AT&T, Verizon breach mastermind "kiberphant0m" pleads guilty to cybercrime charges
He faces up to 27 years in prison.
A former Army soldier admitted guilt on Tuesday in connection with a string of cyberattacks and extortion attempts targeting telecommunications companies, including AT&T and Verizon.
The Justice Department revealed that 21-year-old Cameron John Wagenius, who used the aliases "kiberphant0m" and "cyb3rph4nt0m" on various forums, had been involved in years of malicious activity, some of which occurred while he was still serving in the military.
You probably recall the story – Wagenius was arrested in December 2024. He went from Army communications specialist to cybercriminal mastermind, leaking AT&T and Verizon call logs, selling SIM-swapping services, and even running a botnet for DDoS attacks. He was caught near a Texas base after boasting about posting Trump's call records and threatening to dump NSA data online.
Wagenius pleaded guilty to charges of conspiracy to commit wire fraud, extortion related to computer fraud, and aggravated identity theft. He now faces a possible sentence of up to 27 years in federal prison, with sentencing scheduled for October 6. He had previously admitted to two counts involving the unlawful transfer of confidential phone record information connected to the same scheme.
According to investigators, Wagenius and his accomplices sought to defraud at least 10 organizations by stealing login credentials and exploiting network access. Court documents show that in November, he attempted to extort $500,000 from a major telecommunications company by threatening to release sensitive call data belonging to high-ranking officials.
Authorities said that the stolen information included phone and text records obtained through breaches of cloud environments such as Snowflake. AT&T confirmed in July that its Snowflake environment was compromised in April, leading to the theft of six months' worth of call and text data affecting nearly all of its customers.
Two alleged co-conspirators, Connor Moucka and John Binns, were indicted in November for similar crimes involving breaches of multiple organizations' cloud systems. Moucka, a Canadian national, agreed to extradition to the United States earlier this year to face 20 federal charges tied to attacks that impacted as many as 165 Snowflake customers.
Investigators who examined Wagenius' devices discovered thousands of stolen identification documents and substantial cryptocurrency holdings, suggesting the proceeds of multiple fraud schemes. Officials believe the group attempted to extort at least $1 million and sold portions of the stolen data to fund additional criminal activity, including SIM-swapping operations.
The Justice Department revealed that 21-year-old Cameron John Wagenius, who used the aliases "kiberphant0m" and "cyb3rph4nt0m" on various forums, had been involved in years of malicious activity, some of which occurred while he was still serving in the military.
Wagenius pleaded guilty to charges of conspiracy to commit wire fraud, extortion related to computer fraud, and aggravated identity theft. He now faces a possible sentence of up to 27 years in federal prison, with sentencing scheduled for October 6. He had previously admitted to two counts involving the unlawful transfer of confidential phone record information connected to the same scheme.
This is one of the most significant wins in the fight against cybercrime. The cybersecurity workers helping the victims through a storm, federal law enforcement with the fastest federal arrest I have ever witnessed, and the prosecutors now destroying them in court – all brought their A game and they deserve to celebrate tonight.
– Allison Nixon, chief research officer at Unit 221B for CyberScoop, July 2025
According to investigators, Wagenius and his accomplices sought to defraud at least 10 organizations by stealing login credentials and exploiting network access. Court documents show that in November, he attempted to extort $500,000 from a major telecommunications company by threatening to release sensitive call data belonging to high-ranking officials.
Authorities said that the stolen information included phone and text records obtained through breaches of cloud environments such as Snowflake. AT&T confirmed in July that its Snowflake environment was compromised in April, leading to the theft of six months' worth of call and text data affecting nearly all of its customers.
Two alleged co-conspirators, Connor Moucka and John Binns, were indicted in November for similar crimes involving breaches of multiple organizations' cloud systems. Moucka, a Canadian national, agreed to extradition to the United States earlier this year to face 20 federal charges tied to attacks that impacted as many as 165 Snowflake customers.
Investigators who examined Wagenius' devices discovered thousands of stolen identification documents and substantial cryptocurrency holdings, suggesting the proceeds of multiple fraud schemes. Officials believe the group attempted to extort at least $1 million and sold portions of the stolen data to fund additional criminal activity, including SIM-swapping operations.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed:
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts: