Connect with us

Hi, what are you looking for?



Pakistani Man Bribed AT&T Employees to Unlock Phones, Plant Malware

A Pakistani national has been charged by U.S. authorities for his role in a scheme that involved bribing employees of telecommunications giant AT&T to help unlock phones and plant malware on the company’s network.

A Pakistani national has been charged by U.S. authorities for his role in a scheme that involved bribing employees of telecommunications giant AT&T to help unlock phones and plant malware on the company’s network.

The suspect, Muhammad Fahd, 34, was arrested in Hong Kong in February 2018 and he was extradited to the United States on August 2, 2019.

According to the Justice Department, Fahd led a conspiracy that involved bribing AT&T employees working at a call center in Bothell, Washington, to get them to unlock cell phones associated with specified international mobile equipment identity (IMEI) numbers.

Mobile carriers often sell phones at a discounted price, but require the buyer to stay on their network. However, these devices can be unlocked based on their IMEI number.

The man allegedly paid bribes totaling roughly $1 million — $428,000 was paid to a single insider over a five-year period — to have over 2 million devices fraudulently unlocked.

AT&T employees were also paid to plant malware and hardware on AT&T’s network that would allow Fahd to unlock phones remotely.

“Muhammad Fahd sent the insiders multiple versions of the unlocking malware to test and perfect the malware on behalf of the conspiracy,” reads an indictment unsealed on Monday. “Once the malware was perfected, Muhammad Fahd instructed the insiders to plant the unlocking malware on AT&T’s internal protected computers and to run the unlocking malware while they were at work. The unlocking malware used valid AT&T network credentials that belonged to co-conspirators and others, without authorization, to interact with AT&T’s internal protected computer network and process automated unauthorized unlock requests submitted from an external server.”

Advertisement. Scroll to continue reading.

Investigators believe the scheme started in 2012 and ran until 2017, despite the fact that AT&T discovered the malware and identified several insiders in October 2013. While those insiders left the company following AT&T’s investigation, Fahd recruited new people the next year.

The suspect is said to have contacted the insiders over phone or Facebook, and instructed them to get pre-paid phones and anonymous email accounts for communications. He also instructed them to create shell companies for receiving payments.

The indictment names both Fahd and Ghulam Jiwani, who authorities say is now deceased.

Fahd has been charged with conspiracy to commit wire fraud, conspiracy to violate the Travel Act and the Computer Fraud and Abuse Act, wire fraud, accessing a protected computer in furtherance of fraud, intentional damage to a protected computer, and violating the Travel Act. He faces up to 20 years in prison.

Related: Nine Charged in SIM Hijacking Scheme

Related: IT Specialist Convicted on Cyber Hacking Charges Sentenced

Related: 20 Indicted in Multimillion-Dollar Online Fraud Scheme

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...