle, where further legal action will take place.
If convicted, Wagenius could face up to 10 years in prison for his alleged crimes. The indictment against him, however, does not reveal specific details about the allegations or the identities of the victims, suggesting that the investigation is still ongoing. This could lead to additional charges or further revelations as the case develops.
As an active-duty soldier, Wagenius may also face military disciplinary actions or proceedings separate from his civilian charges. His actions have drawn attention to the potential consequences of insider threats within the military. Wagenius’ arrest is part of a broader investigation into cybercrime activities, including the high-profile Snowflake data breaches. Being the third suspect arrested in connection with these breaches, his case could have wider implications for ongoing investigations into other cybercriminal networks.
Summing Up
The arrest of Cameron John Wagenius sheds light on the complex and evolving landscape of cyber threats. It underscores the necessity for enhanced cybersecurity protocols, particularly concerning insider threats, and the critical role of collaboration between law enforcement and cybersecurity professionals in combating cybercrime.
As someone who’s seen what happens when the truth is distorted, I know how unfair it feels when those who’ve sacrificed the most lose their voice. At SOFREP, our veteran journalists, who once fought for freedom, now fight to bring you unfiltered, real-world intel. But without your support, we risk losing this vital source of truth. By subscribing, you’re not just leveling the playing field—you’re standing with those who’ve already given so much, ensuring they continue to serve by delivering stories that matter. Every subscription means we can hire more veterans and keep their hard-earned knowledge in the fight. Don’t let their voices be silenced. Please consider subscribing now.
One team, one fight,
Brandon Webb former Navy SEAL, Bestselling Author and Editor-in-Chief
Barrett is the world leader in long-range, large-caliber, precision rifle design and manufacturing. Barrett products are used by civilians, sport shooters, law enforcement agencies, the United States military, and more than 75 State Department-approved countries around the world.
PO Box 1077 MURFREESBORO, Tennessee 37133 United States
Scrubba Wash Bag
Our ultra-portable washing machine makes your journey easier. This convenient, pocket-sized travel companion allows you to travel lighter while helping you save money, time and water.
Our roots in shooting sports started off back in 1996 with our founder and CEO, Josh Ungier. His love of airguns took hold of our company from day one and we became the first e-commerce retailer dedicated to airguns, optics, ammo, and accessories. Over the next 25 years, customers turned to us for our unmatched product selection, great advice, education, and continued support of the sport and airgun industry.
COMMENTS
There are
You must become a subscriber or login to view or post comments on this article.