This article was published on August 7, 2019

AT&T employees bribed with $1M to unlock millions of phones

AT&T employees bribed with $1M to unlock millions of phones
Ravie Lakshmanan
Story by

Ravie Lakshmanan

AT&T employees unlocked millions of mobile phones to plant malware and remove the phones from the provider’s network — all for thousands of dollars in bribes.

The details were revealed after the US Department of Justice (DoJ) opened a case against Muhammad Fahd, who has been accused of running a fraudulent operation to disable AT&T’s proprietary software that safeguards phones from being unlocked.

The ultimate objective, the DoJ’s indictment reveals, was to sell the illegal software to the public, so that they could switch to a different network of their choice and deprive AT&T of the payments owed as per the contract terms.

According to court documents, Fahd is said to have paid off employees to identify “other employees who could be bribed and convinced to join the scheme.”

Fahd, a 34-year-old Pakistani citizen, and his coconspirator Ghulam Jiwani — now believed deceased — allegedly paid one employee $428,500 over a period of five years between 2012 and 2017

From phone unlocking to malware

The operation, in its initial stages, involved the two men approaching AT&T employees through telephone or Facebook messages. Those who agreed to their demands received batches of international mobile equipment identity (IMEI) numbers, which they unlocked in return for money.

But when most of the insiders helping Fahd were fired by the company in 2013, the duo switched their modus operandi to bribe employees to install malware on AT&T’s network at the Bothell call center.

Based on court documents, it appears that they installed a keylogger to gather confidential information regarding the structure and functioning of AT&T’s internal applications.

Armed with this knowledge, Fahd and his coconspirator created a second malware that allowed them to “process fraudulent and unauthorized unlock requests” from remote servers, effectively making it possible to unlock the phones remotely without any human intervention.

This also involved the installation of snooping hardware, malicious routers and rogue Wi-Fi access points so that they could gain further entry to the company’s computer systems.

The impact

In total, Fahd and his partner paid over $1 million to AT&T employees to unlock more than two million phones in this manner.

The DOJ said they operated three companies named Endless Trading FZE, Endless Connections Inc., and iDevelopment Co. But it isn’t immediately clear if their intent was to run an illegal phone unlocking enterprise.

The fraudulent scheme, for its part, is estimated to have cost the cellular provider million of dollars in lost revenue, as the phones were removed off its network and allowed customers to switch to any carrier.

Fahd was arrested in Hong Kong in February 2018, and extradited to the US on August 2, last week.

While the investigation is still in progress, Fahd faces up to 20 years in prison if found guilty, including several counts of wire fraud and conspiracy to violate the Computer Fraud and Abuse Act. The charges against Jiwani have been dropped as a result of his death.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with