The Case of Kiberphant0m: Hacking, AT&T, and a Military Diet of Chaos

Let’s start by saying this: If you’re going to moonlight as a cybercriminal while serving in the military, perhaps don’t post your escapades on Telegram under a handle that sounds like a rejected Marvel villain. And certainly don’t threaten the NSA with something as bold as leaking call logs of, say, the President of the United States. But then again, here we are.

Cameron John Wagenius—known online as Kiberphant0m, which sounds like a bad Wi-Fi password—has managed to do the impossible. No, not stealing sensitive records from AT&T and Verizon (though he did that too), but breaking the speed record for self-incrimination. When the FBI arrested him, it was less a “gotcha” and more of a “thanks for leaving us this helpful trail of breadcrumbs.”

Army by Day, Cybercriminal by Night

Wagenius, a 20-year-old communications specialist in the U.S. Army, was stationed in South Korea until recently. You’d think someone with a job handling radio signals and network communications might use that expertise to, I don’t know, help secure systems rather than pilfer customer call logs. But ambition is a funny thing.

Back in the States, stationed at Fort Hood, he was arrested on charges of selling sensitive telecom data. His indictment doesn’t mention specific victims or even hacking methods—just a vague accusation that could’ve been written on the back of a napkin. Luckily, his mom, Minnesota native Alicia Roen, stepped up to provide context: “I never knew he was into hacking. It was definitely a shock.”

Shock? Maybe. But let’s rewind to her description of young Cameron and his brother asking for MREs from foreign countries like a pair of six-year-old gourmands. Kids that start with foreign rations don’t usually end up working at the local bank. They’re either building spacecrafts or hacking AT&T call logs by their teens. There’s no middle ground.

A Cybercriminal’s Odd Choices

Kiberphant0m didn’t just steal call logs—he turned them into a bizarre manifesto of cyber-chaos. Posting on BreachForums, he claimed responsibility for hacking 15 telecom firms, leaked data schemas from the NSA, and even offered SIM-swapping services targeting first responders. Somewhere in the middle of this, he decided it was a great idea to threaten AT&T by dangling government call logs. It’s unclear whether this was meant to intimidate, amuse, or just showcase his flair for the dramatic.

It’s hard to overstate how bad an idea this was. Not only was he threatening the federal government while being a part of it (military enlistment is a curious alibi), but he was also antagonizing people whose literal job is to find people like him. Cybersecurity specialist Allison Nixon noted this irony: “Harassing people who specialize in de-anonymizing cybercriminals is a bad idea. You might as well send them a thank-you card.”

Where Did It All Go Wrong?

From his mother’s perspective, it’s hard to pinpoint exactly when things started unraveling. “He always wanted to be in the Army,” she lamented. Well, mission accomplished there, at least in a very technical sense. But the slide from obedient soldier to cyber-mercenary with a penchant for threats and Telegram posts is still a mystery.

Perhaps the most entertaining moment in all this is Kiberphant0m’s claim of having a “botnet” for launching DDoS attacks. For the uninitiated, a botnet is essentially a swarm of hacked devices you control to wreak havoc online. Imagine being a soldier stationed overseas, tasked with defending national security, while also running a digital army of malware-infested Roombas and Amazon Alexas.

Lessons for the Aspiring Cybercriminal

Let’s be clear: cybercrime is not the lucrative, cool-as-a-hacker-movie pursuit some might think it is. The only guarantee is that you’ll make a series of dumb mistakes, alienate your family, and eventually end up in federal court with a two-page indictment that barely dignifies your exploits.

As Allison Nixon wisely put it: “Stop doing stupid shit and get a lawyer.” She’s right, of course. But perhaps we could also add: maybe don’t extort the NSA while wearing your Army uniform.

The Final Chapter?

Wagenius’ case has now been transferred to Seattle, where the U.S. District Court for the Western District of Washington will decide his fate. If convicted, he’ll have plenty of time to reflect on the choices that led him here. Maybe he’ll even have a chance to brainstorm a new username—one that isn’t an instant giveaway.

In the meantime, the rest of us are left to marvel at a story that combines the dark world of cybercrime with the absurdity of human folly. And if nothing else, let it serve as a reminder: if you’re going to play the game, at least read the rules. Or better yet, maybe just stick to the MREs.