AT&T employees took bribes to unlock millions of smartphones, and to install malware and unauthorized hardware on the company's network, the department of Justice said yesterday.
These details come from a DOJ pillowcase opened against Muhammad Fahd, a 34-year-old man from Pakistan, and his co-conspirator, Ghulam Jiwani, believed to be deceased.
The DOJ charged the two with paying more than $1 million in bribes to several AT&T employees at the company's Mobility Customer care call middle in Bothell, Washington.
OPERATING SINCE 2012
The bribery intrigue lasted from at least April 2012 until september 2017. Initially, the two Pakistani men bribed AT&T employees to unlock expensive iPhones so they could be used outside AT&T's network.
The two recruited AT&T employees by approaching them in private via telephone or Facebook messages. Employees who agreed, received lists of IMEI phone codes which they had to unlock for sums of money.
Employees would then find bribes in their bank accounts, in shell companies they created, or as cash, from the two Pakistani men.
This initial stage of the intrigue last for about a year, until april 2013, when several employees left or were fired by AT&T.
THE MALWARE STAGE
That's when Fahd changed tactics and bribed AT&T employees to instal malware on AT&T's network at the Bothell phone center. Between April and october 2013, this initial malware collected data on how AT&T infrastructure worked.
According to court documents unsealed yesterday, this malware appears to be a keylogger, having the ability to pucker confidential and proprietary information regarding the structure and functioning of AT&T's internal protected computers and applications.
The DOJ said Fahd and his co-conspirator then created a endorsement malware strain that leveraged the information acquired through the first. This endorse malware used AT&T employee credentials to perform automated actions on AT&T's internal covering to unlock phone's at Fahd's behest, without needing to interact with AT&T employees every time.
In november 2014, as Fahd began having problems controlling this malware, the DOJ said he also bribed AT&T employees to install rogue wireless access points inside AT&T's Bothell phone center. These devices helped Fahd with gaining access to AT&T internal apps and network, and keep the rogue phone unlocking scheme.
ONE AT&T EMPLOYEE MADE $428,500
The DOJ claims Fahd and Jiwani paid more than $1 million in bribes to AT&T employees, and successfully unlocked more than two million devices, most of which were expensive iPhones. i AT&T employee received more than $428,500 in bribes over a five year period, investigators said.
The DOJ said the two operated iii companies named Endless Trading FZE, Endless Connections Inc., and iDevelopment. The DOJ didn't say if Fahd and Jiwani were unlocking stolen devices, or running a unauthorized phone unlocking website. For some email communications, Fahd used the email@example.com address, suggesting the latter scenario.
Fahd was arrested in Hong Kong in February 2018, and extradited to the US on August 2, last week. He now faces a litany of charges that may send him behind bars for up to 20 years.
AT&T estimated it lost revenue of more than $5 million/year from Fahd's phone unlocking scheme.
We make been working closely with law enforcement since this intrigue was uncovered to land these criminals to justice and are pleased with these developments, an AT&T interpreter told ZDNet. The company said this incident did not involve access to customers' personal data.