Hacker threatens to release Donald Trump, Kamala Harris’ personal mobile phone numbers in AT&T extortion bid

WORLD EXCLUSIVE

A hacker is threatening to release the private call logs of United States President-elect Donald Trump and Vice President Kamala Harris if one of the world’s largest telecommunications companies does not comply with their demands.

The cybercriminal, who uses the handle kiberphant0m, posted a sample of Harris’ stolen call records to a private hacking forum on November 5 alongside a slightly garbled demand to American telecommunications company AT&T.

“TRUMP and Vice President of the United States CALL LOGS -- OFFICIAL WARNING TO ATNT,” the post says.

“If you do (not) contact me or Reddington by Sunday, consider all of the Data to be leaked. You have until Sunday to contact me or Reddinton. In the event you do not reach out to us @ATNT all presidential government call logs will be leaked. You don’t think we don’t have plans in the event of an arrest? Think again.

“I’d highly advise you to contact us.”

Kiberphant0m instructed AT&T to contact them via encrypted messaging platform Telegram or private message on the forum.

“Have fun with the media coverage, shouldn’t (have) dragged it on,” they added.

Kiberphant0m followed up his demand with #FREEWAIFU typed five times.

Waifu is one of the hacker handles of Alexander “Connor” Moucka, who was arrested in Canada last week and is facing extradition to the US after extorting some of the world’s largest corporations earlier this year.

The post by Kiberphant0m, obtained by The Nightly, also includes a link to download a zip folder of Trump and Harris’ call logs. However, the link no longer works.

He posted a similar demand in his Telegram group.

The Nightly has chosen not to publish the call logs because they contain personal phone numbers but a sample of Harris’ phone records from 2022 includes calls to her pastor, civil rights leader Amos C. Brown, and her campaign co-chair Cedric Richmond.

The Nightly called Mr Richmond on the number revealed in the call logs, and briefly spoke with him, indicating the phone records are genuine.

“I’m in New Orleans,” he said.

“I’m not doing any TV or talking about the presidential race today.

“If you call me tomorrow, I might entertain it, but not today.”

AT&T’s director of corporate communications Jim Kimberly immediately responded to questions from The Nightly by saying “We are not commenting”.

AT&T was one of the corporations targeted by hackers in the Snowflake data breach earlier this year.

Snowflake is a data warehousing tool where companies store massive amounts of information.

AT&T learned in April that its customer data had been illegally downloaded from its workspace on the third-party cloud platform.

The telco revealed that the compromised data included files containing records of calls and texts of nearly all of its cellular customers, customers of mobile virtual network operators using its wireless network, as well as its landline customers who interacted with those cellular numbers between May 1, 2022 and October 31, 2022.

“The compromised data also includes records from January 2, 2023, for a very small number of customers,” the company confirmed.

The US Department of Justice, Mr Trump’s office and Ms Harris have not responded to requests for comment.

The Nightly has reached out to kiberphant0m but he is yet to respond.

Meanwhile his associate, Mr Moucka, is in a Canadian jail and facing extradition to the US.

The 26-year-old software engineer is suspected of committing a string of breaches involving Snowflake.

Over a number of months, more than 165 Snowflake customers — including AT&T, Santander bank, Ticketmaster owner Live Nation Entertainment, Ticketek owner TEG, Lending Tree, Advance Auto Parts and Neiman Marcus — had their data exposed or stolen.

The hack was one of the biggest in history due to the scale of personal data stolen in the breaches.

Notorious cybercrime group ShinyHunters – which Mr Moucka is alleged to be a part of – claimed to have stolen the personal data of 560 million Ticketmaster customers alone.

The Ticketmaster and Ticketek breaches affected millions of Australians who had their personal data stolen and published online.

After stealing the data, Mr Moucka — who used online handles including Judische and Waifu — allegedly tried to extort the companies he had breached by threatening that if ransoms were not paid, the stolen personal data would be posted online.

Some companies, including AT&T, paid hackers to delete their stolen records.

Since then a months-long international investigation involving cybersecurity researchers and international law enforcement, including the Australian Federal Police, identified Moucka as the suspected Snowflake hacker and traced him to Kitchener, Ontario, where he was arrested on October 30.

On Wednesday Mr Moucka faced an extradition hearing in Ontario’s Superior Court of Justice where he appeared remotely via an audio link from prison.

Mr Moucka told the court he did not yet have a lawyer but “I’ll get one soon I think”, according to 404 Media.

The court then heard Mr Moucka would have to apply for legal aid.

The AFP said it was “aware of this matter” in relation to Mr Moucka’s arrest but “has no comment”.