US Army Soldier Arrested for Hacking 15 Telecom Carriers

U.S. Army Specialist Cameron John Wagenius, 21, is charged with federal offenses for allegedly hacking at least 15 telecom companies and trying to extort a major provider while leveraging stolen call detail records (CDRs) of high-ranking officials.

The U.S. Department of Justice unsealed court documents revealing Wagenius’ use of advanced obfuscation tools like VPNs with zero-log policies and his efforts to sell datasets to a foreign intelligence service, marking one of the most brazen military-linked cybercrimes in recent history.

Operating under the aliases kiberphant0m and cyb3rph4nt0m on illicit forums, Wagenius exploited his Army-issued security clearance to infiltrate telecom systems, exfiltrating enriched CDRs containing metadata such as call durations, geolocation markers, and cross-referenced subscriber identities. 

On November 6, 2024, he publicly doxxed officials’ personal communications data on BreachForums, writing: “I will leak much much much more, literally all of it” unless Victim-1 paid a $500,000 ransom.

Forensic analysts recovered terabytes of structured query language (SQL) database exports from his devices, indicating compromised systems at multiple carriers.

The indictment highlights Wagenius’ violation of 18 U.S.C. § 1039, a statute designed to protect against privacy invasions targeting law enforcement and public officials.

Cyber Extortion and Data Weaponization

Prosecutors emphasize that the enriched CDRs augmented with personally identifiable information (PII) could enable foreign adversaries to map sensitive government networks.

While stationed at Fort Cavazos, Wagenius engaged in a 17-day encrypted email negotiation with an entity he believed represented Country-1’s military intelligence agency, offering datasets in exchange for cryptocurrency payments. 

Though the recipient’s authenticity remains unverified, his December 2024 Google searches for “can hacking be treason” and “Embassy of Russia – Washington, D.C.” suggest awareness of the operation’s national security implications.

Army investigators discovered Wagenius possessed over 17,000 forged identity documents, including passports and driver’s licenses, alongside Bitcoin wallets holding undisclosed sums. 

Such assets, paired with his October 2024 queries about “defecting to Russia” and “how to get passport fast,” underscore prosecutors’ arguments that he poses a critical flight risk.

Despite a military order barring technology use on December 6, 2024, Wagenius purchased a new laptop within 48 hours and ran the NordLayer VPN client, a service favored by cybercriminals for its strict no-logs policy and obfuscated tunneling protocols. 

Network logs show daily usage between December 8 and 12, 2024, with evidence of Tor browser installations and encrypted cloud storage links to unseized datasets. 

“This VPN software can be useful to cybercriminals attempting to obfuscate their identity and/or location,” prosecutors noted, highlighting concerns about undetected exfiltration during this period.

At a February 26, 2025, detention hearing, Assistant U.S. Attorney Sok Tea Jiang argued Wagenius’s technical prowess and access to unrecovered cloud-based data potentially spanning additional carriers made him a continuing threat. 

“He demonstrated an inability to comply with restrictions…using his technical knowledge to install VPN software even under military supervision,” the filing states.

With the Army fast-tracking his dishonorable discharge, Wagenius now faces mandatory detention.

The Computer Crime & Intellectual Property Section (CCIPS) analyzes his devices for ties to other breaches, including a 2024 intrusion of a Washington State healthcare network mentioned in sealed documents.

This case spotlights growing concerns about insider threats within cleared personnel communities. 

As Deputy Attorney General George Brown stated: “When a soldier with access to sensitive systems turns adversarial, the fallout isn’t just operational—it’s a geopolitical weapon.” 

Sentencing is expected in late April 2025, with potential penalties exceeding 20 years under the Computer Fraud and Abuse Act (CFAA).

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.

The post US Army Soldier Arrested for Hacking 15 Telecom Carriers appeared first on Cyber Security News.