Pakistan man accused of bribing AT&T employees to unlock millions of phones by installing malware on the company’s network; faces 20 years in prison

A 34-year old Pakistani man, Muhammad Fahd, has been accused of paying AT&T employees over a million dollars over the course of five years to unlock 2 millions of phones by installing malware on the company’s network. If found guilty, Fahd faces up to 20 years in prison for multiple charges, including several counts of of committing wire fraud, conspiracy to violate the Travel Act and the Computer Fraud and Abuse Act.

The Department of Justice (DOJ) said yesterday that the U.S. has extradited a Pakistani man from Hong Kong and accused him of bribing AT&T employees to unlock more than 2 million cellphones. Fahd was arrested in Hong Kong on February 4, 2018, at the request of the United States, and was extradited to the U.S. on Friday August 2, 2019. Three former AT&T employees have pleaded guilty to taking part in the scheme and are cooperating with the government, according to court documents.

According to the indictment, between 2012 and 2017, FAHD recruited various AT&T employees to the conspiracy. Some early recruits were paid to identify other employees who could be bribed and convinced to join the scheme. So far, three of those coconspirators have pleaded guilty admitting they were paid thousands of dollars for facilitating FAHD’s fraudulent scheme.

At first, FAHD allegedly would send the employees batches of international mobile equipment identity (IMEI) numbers for cell phones that were not eligible to be removed from AT&T’s network. The employees would then unlock the phones. After some of the co-conspirators were terminated by AT&T, the remaining co-conspirator employees aided FAHD in developing and installing additional tools that would allow FAHD to use the AT&T computers to unlock cell phones from a remote location. FAHD and a second co-conspirator, who is now deceased, allegedly delivered bribes to the AT&T employees both in person and via payment systems such as Western Union.

According to court document, the malware appears to be a keylogger, having the ability “to gather confidential and proprietary information regarding the structure and functioning of AT&T’s internal protected computers and applications. Fahd’s alleged scheme started no later than April 2012, according to the indictment, and lasted about five years.

“This defendant thought he could safely run his bribery and hacking scheme from overseas, making millions of dollars while he induced young workers to choose greed over ethical conduct,” Brian Moran, the U.S. attorney for the Western District of Washington, said in a statement. “Now he will be held accountable for the fraud and the lives he has derailed.”

The case is currently being investigated by the U.S. Secret Service Electronic Crimes Task Force.

“This arrest illustrates what can be achieved when the victim of a cyber attack partners quickly and closely with law enforcement,” said Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division. “When companies that fall prey to malware work with the Department of Justice, no cybercriminal—no matter how sophisticated their scheme—is beyond our reach.”