Millions of devices have been unlocked without authorization after several AT&T employees took bribes to install malware and malicious hardware in the company’s main network, the Justice Department said.
The man who allegedly clandestinely paid AT&T employees in order to sneak in the malicious bugs in the telecom company’s data infrastructure was a 34-year-old man from Pakistan named Muhammad Fahd. He is also believed to have a co-conspirator, who already died, named Ghulam Jiwani.
The court documents that were unsealed yesterday revealed that Muhammad Fahd and Ghulam Jiwani paid at least $1 million in bribes to several AT&T employees at the company’s Mobility Customer Care call center in Bothell, Washington. The bribery was said to have happened between April of 2012 until September of 2017.
The iPhone unlocking scheme
The least concerning about the infractions of the duo is when they started with bribing AT&T employees with money to unlock iPhones that are service-locked with the company so that they can be used outside AT&T and with other service providers.
Part of AT&T’s services is to make iPhones affordable to its customers by offering them a phone plus service plan where they subsidize the cost of the phone for their subscribers. They also offer their customers interest-free installment plans. As part of the service contract, the customer has to agree to be locked in the services of AT&T for a long period of time, until the time the contract expires and the phones will automatically be “unlocked.”
Locking the phones to AT&T will only allow AT&T to become the service provider for the phone, and the phone will not work when sim cards of other telecom providers are used.
In order to bypass this process of unlocking the phone which requires the user to finish the duration of the contract, the suspects allegedly paid employees in the company’s Mobility Customer Care call centers in order to unlock certain phones illegally. The court document reveals that an unlocked phone would then be resold by the suspects which technically cuts off the revenue stream for AT&T.
Aside from selling unlocked phones, the duo was also alleged to sell the service of unlocking AT&T iPhones where the owners of the phones will pay Fahd a certain amount to get their iPhones unlocked from AT&T.
Planting malware and smuggling unauthorized hardware
In order to this, the court document says that Fahd and his co-conspirator also bribed AT&T employees to install malicious codes on AT&T’s servers and smuggle unauthorized hardware to facilitate their illicit activities.
AT&T said that the suspect, with the help of AT&T employees, which they referred to as “insiders,” installed a malware on the telecom company’s system “for the purpose of gathering confidential and proprietary information on how AT&T’s computer network and software applications functioned.”
Furthermore, the suspects used the information gathered from their data collection through the first malware to plant another malware that enabled them to unlock iPhones remotely from outside the United States.
The malware used by the suspects were said to use actual authorization credentials from real AT&T employees, proving the fact that they indeed have a deal with some rogue workers in the company. These credentials were used by the suspects to login and submit fraudulent requests under “false pretenses.”
Physical hardware, including wireless access points, was also smuggled in the workspaces of their “insiders” by bribing them with money. The unauthorized hardware was used by the suspects to get in the system of AT&T and carry out their crimes.
Out of this information, the Justice Department said that more than $1 million had been paid by the suspects to different AT&T employees to carry out their modus operandi, with one employee being paid with more than $428,500 in bribes over a five year period.
The payments were made by the duo under the name of the business they operated such as Endless Trading FZE, Endless Connections Inc., and iDevelopment, the investigators said.
In February 2018, the suspect was arrested in Hong Kong and extradited to the US on August 2, last week. He is now facing a series of cases filed against him and could potentially be sent to prison for more than 20 years.
“We have been working closely with law enforcement since this scheme was uncovered to bring these criminals to justice and are pleased with these developments,” an AT&T spokesperson said.