AT&T employees took bribes to put malware on network

(Image credit: Pexels)

The US Department of Justice has revealed that AT&T employees took bribes to unlock millions of smartphones and to install malware and unauthorized hardware on its network.

The news comes from a DOJ case opened against 34 year old Muhammad Fahd from Pakistan and his co-conspirator Ghulam Jiwani who is believed to be deceased. The two were charged with paying over $1m in bribes to several AT&T employees at the telecom's Mobility Customer Care call center in Bothell, Washington.

The bribery scheme went on for several years and lasted from at least April of 2012 until September 2017. It started when the two Pakistani men bribed AT&T employees to unlock iPhones so that they could be used on other networks.

Fahd and Jiwani recruited the company's employees over the phone or through Facebook messages and once they agreed, they received lists of IMEI phone codes which they had to unlock to receive payment as cash or deposited in their bank accounts.

The first stage of the scheme lasted for about a year until several employees left or were fired by the company.

Malware stage

Fahd and Jiwani then changed their tactics by having AT&T employees install malware on the company's network at its Bothell call center. This initial malware collected data on how the company's infrastructure worked between April and October of 2013.

Court documents, which were recently unsealed, revealed that this malware was a keylogger with the ability "to gather confidential and proprietary information regarding the structure and functioning of AT&T's internal protected computers and applications”.

According to the DOJ, the pair then created a second malware that used information acquired by the first malware. This new malware used AT&T employee credentials to perform automated actions on the company's internal application to unlock phones whenever Fahd wanted without any further help from its employees.

Once Fahd began to have problems controlling this malware, he bribed AT&T employees to install rogue wireless access points inside its Bothell call center. These devices helped him gain access to the company's internal apps and network so that he could continue his phone unlocking scheme.

The DOJ claims that Fahd and Jiwani paid over $1m in bribes to the company's employees and were able to successfully unlock more than 2m devices. Fahd was arrested in Hong Kong in February of 2018 and then extradited to the US this August. He now faces a number of charges and if found guilty, could spend up to 20 years behind bars.

Via ZDNet

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.