[TheRecord] Man who bribed AT&T employees to install malware on the company’s network gets 12 years in prison

A Pakistani man who bribed AT&T employees to install malware on the company’s internal network has been sentenced today to 12 years in prison after he illegally unlocked more than 1.9 million phones, causing the US telco losses in excess of $201 million.

Muhammad Fahd, 35, a citizen of Pakistan and Grenada, paid more than $1 million in bribes to AT&T employees in the mid-2010s, according to court documents.

Working with a now-deceased co-conspirator, Fahd began his scheme in the summer of 2012 when he approached AT&T employees working in the company’s call center in Bothell, Washington.

Using Facebook as a means to communicate, Fahd promised large payments of money if call center employees agreed to unlock phones so they could be sold and used outside AT&T’s network.

To receive their bribes, Fahd told AT&T employees “to create shell companies and open business banking accounts in the names of the shell companies,” per the court docs.

Fahd recuperated the bribes by selling phone unlocking services through the now-defunct SwiftUnlocks.com website [archived].

But the scheme lasted only for a few months, until April 2013, when AT&T implemented a new phone unlocking procedure and call center employees Fahd had bribed either left or were fired by AT&T.

At this point, seeking to go around AT&T’s new systems, the US Department of Justice said Fahd hired a developer to write a piece of malware.

Fahd then bribed another employee to install the malware inside AT&T’s Bothell call center.

An initial version of the malware worked as a basic keylogger, collecting information from inside the network, including network layout and employee credentials.

A second version was more sophisticated and deployed at a later stage, acting as a remote access tool and allowing Fahd easy access to AT&T’s internal applications.

The mobile operator caught that something was wrong when engineers detected a large number of phone unlock operations from its Bothell call center.

A 2015 internal investigation ended up with AT&T firing and suing former employees on accusations of installing malware on its network, with the company unearthing the connection between the fired employees and the SwiftUnlocks website.

AT&T’s forensic analysis shows the total number of cellular telephones fraudulently unlocked by members of the scheme was 1,900,033 phones. AT&T has further determined that the loss it suffered because customers, whose cellular phones were illegally unlocked, failed to complete payments for their cellular telephones was $201,497,430.94.

US Department of Justice

AT&T also filed a separate complaint with the FBI, which conducted its own parallel investigation, and eventually tracking the entire scheme to Fahd and his co-conspirator, Ghulam Jiwani.

US officials filed charges against the two in 2017. Fahd was arrested in Hong Kong in 2018 and extradited to the US in August 2019. He pleaded guilty in September 2020.

The post Man who bribed AT&T employees to install malware on the company’s network gets 12 years in prison appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2021-01-16

BugTraq Shutdown www.securityfocus.com/archive/1/542247 At this time, resources for the BugTraq mailing list have not been prioritized, and this will be the last message to the list. The archive will be shut down January 31st, 2021. Also: www.zdnet.com/article/iconic-bugtraq-security-mailing-list-shuts-down-after-27-years/ Massive stolen credit card shop Joker’s Stash shuts down www.bleepingcomputer.com/news/security/massive-stolen-credit-card-shop-jokers-stash-shuts-down/ The administrator of Joker’s Stash, one of the […]

Read More

[BleepingComputer] Three UK telco bug has customers receiving and making random calls

Customers of the Three UK telco company are panicking as they receive a series of random phone calls due to an ongoing issue. Likewise, outbound calls from customers are being routed to random strangers. […] Source: Read More (BleepingComputer)

Read More

[ZDNet] These sneaky hackers hid inside their victims’ networks for nine months

All posts, ZDNet

Unpatched vulnerabilities in Microsoft Exchange Server could be providing a sustained cyber espionage operation with a way into networks. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.