Security Experts:

Pakistani Man Bribed AT&T Employees to Unlock Phones, Plant Malware

A Pakistani national has been charged by U.S. authorities for his role in a scheme that involved bribing employees of telecommunications giant AT&T to help unlock phones and plant malware on the company’s network.

The suspect, Muhammad Fahd, 34, was arrested in Hong Kong in February 2018 and he was extradited to the United States on August 2, 2019.

According to the Justice Department, Fahd led a conspiracy that involved bribing AT&T employees working at a call center in Bothell, Washington, to get them to unlock cell phones associated with specified international mobile equipment identity (IMEI) numbers.

Mobile carriers often sell phones at a discounted price, but require the buyer to stay on their network. However, these devices can be unlocked based on their IMEI number.

The man allegedly paid bribes totaling roughly $1 million — $428,000 was paid to a single insider over a five-year period — to have over 2 million devices fraudulently unlocked.

AT&T employees were also paid to plant malware and hardware on AT&T’s network that would allow Fahd to unlock phones remotely.

“Muhammad Fahd sent the insiders multiple versions of the unlocking malware to test and perfect the malware on behalf of the conspiracy,” reads an indictment unsealed on Monday. “Once the malware was perfected, Muhammad Fahd instructed the insiders to plant the unlocking malware on AT&T’s internal protected computers and to run the unlocking malware while they were at work. The unlocking malware used valid AT&T network credentials that belonged to co-conspirators and others, without authorization, to interact with AT&T’s internal protected computer network and process automated unauthorized unlock requests submitted from an external server.”

Investigators believe the scheme started in 2012 and ran until 2017, despite the fact that AT&T discovered the malware and identified several insiders in October 2013. While those insiders left the company following AT&T’s investigation, Fahd recruited new people the next year.

The suspect is said to have contacted the insiders over phone or Facebook, and instructed them to get pre-paid phones and anonymous email accounts for communications. He also instructed them to create shell companies for receiving payments.

The indictment names both Fahd and Ghulam Jiwani, who authorities say is now deceased.

Fahd has been charged with conspiracy to commit wire fraud, conspiracy to violate the Travel Act and the Computer Fraud and Abuse Act, wire fraud, accessing a protected computer in furtherance of fraud, intentional damage to a protected computer, and violating the Travel Act. He faces up to 20 years in prison.

Related: Nine Charged in SIM Hijacking Scheme

Related: IT Specialist Convicted on Cyber Hacking Charges Sentenced

Related: 20 Indicted in Multimillion-Dollar Online Fraud Scheme

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.