AT&T employees were bribed over $1 million for assisting hackers to illegally unlock cellphones, says DOJ

Yesterday the United States’ Department of Justice (DOJ) stated that Muhammad Fahd, a 34-year-old citizen of Pakistan had bribed the employees from AT&T’s Seattle-area offices and call centers by paying more than $1 million. Fahd bribed those employees in order to install malware on AT&T’s network so that he could unlock millions of smartphones. Fahd was supported by Ghulam Jiwani in this conspiracy, who is believed to be deceased.

They tried to get illegal access to 2 million of the company’s phones from 2012 and 2017. Last year in February, on United States’ request, Muhammad Fahd got arrested in Hong Kong in the same month and was extradited to the United States last week. Fahd has a serious criminal history which includes intentional damage to a protected computer, wire fraud, and conspiracy to violate the Computer Fraud and Abuse Act, violate the Travel Act.

AT&T uses proprietary locking software on its phone in order to prevent its phone from getting used on any other wireless network except for the AT&T network until the phones were unlocked. On unlocking the phones, the proprietary locking software would get disabled and which would let the phone work on multiple carrier systems.

According to the Wireless Customer Agreement between AT&T and its customers, the company would unlock the customers' phone once the customers have fulfilled their terms of service contract or installment plan.

These unlocked phones could be resold and be used by any other network. When the customers’ phone got fraudulently switched to another network, AT&T got deprived of some of the customers’ remaining payments that were under a customer’s installment plan and terms of service contract.

As a result, millions of phones got removed from AT&T service and payment plans which costs the company millions of dollars. Fahd had paid tens of thousands of dollars to the AT&T insiders and to one of the co-conspirators he paid $428,500 over the five-year scheme.

The conspiracy started in 2012 and is still under investigation

Last year in March, the second superseding indictment was filed that stated how Fahd bribed AT&T employees and used their computer credentials and disabled AT&T’s proprietary locking software.

As per the indictment, between April 2012 to April 2013, they gave instructions to AT&T’s insiders with the help of wires in interstate and foreign commerce. Fahd had also sent the list of cellular IMEI numbers for the phones to the insiders. Between April 2013 to October 2013 the AT&T insiders were bribed to plant malware on the computer systems to get information about the company’s computer network and software applications. This information was then used for creating another malware that interacted with the company’s internal protected computer systems for processing the fraudulent unlock requests.

Between November 2014 to September 2017, they again bribed the AT&T insiders for getting access to AT&T’s physical workspace for installing unauthorized hardware devices such as wireless access points to get unauthorized access to the company’s computers.

Fahd used to contact these insiders through telephone, Facebook, anonymous email accounts and other channels. They were instructed to open shell companies and business accounts on the names of these shell companies for receiving payments. The insiders even helped Fahd and Jiwani for developing and installing tools that would help them in unlocking the phones even from a remote location. Till now, three of those co conspirators have pleaded guilty and have admitted that they were paid thousands of dollars for serving Fahd’s fraudulent scheme.

Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, said, “This arrest illustrates what can be achieved when the victim of a cyber attack partners quickly and closely with law enforcement.”

Benczkowski further added, “When companies that fall prey to malware work with the Department of Justice, no cybercriminal—no matter how sophisticated their scheme—is beyond our reach.”

U.S. Attorney Brian T. Moran for the Western District of Washington said, “This defendant thought he could safely run his bribery and hacking scheme from overseas, making millions of dollars while he induced young workers to choose greed over ethical conduct.”

Attorney Brian T. Moran added, “Now he will be held accountable for the fraud and the lives he has derailed.”

Currently, the U.S. Secret Service Electronic Crimes Task Force is investigating this case.

Community demands for strict security measures as employees were involved too

According to a few users, the companies need to take strict security measures and shouldn’t ignore any security threat to them and implement encryption for user data.

A user commented on HackerNews, “Companies need to assume that their network is compromised. Ignoring anything else that means they need to adopt E2E encryption for all user data (except where legally mandated to be insecure, or when the data has a fundamental need to be accessible - e.g. your bank needs to know how much money you have). Anything else, including dumbass politicians demanding magic crypto, makes your user data a valuable and achievable target.”

Few others are shocked about the fact that AT&T employees were involved in this.

https://twitter.com/harrymccracken/status/1158745600399159297

https://twitter.com/rstephens/status/1158759723870482437

https://twitter.com/BobbyChesney/status/1158746997790257155

To know more about this news, check out the official page.

Google, Amazon, AT&T met the U.S Senate Committee to discuss consumer data privacy, yesterday

Winnti Malware: Chinese hacker group attacks major German corporations for years, German public media investigation reveals

25 million Android devices infected with ‘Agent Smith’, a new mobile malware