AT&T, the world’s largest telecommunications firm, lost over $200 million after a Pakistani scammer and his partners coordinated a seven-year scheme that led to the fraudulent unlocking of nearly 2 million phones.
Muhammad Fahd, 35, of Karachi, has been sentenced to 12 years in prison after he bribed several AT&T employees to do his bidding, including unlocking phones, giving him access to their credentials, and installing malware that gave him remote access to the mobile carrier’s servers, the Department of Justice (DOJ) said.
How it all started?
It all began in the summer of 2012 when Fahd recruited an AT&T employee via Facebook using the false name “Frank Zhang”. He bribed the employee and his co-workers with “significant sums of money” to remove the carrier’s protection that locked cellular phones to its network.
In April 2013, the scammer was forced to recruit a malware developer to manufacture malicious tools after AT&T launched a new unlocking system that restricted corrupt employees from continuing unlocking phones on his behalf.
“At Fahd’s request, the employees provided confidential information to Fahd about AT&T’s computer system and unlocking procedures to assist in this process. Fahd also had the employees install malware on AT&T’s computers that captured information about AT&T’s computer system and the network access credentials of other AT&T employees. Fahd provided the information to his malware developer, so the developer could tailor the malware to work on AT&T’s computers,” according to the sentencing documents.
Fahd and his co-conspirators also used multiple shell companies to cover up their illegal activity, including Swift Unlocks Inc, Endless Trading FZE (aka Endless Trading FZC), Endless Connections Inc, and iDevelopment Co, according to the indictment.
AT&T forensic analysis discovered that 1,900,033 cellular phones were unlocked unlawfully by the scammers behind this scheme, resulting in $201,497,430.94 of losses due to lost payments.
The company also sued former employees after unearthing they were bribed into illegally unlocking phones and seeding malware and malicious tools on its network. “We’re seeking damages and injunctive relief from several people who engaged in a scheme a couple of years ago to illegally unlock wireless telephones used on our network,” AT&T said in a statement to a local media outlet.
“It’s important to note that this did not involve any improper access of customer information or any adverse effect on our customers.” In 2018 Fahd was arrested in Hong Kong and he was extradited to the US in 2019. He remained in jail until he was sentenced earlier this week to 12 years in prison after pleading to conspiracy to commit wire fraud in September 2020.
At the sentencing hearing, U.S. District Judge Robert S. Lasnik for the Western District of Washington noted that Fahd had executed a terrible cybercrime over a long period even after he was aware that law enforcement was investigating.