Armed Forces Member Charged with Illegally Hacking Verizon and AT&T Confesses Guilt
In 2024, former U.S. Army soldier Cameron John Wagenius found himself in hot water for his part in a significant cyberattack that impacted telecommunications giants AT&T and Verizon, as well as over 160 other companies. According to TechCrunch, Wagenius pleaded guilty to unlawfully transferring confidential phone records, earning himself a hefty fine and the possibility of up to 10 years in prison for each charge.
Wagenius' involvement in the hack emerged after he was indicted last year for allegedly playing a role in breaching the two major wireless carriers. The breach allowed the hacker to access "nearly all" of AT&T's customers' phone records, including call and text histories, over a six-month period in 2022. This breach affected over 110 million individuals, with Verizon reporting a significant collection of customer call logs being stolen as well.
Research suggests that these hacks are linked to Snowflake, a cloud services and data analytics provider. The hackers are believed to have gained access to AT&T, Verizon, and numerous other companies' data through unprotected accounts connected to Snowflake customer accounts. Two other individuals, Connor Moucka and John Binns, were also indicted for their role in the Snowflake hack.
Moucka, a resident of Canada, and Binns, an American residing in Turkey, openly discussed their roles in the hack to various media outlets. Investigators, such as Brian Krebs, tracked down Wagenius using forum posts and online activity, uncovering his identity behind the scenes.
Enriching the article with supplementary insights, the hack on Snowflake involved exploiting compromised credentials of an employee account. Using automated scripts and brute-force attacks, the hackers gained access to sensitive customer databases, leading to the theft of highly sensitive data, including PII, transaction histories, and internal communications. This breach not only impacted Snowflake's customers but also exposed valuable business intelligence and created compliance risks for those affected.
The breach resulted in the theft of data from numerous other high-profile companies, including Ticketmaster and Santander Bank. The attackers used stolen credentials and weak API keys to gain unauthorized access to sensitive customer databases. The investigation remains ongoing, with Wagenius held in custody in Washington state, and the U.S. Department of Justice exploring further connections between the individuals implicated in the hack.
As a result of the breach, both AT&T and Verizon have faced consequences, including having to notify affected individuals and regulators of the breach. The incident underscores the importance of robust cybersecurity measures, such as timely patch management, network segmentation, and strong API security, to prevent similar breaches in the future.
Wagenius' involvement in the theft of confidential data led to significant fines and the possibility of imprisonment from tech giant Verizon. The future of tech security is under scrutiny after billions of privacy records were compromised in the hack. The hackers exploited unprotected accounts on Snowflake, a tech company providing cloud services and data analytics, to execute the breach. Despite the ongoing investigation, several high-profile companies like Ticketmaster and Santander Bank have also faced data theft.
