U.S. Army Soldier’s Cybercrime Case Exposes National Security Risks in Digital Gang Culture

My Privacy Blog

My Privacy Blog

5 min read
U.S. Army Soldier’s Cybercrime Case Exposes National Security Risks in Digital Gang Culture
Photo by Kajetan Sumila / Unsplash

A 21-year-old U.S. Army soldier, Cameron Wagenius, has become the focal point of a case that underscores the evolving intersection of cybercrime and national security threats. Wagenius, stationed at Fort Cavazos in Texas, allegedly attempted to sell stolen telecommunications data to a foreign intelligence service while actively scheming to defect to Russia, according to federal court documents123.

Alleged Crimes and Extortion Attempts

In November 2024, while on active duty, Wagenius attempted to extort $500,000 from AT&T by threatening to leak confidential phone records of high-ranking officials, including Vice President Kamala Harris and FBI informants13. Authorities confirmed the telecom giant was his target, with stolen data tied to a broader attack spree on Snowflake cloud storage platforms that compromised 165 organizations, including AT&T, Live Nation, and Santander Bank148.

Wagenius’ activities escalated when he allegedly contacted an email address he believed belonged to a foreign military intelligence service, offering stolen data for sale. Prosecutors noted he later searched “can hacking be treason” and explored defection to Russia, mirroring the country he sought to sell information to123.

The stolen records were part of a sweeping 2024 cyber campaign targeting Snowflake customers. Wagenius collaborated with indicted co-conspirators Connor Moucka and John Binns, who allegedly extorted over 10 organizations by breaching cloud platforms148. Using the aliases kiperphant0m and cyb3rph4nt0m on criminal forums, Wagenius boasted access to sensitive data, including call logs of political figures like Donald Trump8.

Allison Nixon, Chief Research Officer at Unit 221B, described the group as part of an emerging “online gang culture” dubbed The Com, which blends insider threats with external cybercriminal networks1. “This Army soldier effectively had gang affiliations, which is a huge risk for the special access he had,” Nixon emphasized1.

National Security Implications

The case highlights how financially motivated cybercrime increasingly overlaps with espionage. Austin Larsen of Google’s Threat Intelligence Group noted Wagenius’ actions “blur the lines with espionage,” revealing a willingness to engage state actors for profit12. Federal prosecutors warned that Wagenius posed a “serious risk of flight,” citing his post-arrest purchase of a VPN-enabled laptop to evade detection12.

This incident parallels broader trends where cybercriminal services empower state-backed hacking. Russian, Iranian, and North Korean actors increasingly leverage criminal tools for espionage or disruption, as seen in ransomware attacks on critical infrastructure1011.

Wagenius pleaded guilty in February 2025 to unlawfully transferring confidential phone records, facing up to 10 years per charge48. His sentencing will test efforts to deter cybercriminals who historically operate with “low arrest rates and courts failing to take victims seriously,” Nixon cautioned1.

The U.S. government’s aggressive response—seizing Wagenius’ cryptocurrency and forged IDs—reflects mounting urgency to address cybercrime’s national security dimensions111. As transnational gangs and state actors converge, experts urge systemic solutions, including international cooperation and enhanced critical infrastructure defenses71011.

Why It Matters: Wagenius’ case is a wake-up call for mitigating insider threats and dismantling digital gang ecosystems. With cybercrime projected to cost $10.5 trillion annually by 2025, the stakes for global security have never been higher11.

The consequences for Cameron Wagenius' alleged co-conspirators, Connor Moucka and John Binns, involve significant legal actions across multiple jurisdictions:

Arrests and Custody Status

  • Connor Moucka: Arrested by Canadian authorities on October 30, 2024, at the request of the U.S. government. He remains in custody pending extradition147.
  • John Binns: Arrested in Turkey in May 2024 and faces separate charges there. He remains detained in a Turkish prison, with U.S. authorities seeking his extradition167.

Criminal Charges

Both face a 20-count U.S. federal indictment, including:

  • Conspiracy to commit wire fraud and computer fraud68
  • Aggravated identity theft6
  • Extortion related to ransomware demands17
  • Unauthorized access to protected computers7

The charges stem from their alleged roles in breaching Snowflake cloud accounts to steal data from 165+ organizations, including AT&T, Live Nation, and Santander. They reportedly extorted $2.5 million in cryptocurrency from victims137.

Prior Cybercrime History

  • Binns: Previously indicted for the 2021 T-Mobile breach that exposed 76.6 million customers' data. He publicly confessed to that attack in media interviews57.
  • Moucka: Linked to online aliases (WaifuJudische) associated with violent threats and involvement in The Com, a transnational cybercrime collective15.

Potential Penalties

If convicted on all U.S. charges, they face:

  • Up to 60 years combined imprisonment (5–25 years per charge)7
  • Asset forfeiture, including seized cryptocurrency and property7
  • Restitution payments to victims7

Broader Implications

  • Binns attempted to seek Russian citizenship via Turkey’s Russian embassy prior to arrest, mirroring Wagenius’ defection plans6.
  • Their prosecution tests international cooperation in cybercrime cases, as the U.S. navigates extradition processes with Canada and Turkey15.

The cases highlight escalating efforts to combat cybercriminal networks that blend financial extortion with national security risks, particularly when perpetrators align with adversarial states56.

Citations:

  1. https://cyberscoop.com/army-soldier-alleged-cybercriminal-foreign-spies/
  2. https://cyberscoop.com/army-soldier-alleged-cybercriminal-foreign-spies/
  3. https://www.insurancejournal.com/news/national/2025/02/27/813662.htm
  4. https://techcrunch.com/2025/02/19/us-army-soldier-pleads-guilty-to-att-and-verizon-hacks/
  5. https://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/cyber-crime
  6. https://www.coloradotech.edu/media/default/CTU/documents/resources/cybercrime-white-paper.pdf
  7. https://www.atlanticcouncil.org/commentary/the-5x5-cybercrime-and-national-security/
  8. https://www.theregister.com/2025/02/20/us_army_snowflake_theft/
  9. https://www.dni.gov/index.php/ncsc-what-we-do/ncsc-cyber-security
  10. https://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat
  11. https://www.bankinfosecurity.com/warning-cybercrime-services-underpin-national-security-risk-a-27502
  12. https://www.bloomberg.com/news/articles/2025-02-28/unlikely-trio-linked-to-hack-of-at-t-data-attempt-to-sell-it
  13. https://krebsonsecurity.com/2024/12/u-s-army-soldier-arrested-in-att-verizon-extortions/
  14. https://news.bloomberglaw.com/us-law-week/us-soldier-linked-to-at-t-hack-accused-of-contacting-spy-agency
  15. https://www.darkreading.com/cyberattacks-data-breaches/us-soldier-arrested-in-verizon-at-t-hack
  16. https://krebsonsecurity.com/2025/02/u-s-soldier-charged-in-att-hack-searched-can-hacking-be-treason/
  17. https://www.darkreading.com/cyber-risk/us-soldier-admits-hacking-15-telecom-carriers
  18. https://www.theregister.com/2025/02/27/army_soldier_accused_of_att/
  19. https://www.hstoday.us/subject-matter-areas/cybersecurity/u-s-army-soldier-linked-to-snowflake-extortion-rampage-admits-breaking-the-law/
  20. https://www.reuters.com/world/us/us-soldier-charged-with-selling-stolen-confidential-phone-records-2024-12-31/
  21. https://www.documentcloud.org/documents/25546053-cameron-john-wagenius-russia/
  22. https://www.bankinfosecurity.com/breach-roundup-us-army-officer-guilty-selling-data-a-27621
  23. https://www.securityweek.com/us-arrests-charges-army-soldier-suspected-of-extorting-att-verizon/
  24. https://www.justice.gov/doj/doj-strategic-plan/objective-24-enhance-cybersecurity-and-fight-cybercrime
  25. https://www.cisa.gov/combatting-cyber-crime
  26. https://www.crowdstrike.com/en-us/cybersecurity-101/threat-intelligence/cyber-espionage/
  27. https://www.shs-conferences.org/articles/shsconf/pdf/2023/26/shsconf_copeji2023_03003.pdf
  28. https://www.cisa.gov/topics/cyber-threats-and-advisories
  29. https://scholarship.law.umn.edu/context/faculty_articles/article/1227/viewcontent/Weissbrodt_22MinnJIntlL347.pdf
  30. https://www.ice.gov/about-ice/hsi/investigate/cybercrime
  31. https://www.darkreading.com/cyberattacks-data-breaches/the-intersection-between-cyberespionage-and-cybercrime
  32. https://www.forbes.com/sites/daveywinder/2025/02/27/google-warns-of-national-security-threat-from-cybercrime-attacks/
  33. https://leppardlaw.com/federal/computer-crimes/evaluating-the-intersection-of-cyber-warfare-and-espionage-in-legal-contexts-in-the-us/
  34. https://www.state.gov/cybercrime/
  35. https://www.intelligence.gov/ic-on-the-record-database/results/40-clear-and-present-danger-cyber-crime-cyber-espionage-cyber-terror-and-cyber-war-video
  36. https://www.yahoo.com/news/us-soldier-linked-t-hack-025843437.html
  37. https://www.404media.co/at-t-hacker-tried-to-sell-stolen-data-to-foreign-government/
  38. https://techcrunch.com/2025/01/18/doj-confirms-arrested-us-army-soldier-is-linked-to-att-and-verizon-hacks/
  39. https://financialpost.com/pmn/business-pmn/us-soldier-linked-to-att-hack-accused-of-contacting-spy-agency
  40. https://www.fbi.gov/investigate/cyber
  41. https://www.cyber-espionage.ch

Read more