- A former soldier has plead guilty to a number of charges
- These include fraud, identity theft, and conspiracy to hack organisations
- The soldier and his co-conspirators exfiltrated and sold data from companies
The Department of Justice has announced that an ex-soldier has plead guilty to ‘conspiring to hack into telecommunications companies’ databases, access sensitive records, and extort the telecommunications companies by threatening to release the stolen data unless ransoms were paid.’
The 21 year old soldier, named as Cameron John Wagenius, used online accounts under the pseudonym “kiberphan0m”. Wagenius admitted to conspiring with others to defraud ‘at least 10’ organizations by stealing login credentials obtained through a hacking tool called SSH Brute.
Once data was exfiltrated, the group used the access to extort victims, threatening to post stolen data on cybercrime forums, and offering to sell the data to other cybercriminals through the forums. These allegedly occurred whilst Wagenius was actively serving in the US military.
Extorted data
Some of this data was successfully sold, and reportedly used to commit other fraudulent campaigns, including SIM-swapping. The group attempted to extract at least $1 million from their victims.
The crimes Wagenius plead guilty were; extortion in relation to computer fraud, conspiracy to commit wire fraud, and aggravated identity theft. Wagenius has previously plead guilty separately to two counts of “unlawful transfer of confidential phone records information in connection with this conspiracy.”
Wagenius’ activity has been linked to the Snowflake hack in which hundreds of customers were affected and significant data was stolen. This attack was allegedly financially motivated, and originated from a group extorting money in exchange for their stolen data.
Snowflake confirmed that the breach was the result of a successful credential stuffing attack – in which a threat actor had entered countless login combinations (usually purchased off the black market) until one eventually works. Credential stuffing attacks are potent and effective, and have led to some of the most notorious breaches in the last few years.
