The Department of Justice revealed recently that employees at AT&T accepted bribes to unlock smartphones on the network and install malware and other unauthorized hardware on to the company’s network.
The details came about thanks to the DOJ opening a case against 34-year-old Muhammad Fahd and co-conspirator Ghulam Jiwani, who is believed to be dead.
The pair were charged with paying over a $1 million in bribes to AT&T employees at the AT&T Mobility Customer Care Call Center in Bothell, Washington.
The scheme allegedly ran between April 2012 and September 2017. The two men initially bribed employees to unlock iPhones to work outside of the AT&T network. They would recruit employees by approaching them privately through Facebook or by calling them. Employees that agreed to their terms were provided with IMEI phone codes.
Employees would receive the bribes in deposits to their bank accounts, through shell companies the pair created, or directly as a cash payment. This initial stage lasted for around a year. It came to an end in April 2013 when several employees either left AT&T willingly or were fired/fined.
This is when the plans change, and Fahd started bribing employees to install malware on the network at the Bothell call center instead. The malware collected information on the AT&T infrastructure between April and October 2013.
According to unsealed court documents, the malware was a type of keylogger. The malware was able to gather confidential and proprietary information about the structure and functioning of the internal applications and computers of AT&T.
The Department of Justice said that Fahd would also create a second piece of malware. This malware used the information gathered by the first. It used the credentials of AT&T employees to perform automated actions on internal applications to unlock AT&T phones for Fahd without the need to contact an actual employee.
Fahd ran into problems in November 2014, which is when – according to the DOJ – he started bribing employees to install rogue wireless access points in the call center. The access points helped Fahd to maintain his access to the internal apps and network at AT&T to continue unlocking phones.
The DOJ alleges the pair paid over $1 million in bribes to AT&T employees. They were able to unlock approximately two million phones, the majority of which were expensive iPhones. Investigators say that one employee received more than $428,500 in bribes across a five-year period.
The pair ran three companies; Endless Connections Inc., Endless Traiding FZE, and iDevelopment. The three companies were all a front business for the website SwiftUnlocks, which allows users to unlock iPhones from their carrier network.
AT&T sued three employees back in 2015 for installing malware on their networks. After investigating activities at the Bethell call center after they noticed an unusual number of phones being unlocked in October 2013. This was supposedly caused by the second strain of malware. The DOJ began an official investigation when AT&T filed its lawsuit.
Fahd was caught and arrested in Hong Kong last February. He was later extradited to the United States last week on August 2nd. He is facing a plethora of charges that could see him spending up to 20 years in jail.
AT&T estimates that the phone unlocking scheme cost them over $5 million per year in lost revenue.