To the casual observer, cybercriminals can look like swashbuckling geniuses.
They possess technical skills formidable enough to penetrate the networks of the biggest companies on the planet.
They cover their tracks using technology that is arcane to most people—VPNs, encrypted chat apps, onion routing, aliases in dark web forums.
They talk trash, extorting corporate ransoms in cryptocurrency, and they aim high, not flinching even at the prospect of stealing data on US presidential candidates.
But when they're caught, cybercriminals can look less like swashbuckling geniuses and more like judgment-impaired morons.
It's incredible how many of these guys will simply write down all the bad stuff they plan to do. (Haven't they heard of the "Stringer Bell rule"?) They might do so in cocky chats with co-conspirators. They might shoot off emails to addresses that—they believe—belong to foreign intelligence agencies.
If none of that is dumb enough, they might just search up their own criminal plans.
Or they might do all three. Which brings us to Cameron John Wagenius.
The genius
Wagenius was an active-duty US soldier stationed at bases in South Korea and Texas. In 2024, he helped hack telecom companies and obtained call record data on Donald Trump and Kamala Harris, which he posted in November under the "kiberphant0m" name.
He also tried to extort the telecoms he hacked, promising to release more data if they didn't pay him a ransom. In one note to a major telecom, Wagenius asked for $500,000 and added:
Lets start off, a little thing you should know about me. I get what I want and when I don't get what I want in my own timeframes that I set I will do what I say. I don't care if I don't receive the money involved in the extortions. I already made your samples and data on [REDACTED] available to everybody on breachforums. I will leak much much much more, literally all of it.
But Wagenius, who is now 21, wasn't nearly as sneaky as he seemed to believe; the US government targeted him within weeks and seized his devices on December 4. On December 6, Wagenius' commanding officer at Fort Cavazos gave a verbal order forbidding Wagenius from "using or purchasing any technology such as laptops, tablets, cell phones, etc." Wagenius said that he understood the order.
The next day, December 7, he... bought himself a new laptop, installed a VPN, and hopped right back online. Wagenius evaded scrutiny only until December 12, when the new laptop was also seized under orders from a military magistrate judge.
On December 20, Wagenius was arrested and charged with several federal crimes, and the feds have since resisted his efforts to get free on bail while his case progressed. (Due, in part, to the laptop episode mentioned above.)
Last week, Wagenius pleaded guilty to several of the charges against him. The documents in his case reveal someone with real technical skills but without a more general sense of opsec. The hacked call logs, for instance, were found right on Wagenius' devices. But it was all the ways he kept saying explicitly what he was up to that really stood out to me.
For instance, there were numerous explicit Telegram chats with conspirators, along with public posts on boards like BreachForums and XSS. (In related news, the alleged admin of XSS was arrested yesterday in Ukraine.) In one representative chat with a "potential co-conspirator," for instance, Wagenius outlined his various schemes in October 2024:
whats funny is that if i ever get found out
i cant get instantly arrested
because military law
which gives me time to go AWOL
(Narrator voice: "Military law did not give him time to go AWOL.")
Then there were the emails in November 2024, all of them sent to "an e-mail address [Wagenius] believed belonged to Country-1's military intelligence service in an attempt to sell stolen information." These were all traced back to Wagenius and used as later evidence that he should not be released on bail.
Finally, there were his online searches. The government includes "just a subset" of these from 2024, including:
- "can hacking be treason"
- "where can i defect the u.s government military which country will not hand me over"
- "U.S. military personnel defecting to Russia"
- "Embassy of Russia – Washington, D.C."
None of this shows impressive data/device security or even much forethought; the only real plan seems to have been: "Don't get caught." Once Wagenius' devices were seized and searched, the jig was up.
Allison Nixon is chief research officer at the investigative firm Unit 221B. She helped expose Wagenius' identity, and in an article last year for Krebs on Security, she shared a message to young men like Wagenius who "think they can’t be found and arrested."
“You need to stop doing stupid shit and get a lawyer," she said.
X to test using Community Notes to find the posts everyone likes