2 min read

AT&T workers bribed to install malware on company network and unlock iPhones


August 07, 2019

Promo Protect all your devices, without slowing them down.
Free 30-day trial
AT&T workers bribed to install malware on company network and unlock iPhones

I can appreciate that iPhone users may want to unlock their devices to use them with a different carrier. What is perhaps less easy to sympathise with is the thought that it’s acceptable to hack the network of major telecoms company in order to do it.

The US government has extradited 34-year-old Muhammad Fahd from Hong Kong, and charged him for his part in a criminal scheme that is said to have cost AT&T millions of dollars.

Fahd, a citizen of Pakistan, is alleged to have paid sometimes huge sums of money to AT&T workers to unlock cellphones that were not eligible to be removed from AT&T’s network.

As ZDNet reports, after his insider contacts who were able to unlock iPhones lost their jobs within AT&T, Fahd is alleged to have bribed other workers into installing malware and rogue wireless hotspots within AT&T that allowed criminals to submit fraudulent and unuathorised lock requests directly.

Over the course of the conspiracy, which is said to have lasted over five years until September 2017, Fahd and his co-conspirators are claimed to have paid more than US $1,000,000 in bribes to AT&T insiders.

According to investigators, impressionable AT&T staff were recruited via Facebook and telephone, with one employee was bribed to the tune of US $428,500 over the five year period.

Over the course of the conspiracy, some two million cellphones – many of them expensive iPhones – were fraudulently unlocked.

According to prosecutors, AT&T lost more than US $9.5 million from the conspiracy.

“This arrest illustrates what can be achieved when the victim of a cyber attack partners quickly and closely with law enforcement,” said Assistant Attorney General Brian A. Benczkowski of the Justice Department”s Criminal Division. “When companies that fall prey to malware work with the Department of Justice, no cybercriminal—no matter how sophisticated their scheme—is beyond our reach.”

All companies need to be aware of the dangers that there could be rogue employees in their midst, and even if they do not possess the technical skills to hack the business they may be susceptible to being bribed by those who do.

Three former AT&T employees have pleaded guilty to taking part in the scheme and are, according to court documents, cooperating with the government’s investigation.

In an official statement, AT&T reassured customers that their personal information had not been accessed by the criminal activity, and confirmed it had been co-operating with the authorities:

“We have been working closely with law enforcement since this scheme was uncovered to bring these criminals to justice and are pleased with these developments.”

Fahd could face up to 20 years behind bars if he is convicted. A co-conspirator, Ghulam Jiwani, has since deceased.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like