Cameron John Wagenius, a seemingly  ordinary  21-year-old U.S. Army soldier with no criminal record, was leading a  double life  that caught the attention of federal authorities. From his bedroom in Texas, he transformed into “Kiberphant0m,” an  identity  he used to engage in  cybercrime . His online activities included participating in  Telegram groups  and forums dedicated to buying stolen credentials and selling access to valuable databases, all while fulfilling his  military duties .

According to the Department of Justice, Wagenius directed a campaign that targeted at least ten organizations over the span of a year. This campaign involved accessing protected networks using  private credentials  and exploiting vulnerabilities. Astonishingly, he managed to juggle this unauthorized hacking while still being an active, paid member of the Army. Ultimately, however, his downfall came not from a leak or technical error but rather from his own  missteps .

The Soldier Who Navigated Cybercrime Like a Pro

Wagenius operated with a network of accomplices, all coordinated via  encrypted chats . They exchanged passwords, discussed vulnerabilities and set forth their next targets. Equipped with tools like  SSH Brute , a brute-force application, they orchestrated cyberattacks swiftly, uploading stolen data to some of the most well-known cybercrime forums of the moment.

Once they infiltrated a system, they would launch threats, sometimes in private and at other times publicly, threatening to expose the stolen information unless a ransom was paid. In certain cases, they even sold the data directly, while in other scenarios, they employed stolen information to execute  SIM Swapping attacks  and impersonate victims. The ultimate goal? Profit. The Department of Justice estimates that they attempted to extort  at least $1 million  from their victims.

However, while committing such extensive cybercrimes, Wagenius made a critical error: he left  digital footprints . Judicial documents indicate that in October 2024, amid the height of his illicit activities, he began searching online for ways to escape the country.

Hacker

Among his search queries were key phrases such as:

• “Where can you desert from the US military without being extradited?”

• “US military personnel deserting to Russia?”

• “Russia Embassy – Washington DC?”

• “How to get a fast passport?”

He also communicated with contacts, mentioning, “The fun is that if they ever discover me,  they can’t immediately arrest me under military law . That gives me time to disappear.” Yet the reality painted a much different picture. His online activities were meticulously logged, providing law enforcement with critical evidence of both his  cybercrimes  and his intent to flee.

This company was 158 years old and more than 700 employees. A weak password and click were enough to take it to bankruptcy

Ultimately, Wagenius was apprehended and pleaded guilty to multiple charges: conspiracy to commit electronic fraud, extortion in relation to computer crimes, and  aggravated identity theft . Previously, he had admitted involvement in illicit activities related to the unauthorized transfer of confidential telephone records. His upcoming sentencing on October 6 could result in a staggering  27 years in prison .

The gravity of the charges varies: electronic fraud can carry a penalty of up to 20 years, computer extortion can add up to five years, and aggravated identity theft mandates an additional two years that cannot be merged with the other sentences.

Even though Wagenius possessed significant  technical knowledge  and understood how to conceal his tracks using proxies, VPNs, and various protective tools, he miscalculated his strategy. Now he faces serious legal consequences for his misguided choices.

Images | Xataka with Gemini Flash 2.5 | Kevin Ku

In Xataka | Sam Altman believes that a serious crisis is coming with AI fraud. The problem is that it has strong interests in the solution.



General News – 2