A former U.S. Army soldier who hacked into AT&T and other telecom providers and extorted them over stolen data has pleaded guilty.

https://www.justice.gov/opa/pr/former-us-soldier-pleads-guilty-hacking-and-extortion-scheme-involving-telecommunications

21-y/o Cameron John Wagenius, who went by the nickname "Kiberphant0m," was arrested last year after a collaborative effort between security researchers and law enforcement helped identify him and his two co-conspirators in real life. Some of that discovery process was described in a front-page WSJ story last year, but there were a LOT of people involved in finding these guys. The DOJ press release credits Flashpoint and Unit 221B.

https://www.wsj.com/tech/cybersecurity/hacking-brian-krebs-snowflake-waifu-49b87fce?gaa_at=eafs&gaa_n=ASWzDAjeblCmO8OxOqX1B391KhkwMORjzYAAW4-Yd0qVCP2mDjNZs92o9jYEfE0xNe0%3D&gaa_ts=6877cf95&gaa_sig=4evbq_UDMdzLpsu6MuWV6YU0izSEB62WwY4TI5nzSa3OPMYkJ0oRjhj2AZjf9s1ZZSQJvmPexbXLvjRBwdLImg%3D%3D

At the end of November 2024, I published findings that Kiberphant0m was likely a U.S. Army soldier stationed in South Korea. At the time, he was still trying to extort money from victims, and telling me he'd never get caught.

https://krebsonsecurity.com/2024/11/hacker-in-snowflake-extortions-may-be-a-u-s-soldier/

A little over a month later, Wagenius was arrested in Texas.

https://krebsonsecurity.com/2024/12/u-s-army-soldier-arrested-in-att-verizon-extortions/

Oddly enough, Wagenius has been calling me quite a bit from federal prison, sometimes just to shoot the breeze apparently. He was convinced for many months that the initial guilty plea he accepted would preclude the government from piling on more charges, but they did anyway. He pleaded guilty to those, too. I never once got the impression that he was at all concerned he would be sent away for more than a few months.

TIL https://github.com/OWASP/cwe-tool (e.g. `$ npx cwe-tool --id 22`)

Turns ugly CWE XML to usable JSON

I just posted the slides from my "What's my job again?" talk that I delivered at Tampa BSides in May.

This talk covered what security jobs there are to be done in an organization (we found 73 so far across security, technology, and business teams).

This talk is based on an upcoming standard from The Open Group that defines security roles, security accountabilities on business and technology teams, and what happens if any of those 'jobs to be done' isn't being done.

These roles span the Board of Directors and CEO all the way through SOC analysts and threat hunters, IT/OT engineers and operations, CIOs, CISOs, lawyers, finance, business managers, and more.

Share and enjoy!

https://www.slideshare.net/slideshow/what-s-my-job-again-slides-from-mark-simos-talk-at-2025-tampa-bsides/281214751

I gave some career advice for security practitioners at a recent talk at BSides Tampa and thought I would share this one. (I will post link to full recording when available)

◾ Always focus on outcomes - In cybersecurity, 'how' we do our jobs is complex with a lot of details that can be distracting (especially for the neurodiverse brains among us). Despite these distractions, its critical to keep focus on outcome because what people pay you for is measured by your outcomes. What did you do that enabled your boss and their bosses to get something that they care about? (stopping/finding attackers, convincing another group to make a change, etc.) The value you have to an organization (and to your boss) is what you get done. Everyone always appreciates someone gets s--t done.

◾ Be a team player - Nothing you have or can accomplish is ever done solely by you and you alone. You always learned something from someone else (even if it is just an anonymous author of a technical manual). You always need the expertise, connections/visibility, credentials, etc. of teammates and colleagues to get inspiration and to execute on stuff. Nobody wants a grand standing a-hole on their team, no matter how talented they may be. Even if someone is talented enough that people to put up with that a-hole for a little while, people will be happy to replace them with another talented person (or a team of people) that works well together.

◾ Continuously adapt - You have to adapt to constant change because everything is always changing-- technology, business model, the people around you and their priorities, security threats, security technology, and more. Always always always be ready to adapt to whatever comes along. Every change can be a benefit or a challenge or both, every tool can be a weapon and every weapon and be a tool.

◾ Always tell your own story - you really need to tell the story of your victories. Never brag that you’re better than other people, but always make sure that people (especially your boss) knows what your accomplishments are (and how it can help them). Make sure to talk about the 'silent ones' that people would normally/naturally miss. If the script you wrote is still saving the company $##,000 per X, occasionally mention this in addition to the "what have you done for me lately“ recent outcomes.

YES

Stop trying to fix the user. It’s not the user’s fault if they click on a link and it infects their system. It’s not their fault if they plug in a strange USB drive or ignore a warning message that they can’t understand. It’s not even their fault if they get fooled by a look-alike bank website and lose their money. The problem is that we’ve designed these systems to be so insecure that regular, nontechnical people can’t use them with confidence. We’re using security awareness campaigns to cover up bad system design. Or, as security researcher Angela Sasse first said in 1999: “Users are not the enemy.”

https://www.schneier.com/blog/archives/2025/05/why-take9-wont-improve-cybersecurity.html

Voigt-Kampff for DPRK plants.

https://www.zmescience.com/science/news-science/north-korean-job-fraud-missile-funding/