Ex US Army Soldier Pleads Guilty To AT&T and Verizon Hacks
Read also: Dutch police dismantled 127 servers of bulletproof hosting Zservers, India busts cybercriminal syndicate, and more.
Thursday, February 20, 2025
US Army soldier behind AT&T and Verizon hacks pleads guilty
Cameron John Wagenius, a former US Army soldier, pleaded guilty to charges of hacking into AT&T’s and Verizon's systems and stealing large amounts of confidential phone records. According to court documents, Wagenius admitted to two counts of the "unlawful transfer of confidential phone records information."
He allegedly shared this stolen data on an online forum and via an online communications platform. Wagenius now faces a maximum fine of $250,000 and up to 10 years in prison for each of the two counts. Wagenius’ arrest and indictment took place last year, and in January, US prosecutors revealed that his case was connected to the broader investigation into cybercriminal activities.
His charges were linked to the indictment of two other hackers, Connor Moucka and John Binns, who are alleged to have carried out major data breaches against the cloud computing services company Snowflake.
These breaches were part of a series of high-profile cyberattacks in 2024, where hackers infiltrated Snowflake's instances and stole sensitive data from various companies, including AT&T, LendingTree, Santander Bank, Ticketmaster, and over 160 others.
Dutch police dismantled 127 servers of bulletproof hosting Zservers
Dutch police seized 127 servers associated with Zservers from a data center in Amsterdam. These servers were linked to Zservers' bulletproof hosting activities, which allowed cybercriminals to operate with anonymity.
Zservers, also known as XHost, catered specifically to cybercriminals, offering bulletproof hosting services that shielded the identities of its users from law enforcement. Notably, major cybercrime gangs such as Conti and LockBit relied on Zservers to host their infrastructure. The service accepted cryptocurrency payments, ensuring further anonymity for its customers.
The effort follows sanctions imposed on Zservers by the US, UK, and Australia last week. The US Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned two key players for their roles in managing Zservers. Additionally, the UK has sanctioned Zservers, its staff, and its front company, XHOST Internet Solutions LP.
Dutch police had been investigating Zservers for over a year before executing the raid. The seized servers are currently being analyzed by authorities to gather evidence of cybercriminal activities. However, no arrests have been made as of yet in connection with this operation.
Spanish police block websites involved in pirate video game and IPTV content distribution
The Spanish National Police dismantled a criminal network involved in the illegal distribution of video games and IPTV (Internet Protocol Television) content, resulting in the arrest of three individuals from Cartagena (Murcia), Coria del Río (Sevilla), and Móstoles (Madrid).
The investigation, which began in 2022, uncovered six websites, primarily operating from Cartagena, which were used to offer illegal IPTV subscriptions and video game access. Over 16,000 users subscribed to these services, generating an estimated €1.1 million in revenue for the criminals.
Authorities identified the network’s leader in Cartagena, with two accomplices in Coria del Río and Móstoles. The criminal operation not only profited from illegal content distribution but also laundered its earnings by setting up a cryptocurrency mining farm at the leader's residence. This mining operation generated an additional €6,000 a month and allowed the group to funnel illicit money into virtual currency.
A search at the Cartagena residence of the main suspect revealed €72,000 in cash, cryptocurrency assets, a luxury car, and various high-performance computers used in the operation. The coordinated arrests in Cartagena, Coria del Río, and Móstoles successfully disrupted the network and led to significant material seizures.
India busts cybercriminal syndicate that had been defrauding German nationals since 2021
India’s Central Bureau of Investigation (CBI) has dismantled a sophisticated, transnational cybercrime network responsible for defrauding German nationals since 2021. The action, codenamed ‘Operation Chakra-IV’, was a collaborative effort between the CBI and German authorities, resulting in multiple arrests and seizures.
The suspects allegedly orchestrated a large-scale fraud scheme in which they posed as technical support specialists, gaining unauthorized access to victims' computers and bank accounts. They deceived German victims by claiming their bank accounts had been compromised, manipulating them into transferring about 646,032 euros into cryptocurrency wallets controlled by the criminals.
Between February 14 and February 17, 2025, raids were carried out at six sites in Delhi, Kolkata, and Siliguri. This resulted in the arrest of a key suspect in Siliguri, who is set to appear before a court in New Delhi.
The authorities seized seven mobile phones, a laptop, and various incriminating documents during the operation. Further investigation led to the discovery of an illegal call center operated by the suspects in Darjeeling. The call center was dismantled, and 24 hard drives containing digital evidence of the fraudulent activities were seized.
HashFlare.io operators plead guilty in $577M cryptocurrency fraud scheme
Two Estonian nationals, Sergei Potapenko and Ivan Turõgin, have admitted guilt in a large-scale cryptocurrency fraud case. The pair, initially arrested in November 2022 and extradited to the US in May 2024, were behind a massive cryptocurrency scam that spanned from 2015 to 2019 and defrauded hundreds of thousands of investors worldwide.
Potapenko and Turõgin operated a fraudulent cryptocurrency mining service called HashFlare.io, which they marketed as offering profitable contracts to investors. These contracts promised a share of the cryptocurrency mined through the service. In reality, HashFlare lacked the necessary computing power to fulfill its promises, and the perpetrators fabricated data on the platform to deceive investors into believing they were making profits. Over the course of four years, this scheme accumulated more than $577 million.
Both individuals have pleaded guilty to conspiracy to commit wire fraud, a charge that carries a maximum sentence of 20 years in prison. Their sentencing is scheduled for May 8, 2025.
In a separate case, Austin Michael Taylor, founder of the CluCoin cryptocurrency project, was sentenced to 27 months in prison and ordered to pay restitution and forfeit $1.14 million after pleading guilty to wire fraud in August 2024. Taylor used his social media influence to promote CluCoin's ICO, which promised a charitable focus but later shifted to NFTs, a game, and a metaverse platform. From May to December 2022, Taylor embezzled $1.14 million from investor funds, transferring it to his personal account and using it to gamble online.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.