AT&T lost $200M in seven years to illegal phone unlocking scheme

A Pakistani fraudster was sentenced to 12 years in prison earlier this week after AT&T, the world's largest telecommunications company, lost over $200 million after he and his co-conspirators coordinated a seven-year scheme that led to the fraudulent unlocking of almost 2 million phones.

Throughout this operation, Muhammad Fahd — the scheme leader — bribed multiple AT&T employees to do his bidding, including unlocking phones, giving him access to their credentials, and installing malware that gave him remote access to the mobile carrier's servers.

"Beginning in 2012, Fahd, 35, conspired with others to recruit AT&T employees at a call center located in Bothell, Washington, to unlock large numbers of cellular phones for profit," the Department of Justice (DOJ) said.

"Fahd recruited and bribed AT&T employees to use their AT&T credentials to unlock phones for ineligible customers.

"Later in the conspiracy, Fahd had the bribed employees install custom malware and hacking tools that allowed him to unlock phones remotely from Pakistan."

Bribes, malware, and rogue wireless access points

Between the summer of 2012 and April 2013, Fahd recruited AT&T employees as insiders by bribing them with hundreds of thousands of dollars to remove the carrier's protection that locked cellular phones to its network.

Starting with April 2013, the fraudster was forced to hire a malware developer to design malicious tools after AT&T introduced a new unlocking system that prevented corrupt employees from continuing unlocking phones on his behalf.

Once deployed on the company's network by bribed employees, the malware collected enough info to create additional malware, which the fraudsters used to remotely "process fraudulent and unauthorized unlock requests" from Pakistan.

From November 2014 to September 2017, Fahd and several conspirators also bribed AT&T employees to plant hardware devices (such as wireless access points) on the carrier's internal network.

After this breach, the conspirators gained the access they needed to AT&T's systems to automate the "process of submitting fraudulent and unauthorized unlock requests.

Throughout the scheme, Fahd and his co-conspirators used multiple shell companies to cover-up their illegal activity, including Swift Unlocks Inc, Endless Trading FZE (aka Endless Trading FZC), Endless Connections Inc, and iDevelopment Co according to the indictment.

Continued unlocking phones although aware of ongoing investigation

AT&T found that 1,900,033 cellular phones were illegally unlocked by conspirators behind this scheme, resulting in $201,497,430.94 of losses due to lost payments.

The company also sued former employees fired after discovering they were bribed into illegally unlocking phones and planting malware and malicious tools on its network.

"We're seeking damages and injunctive relief from several people who engaged in a scheme a couple of years ago to illegally unlock wireless telephones used on our network," AT&T said in a statement to GeekWire at the time.

"It’s important to note that this did not involve any improper access of customer information, or any adverse effect on our customers."

Fahd was arrested in Hong Kong in February 2018 and he was extradited to the US in August 2019.

He remained in jail until he was sentenced earlier this week to 12 years in prison after pleading to conspiracy to commit wire fraud in September 2020.

"At the sentencing hearing U.S. District Judge Robert S. Lasnik for the Western District of Washington noted that Fahd had committed a 'terrible cybercrime over an extended period,' even after he was aware that law enforcement was investigating," the DOJ added.