Cameron John Wagenius, a seemingly ordinary 21-year-old U.S. Army soldier with no criminal record, was leading a double life that caught the attention of federal authorities. From his bedroom in Texas, he transformed into “Kiberphant0m,” an identity he used to engage in cybercrime . His online activities included participating in Telegram groups and forums dedicated to buying stolen credentials and selling access to valuable databases, all while fulfilling his military duties .
According to the Department of Justice, Wagenius directed a campaign that targeted at least ten organizations over the span of a year. This campaign involved accessing protected networks using private credentials and exploiting vulnerabilities. Astonishingly, he managed to juggle this unauthorized hacking while still being an active, paid member of the Army. Ultimately, however, his downfall came not from a leak or technical error but rather from his own missteps .
The Soldier Who Navigated Cybercrime Like a Pro
Wagenius operated with a network of accomplices, all coordinated via encrypted chats . They exchanged passwords, discussed vulnerabilities and set forth their next targets. Equipped with tools like SSH Brute , a brute-force application, they orchestrated cyberattacks swiftly, uploading stolen data to some of the most well-known cybercrime forums of the moment.
Once they infiltrated a system, they would launch threats, sometimes in private and at other times publicly, threatening to expose the stolen information unless a ransom was paid. In certain cases, they even sold the data directly, while in other scenarios, they employed stolen information to execute SIM Swapping attacks and impersonate victims. The ultimate goal? Profit. The Department of Justice estimates that they attempted to extort at least $1 million from their victims.
However, while committing such extensive cybercrimes, Wagenius made a critical error: he left digital footprints . Judicial documents indicate that in October 2024, amid the height of his illicit activities, he began searching online for ways to escape the country.

Among his search queries were key phrases such as:
• “Where can you desert from the US military without being extradited?”
• “US military personnel deserting to Russia?”
• “Russia Embassy – Washington DC?”
• “How to get a fast passport?”
He also communicated with contacts, mentioning, “The fun is that if they ever discover me, they can’t immediately arrest me under military law . That gives me time to disappear.” Yet the reality painted a much different picture. His online activities were meticulously logged, providing law enforcement with critical evidence of both his cybercrimes and his intent to flee.

Ultimately, Wagenius was apprehended and pleaded guilty to multiple charges: conspiracy to commit electronic fraud, extortion in relation to computer crimes, and aggravated identity theft . Previously, he had admitted involvement in illicit activities related to the unauthorized transfer of confidential telephone records. His upcoming sentencing on October 6 could result in a staggering 27 years in prison .
The gravity of the charges varies: electronic fraud can carry a penalty of up to 20 years, computer extortion can add up to five years, and aggravated identity theft mandates an additional two years that cannot be merged with the other sentences.
Even though Wagenius possessed significant technical knowledge and understood how to conceal his tracks using proxies, VPNs, and various protective tools, he miscalculated his strategy. Now he faces serious legal consequences for his misguided choices.
Images | Xataka with Gemini Flash 2.5 | Kevin Ku
In Xataka | Sam Altman believes that a serious crisis is coming with AI fraud. The problem is that it has strong interests in the solution.
