TEXAS (WHNT) — A former U.S. Army soldier stationed at Fort Cavazos entered a guilty plea in federal court Tuesday.
According to federal documents and the U.S. Department of Justice, 21-year-old Cameron John Wagenius used online accounts associated with the nickname “kiberphant0m” to conspire with 3 other people to defraud at least 10 victim organizations. The DOJ said Wagenius did so by obtaining login credentials for the organization’s protected computer networks between April 2023 and December 18, 2024.
The DOJ said the conspirators obtained the credentials using a hacking tool called SSH Brute, among other names. The DOJ said they used Telegram group chats to transfer the stolen credentials and talk about gaining access to victim companies’ networks.
The release says all of this happened while Wagenius was on active duty with the U.S. Army.
“After data was stolen, the conspirators extorted the victim organizations both privately and in public forums. The extortion attempts included threats to post the stolen data on cybercrime forums such as BreachForums and XSS.is. The conspirators offered to sell stolen data for thousands of dollars via posts on these forums. They successfully sold at least some of this stolen data and also used stolen data to perpetuate other frauds, including SIM-swapping. In total, Wagenius and his co-conspirators attempted to extort at least $1 million from victim data owners.”
U.S. Department of Justice
The plea agreement says Wagenius and the co-conspirators, after gaining access to the victim’s accounts, threatened to leak the stolen data unless a ransom was paid. From there, the federal document says the conspirators worked to gain access to “hundreds of thousands” of sensitive business and customer records.
This information included non-content call and text history records, telecommunication identifying information and other personally identifiable information.
Some examples of the messages sent to the victims are listed below, per federal documents.
“At least on or about April 23, 2023, until at least June 16, 2023, Defendant, Co-Conspirator-1 and others participated in a Telegram group chat. The chat members repeatedly discussed stealing computer credentials, including through brute force attacks used to guess username and password combinations, and transferred stolen credentials among themselves.”
DOJ Plea Agreement Document
“[I]n or about May 2024, Defendant and Co-Conspirator-1 accessed the computer systems of Victim-1, a telecommunications company located overseas, and stole information pertaining to hundreds of thousands of Victim-1’s customers. This stolen information included International Mobile Subscriber Identity, SIM card numbers, maskerkey, and other information needed to successfully clone SIM cards.”
DOJ Plea Agreement Document
“[I[n or about August and September 2024, Defendant, Co-Conspirator-1, Co-Conspirator-2, and Co-Conspirator-3 accessed the protected computer systems of Victim-3, a tecnology company located in the United States and stole information pertaining to thousands of Victim-2’s customers, including telephone numbers belonging to real people who were Victim-2’s customers. Victim-2 was a telecommunications company located in the United States, and some of Vicitm-2’s stolen data was hosted on Victim-3’s computer systems located in Texas and North Carolina.”
DOJ Plea Agreement Document
“Defendant and others publicly and privately extorted victims by threatening to sell or otherwise distribute their stolen data unless the victims paid ransoms. They did so through online posts on online cybercrim forums catering to criminals, such as BreachForums and XXS.is; Telegram channels dedicated to online frauds and other cybercrimes; direct messages on Telegram; and other online platforms such as X (formerly known as Twitter).
Some of these posts and messages offered to sell the data in exchange for fiat currency and cryptocurrency, while others attempted to extort the victim companies, requesting payment in order to avoid publication of the stolen data. Some posts also published sample data stolen from the victims. The platforms on which these posts were made could be accessed from computers located anywhere in the world, including the Western District of Washington.”
DOJ Plea Agreement Document
“[O]n or about October 22, 2024, Defendant contacted Victim-2 and wrote, ‘If I’m not contacted all 358+ [gigabytes] of data on the [Victim-2] network will be released.’ Defendant sent this message, which was transmitted in interstate and foreign commerce, as part of Defendant’s efforts to extort a ransom payment from Victim-2.
DOJ Plea Agreement Document
“[O]n or about November 6, 2024, Defendant sent multiple emails to Victim-4, a telecommunications company located in the United States, sharing sample stolen data and threatening to leak more online unless he was paid ‘500k USD in the form of cryptocurrency.’ Defendant stated, ‘[i]n the event of [Co-Conspirator-2’s] arrest I was to takeover negotiations.”
DOJ Plea Agreement Document
The department said on Tuesday, Wagenius pleaded guilty to the following charges:
- Conspiracy to commit wire fraud
- Extortion in relation to computer fraud
- Aggravated identity theft.
He is currently scheduled to be sentenced on Oct. 6 and faces a maximum penalty of 20 years in prison for conspiracy to commit wire fraud, a maximum penalty of five years in prison for extortion in relation to computer fraud, and a mandatory two-year sentence consecutive to any other prison time for aggravated identity theft.
Wagenius was first indicted on December 18, 2024, in Seattle, Washington, federal court documents say.
The plea agreement, obtained by News 19, says Wagenius waived his right to be charged by indictment as well as waived his right to have the incident tried before a jury. As a result of these waivers, he agreed to enter a guilty plea.
The post Former 21-year-old soldier stationed in Texas pleads guilty to hacking, extortion scheme appeared first on WHNT.
