AT&T Loses $200 Million to Phone Unlocking Malware
Table of Contents
- By Dawna M. Roberts
- Published: Sep 28, 2021
- Last Updated: Mar 18, 2022
A Pakistani hacker was able to install malware with the help of bribed workers and unlock and steal millions of mobile phones from the AT&T U.S. network.
What Happened?
According to Department of Justice (DOJ) records, Muhammad Fahd of Pakistan spent seven years grooming AT&T employees at a Bothell, Washington call center for AT&T to complete his ruse. He convinced the workers to disconnect mobile phones on the AT&T network. He and his now-deceased partner bribed the AT&T employees for their compliance. The workers used their own credentials to log into the system and perform actions to further his criminal activity.
During the 7-year scam, Fahd bilked AT&T out of more than $200 million in lost subscription fees. In addition, the DOJ explained that the 35-year-old cyber thief disconnected more than 2 million phones from the network.
Court documents also showed Fahd enticed AT&T call center employees to install his own malware and “hacking tools that allowed him to unlock phones remotely from Pakistan.”
How Did it Work?
The scam began in 2012 when Fahd targeted an AT&T employee on Facebook using the fake alias “Frank Zhang.” According to Threatpost,
“He offered the employee “significant sums of money” in return for taking part in his scheme, and asked the person to recruit other AT&T employees to the ring as well.”
The scam worked by disconnecting phones that were still under contract, and the owners were then able to take them to another service. DOJ court documents said,
“Unlocking a phone effectively removes it from AT&T’s network, thereby allowing the account holder to avoid having to pay AT&T for service or to make any payments for the purchase of the phone.”
Additionally, Fahd instructed his accomplices to launder the bribe money “Fahd instructed the recruited employees to set up fake businesses and bank accounts for those businesses, to receive payments and to create fictitious invoices for every deposit made into the fake businesses’ bank accounts to create the appearance that the money was payment for genuine services.”
When AT&T developed new unlocking software in 2013, Fahd hired a developer to create custom malware to do the job for him. “At Fahd’s request, the employees provided confidential information to Fahd about AT&T’s computer system and unlocking procedures to assist in this process. Fahd also had the employees install malware on AT&T’s computers that captured information about AT&T’s computer system and the network access credentials of other AT&T employees. Fahd provided the information to his malware developer, so the developer could tailor the malware to work on AT&T’s computers.”
How Did AT&T Respond?
In 2015, AT&T brought a lawsuit against the call center workers when a fake company called SwiftUnlocks exposed the ruse after they advertised the service of unlocking phones online. The malware was discovered in 2013, and AT&T fired the employees and then sued them personally.
Eventually, the entire operation was traced back to Fahd, who now faces a 12-year sentence in federal prison. Threatpost adds,
“Fahd was indicted in 2017 and arrested in Hong Kong in 2018. He was extradited and appeared in U.S. District Court in Seattle in August 2019. He pleaded guilty to conspiracy to commit wire fraud last September.”
Insider fraud and data breaches continue to be a serious concern for large companies like AT&T. Some employees knowingly engage in malicious activities against their employer, but some are unwitting and do not realize they are being tricked into fraud.
Threatpost summarizes that “AT&T has had its share of trouble, including facing a $224 million legal challenge after store employees were caught in a SIM-swapping ring.”
