Hacker bribed AT&T workers to illegally unlock cell phones, DoJ alleges

A 34-year-old man is being charged for allegedly paying insiders at AT&T to plant malware and otherwise misuse computer networks to unlock cell phones, according to the U.S. Department of Justice.

The DoJ said the man, identified as Muhammad Fahd of Pakistan, was arrested in Hong Kong on February 4, 2018, and extradited to the United States last Friday.  

Court documents describe how Fahd several years ago recruited and paid AT&T insiders to use their computer credentials and access to disable AT&T’s proprietary locking software that prevented ineligible phones from being removed from AT&T’s network. According to the DoJ, the scheme resulted in millions of phones being removed from AT&T service and/or payment plans, costing the company millions of dollars.

The scheme had Fahd contacting insiders at AT&T via telephone, Facebook and other channels offering to pay them to unlock cell phones. Fahd instructed the insiders to create shell companies and open business banking accounts in the names of the shell companies to receive payments for their work, according to court documents. A co-conspirator also was named but has since died.

Initially, Fahd allegedly would send the employees batches of international mobile equipment identity (IMEI) numbers for cell phones that were not eligible to be removed from AT&T’s network. The employees would then unlock the phones. After some of the co-conspirators were fired by AT&T, the remaining co-conspirator employees aided Fahd in developing and installing additional tools that would allow Fahd to use the AT&T computers to unlock cell phones from a remote location.  

Some early AT&T recruits were paid to identify other employees who could be bribed and persuaded to join the scheme. The DoJ said that so far, three of those co-conspirators have pleaded guilty, admitting they were paid thousands of dollars for facilitating Fahd’s scheme. One person allegedly was paid $428,500 over a five-year span.

RELATED: Verizon implements 60-day locking policy on new phones

Around October 2013, AT&T discovered the malware and identified several insiders who were operating the unlocking malware at Fahd’s direction; those insiders subsequently left AT&T after being approached by AT&T investigators.

Fahd has been charged with conspiracy to commit wire fraud and other crimes that could put him behind bars for up to 20 years. If convicted, the ultimate sentence will be determined by the court based on advisory sentencing guidelines and other statutory factors.

An AT&T spokesman provided the following statement to Fierce Wireless: “We have been working closely with law enforcement since this scheme was uncovered to bring these criminals to justice and are pleased with these developments.”

The spokesman added that the scheme to illegally unlock wireless phones occurred several years ago and it did not involve any improper access or compromise of customer information, “or affect our customers.”

The court documents noted that the unlocked phones were a valuable commodity because they could be resold and used on any other compatible network around the world. If an AT&T’s customer’s phone was unlocked with or without authorization, that customer could switch to another carrier and if that happened, AT&T would be deprived of the remaining value of the customer’s service contract and if applicable, remaining payments under the customer’s installment plan.