An announcement by the US Department of Justice alleges that Muhammad Fahd, a 34 year old Pakistani, bribed employees of AT&T to plant malware and unlock mobile phones so they could be sold.
Fahd recruited and paid AT&T insiders to use their computer credentials and access to disable AT&T’s proprietary locking software that prevented ineligible phones from being removed from AT&T’s network. The scheme resulted in millions of phones being removed from AT&T service and/or payment plans, costing the company millions of dollars.
Corrupt AT&T staff received generous payments from Fahd, which were transferred to them by Western Union or paid in cash by an accomplice who traveled from Pakistan to the USA.
Fahd allegedly paid the insiders tens of thousands of dollars – paying one coconspirator $428,500 over the five-year scheme.
Fahd instructed the corrupt staff to use methods of communication that were difficult to trace and to form corporate entities to receive payment. They were even incentivized to expand the corruption like a pyramid scheme.
Some early recruits were paid to identify other employees who could be bribed and convinced to join the scheme.
AT&T eventually identified and stopped Fahd’s first fraudulent scheme, but this only prompted him to become more sophisticated.
Initially, Fahd allegedly would send the employees batches of international mobile equipment identity (IMEI) numbers for cell phones that were not eligible to be removed from AT&T’s network. The employees would then unlock the phones. After some of the co-conspirators were terminated by AT&T, the remaining co-conspirator employees aided Fahd in developing and installing additional tools that would allow Fahd to use the AT&T computers to unlock cell phones from a remote location.
According to the court indictment, Fahd’s accomplices also spread malware on AT&T’s corporate network.
…Fahd sent malware to the insiders… and instructed them to install the malware on AT&T’s computer network. The malware was designed to gather confidential and proprietary information regarding the structure and functioning of AT&T’s internal protected computers and applications.
Using information collected by the malware, Fahd… created additional malware designed to facilitate the transmission of commands… from a remote server to AT&T’s protected internal computer network and to submit unauthorized lock requests.
The Department of Justice press release can be found here.