A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” prosecutors in the case said Wednesday. Wagenius was a communications specialist at a U.S. Army base in South Korea, who secretly went by the nickname Kiberphant0m and was part of a trio of criminal hackers that extorted dozens of companies last year over stolen data. Prosecutors told the court investigators also found a screenshot on Wagenius’ laptop that suggested he had over 17,000 files that included passports, driver’s licenses, and other identity cards belonging to victims of a breach, and that in one of his online accounts, the government also found a fake identification document that contained his picture. “As discussed in the government’s sealed filing, the government has uncovered evidence suggesting that the charged conduct was only a small part of Wagenius’ malicious activity,” the government memo states. “Wagenius should also be detained because he presents a serious risk of flight, has the means and intent to flee, and is aware that he will likely face additional charges,” the Seattle prosecutors asserted. Prosecutors said that in addition to his public posts on the forum, Wagenius had engaged in multiple direct attempts to extort “Victim-1,” which appears to be a reference to AT&T. The government states that Kiberphant0m privately demanded $500,000 from Victim-1, threatening to release all of the stolen phone records unless he was paid. The court filing says Wagenius is presently in the process of being separated from the Army but, but the government has not received confirmation that his discharge has been finalized. Wagenius’s interest in defecting to another country in order to escape prosecution mirrors that of his alleged co-conspirator, John Erin Binns, an 25-year-old elusive American man indicted by the Justice Department for a 2021 breach at T-Mobile that exposed the personal information of at least 76.6 million customers. 19, Wagenius pleaded guilty to two counts of unlawfully transferring confidential phone records, but he did so without the benefit of a plea agreement. “On top of this, for more than two weeks in November 2024, Wagenius communicated with an email address he believed belonged to Country-1’s military intelligence service in an attempt to sell stolen information. The U.S. government has indicted Moucka and Binns, charging them with one count of conspiracy; 10 counts of wire fraud; four counts of computer fraud and abuse; two counts of extortion in relation to computer fraud; and two counts aggravated identity theft. Among those was AT&T, which disclosed in July that cybercriminals had stolen personal information and phone and text message records for roughly 110 million people — nearly all of its customers. But in a response filed today (PDF), prosecutors in Seattle said Wagenius was a flight risk, partly because prior to his arrest he was searching online for how to defect to countries that do not extradite to the United States. Less than a month before Wagenius’s arrest, KrebsOnSecurity published a deep dive into Kiberphant0m’s various Telegram and Discord identities over the years, revealing how the owner of the accounts told others they were in the Army and stationed in South Korea.
This Cyber News was published on krebsonsecurity.com. Publication date: Thu, 27 Feb 2025 03:45:07 +0000