A former US Army soldier, Cameron John Wagenius, 21, has pleaded guilty to planning a widespread cyber scheme. The plot involved hacking into telecommunications companies, including AT&T and Verizon, stealing private customer information, and then threatening to publicly release this sensitive data unless large sums of money were paid.

This significant development was announced by the Department of Justice on 15 July 2025, highlighting ongoing efforts to combat cybercrime.

The Scope of the Operation

Between April 2023 and December 18, 2024, Wagenius, operating under the online alias “kiberphant0m,” conspired with others to target at least ten organisations. Their method involved obtaining login details for secure computer networks, partly through a hacking tool they named SSH Brute. Stolen credentials were then shared and discussed in encrypted Telegram group chats. It has been revealed that this illicit activity continued even while Wagenius was serving in the US Army.

After successfully breaching networks and stealing data, the group engaged in extortion, demanding payments. They publicly advertised stolen information on well-known cybercrime forums like BreachForums and XSS.is, seeking thousands of dollars for the sensitive records.

In some instances, they successfully sold this stolen data and even used it to carry out other frauds, including SIM-swapping, a technique where criminals trick mobile carriers into transferring a victim’s phone number to a new SIM card under their control, allowing them to intercept calls and texts and bypass security measures like 2FA for bank/social media accounts. In total, Cameron Wagenius, who was previously stationed in Texas, and his co-conspirators attempted to extort at least $1 million from their victims.

Legal Ramifications and Future Steps

Cameron Wagenius pleaded guilty to multiple federal charges, including conspiracy to commit wire fraud (using electronic communications, like emails to defraud someone of money/property), extortion to computer fraud (threatening to damage or expose illegally obtained data), and aggravated identity theft (knowingly using another individual’s identity without permission while committing federal felony offenses).

His sentencing is scheduled for October 6. Cameron Wagenius faces a potential maximum of 20 years in prison for conspiracy to commit wire fraud, up to five years for extortion to computer fraud, and a mandatory two-year sentence for aggravated identity theft, which must be served consecutively to any other prison time. He had previously pleaded guilty to two counts of unlawful transfer of confidential phone records information in a separate, related case.

The investigation was a collaborative effort by the FBI, the Department of Defence Office of Inspector General’s Defence Criminal Investigative Service (DCIS), with assistance from the US Army’s Criminal Investigative Division and other agencies.