AT&T employees bribed more than $1M to unlock phones, install malware, DOJ says

The DOJ said the scheme allowed buyers to stop using AT&T as a provider.

August 6, 2019, 11:11 AM

The Department of Justice has unsealed charges against a man who allegedly paid AT&T "insiders" more than a million dollars over five years to unlock more than two million cell phones "fraudulently," allowing buyers to avoid using the company as a provider.

"The object ... was to sell members of the public the resulting ability fraudulently to unlock phones, so that members of the public could stop using AT&T wireless services and therefore deprive AT&T of the stream of payments it was owed under customers' service contracts and installment plans," an indictment unsealed Monday in the Western District of Washington state, said.

Between 2013 and 2017, Muhamad Fahd a 34-year-old from Pakistan allegedly bribed AT&T employees at a call center in Bothell, Washington, to "use their network credentials and exceed their authorized access to AT&T's computers to submit large numbers of fraudulent and unauthorized unlock requests on behalf of the conspiracy and to install malware and unauthorized hardware on AT&T's systems," according to the indictment.

One employee was allegedly paid $428,500 over the five-year scheme,

Fahd, who was extradited through Hong Kong, is charged with conspiracy to commit wire fraud, conspiracy to violate the Travel Act and the Computer Fraud and Abuse Act, four counts of wire fraud, two counts of accessing a protected computer in furtherance of fraud, two counts of intentional damage to a protected computer, and four counts of violating the Travel Act.

DOJ says the scheme cost the company millions and resulted in millions of phones being removed from AT&T service. A phone is usually locked to a carrier, like AT&T, according to Apple, and unlocking a phone means disconnecting or "unlocking" from one carrier, and then the phone can be used by anyone.

It is not the same as merely using a passcode to unlock a cellphone.

"We have been working closely with law enforcement since this scheme was uncovered to bring these criminals to justice and are pleased with these developments," AT&T said in a statement to ABC News, and a spokesperson added that this incident did not compromise customer information or affect any customers.

PHOTO: The Department of Justice stands in the early hours of March 22, 2019 in Washington, D.C.
The Department of Justice stands in the early hours of March 22, 2019 in Washington, D.C.
Drew Angerer/Getty Images

The AT&T insiders, allegedly planted malware on computers that allowed Fahd to log into AT&T's "internal protected computers under false pretenses and to process fraudulent and authorized unlock request," from a remote location, the indictment says.

DOJ alleges that in addition to a malware, the AT&T employees were bribed to also use their physical access points to install hardwired devices to give Fahid remote access to internal "protected computers," so he could study the company's processes.

Much like the malware, the credentials used to unlock phones belonged to actual AT&T employees, DOJ says.

"This arrest illustrates what can be achieved when the victim of a cyber attack partners quickly and closely with law enforcement,” Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division said in a statement. “When companies that fall prey to malware work with the Department of Justice, no cybercriminal—no matter how sophisticated their scheme—is beyond our reach.”

The indictment shows a pattern over the course of those five years, after getting caught by AT&T investigators in 2013, the employees that were helping Fahd left the company, but he still recruited more people to conspire with him, DOJ says.

"Fahd ... began programming hardware devices designed to facilitate unauthorized access to AT&T's internal protected network for the purpose of processing authorized unlock requests," the indictment reads.

Once "perfecting" the devices, Fahd gave them to the AT&T employees he was bribing and they plugged them in to the internal network "without authorization to facilitate the unlocking of phones."

Fahd instructed employees to get burner phones and emails to communicate with him and to create shell companies to receive payments, the Department of Justice said.

At the same time, DOJ alleges Fahd was working a list of people "who operated businesses that offered unlocking services to customers for a fee."

Fahd would help people who were trying to get out of their AT&T contract, he would get a phone's IMEI, what are like serial numbers and have the AT&T employees unlock it .

Another man, who is now deceased, responsible for paying the bribes and gathering IMEI numbers, was also charged.