District Court in Seattle in August 2019. Lasnik for the Western District of Washington noted that Fahd had committed a “terrible cybercrime over an extended period.”įahd was indicted in 2017 and arrested in Hong Kong in 2018. Eventually, the entire operation was traced back to Fahd andĪt the sentencing hearing U.S. When someone requested an unlock, Swift Unlocks would oblige, obtaining the unlock codes using the malware-enabled remote access to AT&T’s systems.ĪT&T employees were paid $2,000 every two weeks for facilitating the effort, according to the lawsuit, with two of the top participants “earning” $10,500 and $20,000 respectively. AT&T discovered the malware around October 2013, firing the employees involved.
The “customer-facing” aspect was run through a shady, now-defunct company called Swift Unlocks, which advertised phone-unlocking services for consumers. Accordingly, Fahd was ordered to pay that back as restitution, along with his prison sentence.Ī 2015 lawsuit by AT&T against the implicated call-center workers elaborated a bit on the gambit. AT&T’s forensic analysis showed that in all, 1.9 million phones were unlocked, costing AT&T $200 million in potential cellular telephone subscriptions. Of course, this kind of access could have been used for different kinds of cyberattacks, such as ransomware or wide-scale espionage efforts, but Fahd’s only goal seemed to be the mobile phone heist. Fahd provided the information to his malware developer, so the developer could tailor the malware to work on AT&T’s computers.”
#ATT UNLOCK CODE INSTALL#
“Fahd also had the employees install malware on AT&T’s computers that captured information about AT&T’s computer system and the network access credentials of other AT&T employees. “At Fahd’s request, the employees provided confidential information to Fahd about AT&T’s computer system and unlocking procedures to assist in this process,” according to the sentencing documents.
#ATT UNLOCK CODE SOFTWARE#
Undeterred, Fahd hired a software developer to design malware that would allow him to “unlock phones more efficiently and in larger numbers.” The malware was installed in stealth on AT&T’s own networks, thanks again to the malicious insiders he had recruited. after AT&T implemented a new unlocking system.
#ATT UNLOCK CODE HOW TO#
He also gave instructions on how to launder the bribery money: “Fahd instructed the recruited employees to set up fake businesses and bank accounts for those businesses, to receive payments and to create fictitious invoices for every deposit made into the fake businesses’ bank accounts to create the appearance that the money was payment for genuine services,” according to the DoJ.Ībout a year later, in the spring of 2013, things got a little tougher for Fahd & Co. It all started in the summer of 2012, when Fahd targeted an AT&T employee through Facebook using the alias “Frank Zhang,” He offered the employee “significant sums of money” in return for taking part in his scheme, and asked the person to recruit other AT&T employees to the ring as well. “Unlocking a phone effectively removes it from AT&T’s network, thereby allowing the account holder to avoid having to pay AT&T for service or to make any payments for purchase of the phone,” it said. In all, the 35-year-old Fahd effectively defrauded AT&T out of more than $200 million in lost subscription fees after divorcing nearly 2 million mobile phones from the carrier, the DoJ explained. And then later, Fahd asked his accomplices in the call center to install custom malware and “hacking tools that allowed him to unlock phones remotely from Pakistan,” according to court documents. He and his now-deceased co-conspirator bribed employees to first use their AT&T credentials to sever phones from the AT&T network for customers who were still under contract - meaning those customers could take their newly independent phones to another service.
The perp, one Muhammad Fahd of Pakistan and Grenada, was convicted of grooming AT&T employees at a Bothell, Wash. The ringleader of a seven-year phone-unlocking and malware scheme will head to the clink for 12 years, according to the Department of Justice, after effectively compromising AT&T’s internal networks to install credential-thieving malware.