American soldiers were arrested for the threat of data leakage to AT&T and Verizon.

American soldiers were arrested for allegedly forcing customers to pay AT&T and Verizon. This happened after a large data breach event where customer data leaked.

A 20-year-old man was arrested near the Fort Hood military base in Texas. He is suspected to be a known cybercriminal named "Kiberphant0m". His mother's statement may not be helpful.

The indictment does not cite specific examples, but security expert Krebs linked the arrest to the hack of AT&T and Verizon mainly due to statements from the defendant's mother.

A 20-year-old soldier belonging to the US military was publicly announced to have confessed to buying stolen sensitive customer call records from AT&T and Verizon, which were leaked data. He is suspected to be Kiberphant0m. Cameron John Wagenius, who was arrested on December 20 after receiving an acquittal, has been charged with two criminal cases for illegally transferring secret telephone records.

Sparsely detailed (PDF) notes do not refer to specific victims or hacking activities and also do not include personal details about the defendant. However, part that was missing was filled by talking to Wagenius's mother.

Lone acknowledged that her son had a relationship with Connor Riley Mowatta (also known as "Udeshi") before he was arrested. He stole data from Snowflake Cloud Service in the latter half of October and threatened businesses, resulting in attacks on dozens of companies. He was arrested for it.

Site Brian Clive identified Kiberphant0m as an American soldier serving in Korea based on evidence from chat logs.

Muokha was arrested in November and charged with 20 offenses. According to the report, Muokha was mainly the hacker, and Wagenius's main role was to gain money from the data.

"Massive Data Leak at AT&T"

"It seems that one of the listeners is involved in a part of the request related to a major data leak at AT&T. This leak resulted in nearly all personal information of customers held by the mobile phone company being obtained."

The shocking security failure resulted in stolen data containing not only customer phone numbers but also records of who contacted whom, which could be dangerous for privacy. The situation worsened when the hacker was able to obtain some call and text message site identification numbers. This could allow for the location of some customers to be determined with a precision of about 300 feet (about 91 meters) in certain areas.

AT&T paid a ransom of $373,000 in Bitcoin after deleting the data.

Career claims that the data was obtained from a third-party cloud platform. This is currently believed to be Snowflake. Snowflake also obtains data from other companies. It includes the acquisition of personal information of 560M TickMaster customers.

Wired provides evidence showing that AT&T paid the hacker for deleting the data. The hacker initially demanded $1 million in Bitcoin, but the amount actually paid was approximately $37.3k.

Verizon Call Records

The other requests seem to be related to Verizon's call records.

Kiberphant0m provided stolen call records from Verizon's push-to-talk (PTT) customers (mainly US government agencies and emergency first responders) on November 5. On November 9, Kiberphant0m posted a thread for selling the "SIM swapping" service on BreachForums. SIM swapping involves using fake or stolen credentials from mobile phone company employees to redirect target customers' calls and text messages to devices they control.

The indictment against Wagenius was transferred to the Western District Court in Seattle, USA.

Photo by Levi Meir Clancy on Unsplash