Former US soldier pleads guilty to hacking telecom companies

A former US Army soldier has pleaded guilty to hacking telecommunications companies' databases, stealing records, and demanding ransoms for the stolen data, the US Department of Justice said.

According to the DOJ, Cameron John Wagenius, 21, defrauded at least 10 organizations by obtaining login credentials for their private computer networks, stealing data, and then attempting to extort at least $1 million from them.

The soldier, also known as kiberphantOm, had already pleaded guilty to hacking T-Mobile and Verizon. Wagenius could now face 20 years in prison after pleading guilty to additional charges of conspiracy, extortion, and identity theft.

The former soldier reportedly sold data stolen from Snowflake cloud storage accounts, including records for 560 million Ticketmaster customers. He also said he’d posted hacked AT&T call logs for US President Donald Trump and Kamala Harris.

Two other individuals, John Binns and Connor Moucka, have also been indicted in the case. Moucka, allegedly responsible for penetrating multiple Snowflake cloud storage accounts, was arrested in Canada last November.

“The conspirators used Telegram group chats to transfer stolen credentials and discuss gaining unauthorized access to victim companies’ networks. This activity happened while Wagenius was on active duty with the US Army,” said the DOJ in a press release.

The conspirators attempted to extort the victim organizations by threatening to post the stolen data on cybercrime forums such as BreachForums and XSS.is. At least some of the data was successfully sold, investigators say.

Wagenius committed the crimes while on active duty in the US Army and serving at Fort Cavazos, formerly known as Fort Hood, in Texas.

Snowflake-related attacks have been a headache for hundreds of companies after attackers breached at least 165 accounts of the cloud storage service.

Market behemoths such as Ticketmaster, AT&T, Santander Bank, and Advance Auto Parts suffered as a result, with the Ticketmaster breach alone exposing over half a billion individuals.

One key reason Snowflake attacks were possible was that organizations did not have multi-factor authentication protections for accounts that stored the data of hundreds of millions.