AT&T Employees Took Bribes To Plant Malware On Company's Network

from the ill-communication dept

The DOJ this week announced that AT&T employees have been paid more than $1 million in bribes to unlock millions of smartphones, and to install malware and unauthorized hardware on the company's network. According to the full DOJ complaint (pdf), Muhammad Fahd, a 34-year-old man from Pakistan and a (presumed dead) co-conspirator, Ghulam Jiwani, paid off AT&T employees at the company's Mobility Customer Care call center in Bothell, Washington. In return, from April 2012 until September 2017, the two men unlocked iPhones so they could be used on another carrier's network.

Worse, the bribed employees happily installed malware and keyloggers providing broad access to the AT&T network. That includes keyloggers intended to gather data on AT&T's internal systems and processes:

The DOJ said Fahd and his co-conspirator then created a second malware strain that leveraged the information acquired through the first. This second malware used AT&T employee credentials to perform automated actions on AT&T's internal application to unlock phone's at Fahd's behest, without needing to interact with AT&T employees every time. In November 2014, as Fahd began having problems controlling this malware, the DOJ said he also bribed AT&T employees to install rogue wireless access points inside AT&T's Bothell call center. These devices helped Fahd with gaining access to AT&T internal apps and network, and continue the rogue phone unlocking scheme.

Carriers have had a bit of a problem with rogue employees being bribed. Similar tactics have been used by hackers engaged in "SIM hijacking," which involves posing as a wireless customer, then fooling a wireless carrier to port the victim's cell phone number right out from underneath them, letting the attacker then pose as the customer to potentially devastating effect. Both AT&T and T-Mobile have subsequently been sued after instances where SIM hijacking then lead to identity and cryptocurrency theft, though both companies have been busy trying to dodge culpability for failing to keep consumer data secure.

The DOJ notes that one AT&T employee received more than $428,500 in bribes over a five year period. And the operators of the scam appear to have been focused on running an illegal phone unlocking ring via a number of bogus companies including Endless Trading FZE, Endless Connections Inc., and iDevelopment. Fahd was arrested in Hong Kong in February 2018, and extradited to the US last week. AT&T, meanwhile, states that it lost upwards of $5 million in revenue annually as the result of the unlocking scheme. The DOJ does not detail the width and scope of the private data accessed via the malware planted by the duo.

Granted while the DOJ and government regulators were quick to run to AT&T's assistance in this instance, they've been far more hesitant to police AT&T's own, direct role in failing to secure customers' private data. No action has been taken (nor criticism levied) against AT&T for failing to police both SIM hijacking scams being run on its own customers, nor has any agency taken action against revelations that AT&T and other mobile carriers spent years selling private customer location data to a universe of shady middlemen.

Filed Under: bribes, doj, ghulam jiwani, muhammad fahd, security
Companies: at&t


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    That Anonymous Coward (profile), 9 Aug 2019 @ 3:53am

    Well they watched all the money the top brass were earning allowing the NSA to deploy malware & compromise the network, so why not get your own side hustle?

    Oh noes they unlocked phones!!!
    Seems a bit less of a problem then sim swapping people to steal, or selling location data to anyone with the cash...

    But then the Government is here to protect our corporate overlords while pretending they protect us.

    reply to this | link to this | view in thread ]

  2. identicon
    bonjour madam, 9 Aug 2019 @ 5:01am

    i have already paid why am i the product?

    See that is the problem with this little rort from at and t.
    i have already paid for my connection and its expensive but they now make more money by compromising my life and person. DOJ should be all over this but no, think of the money instead.

    reply to this | link to this | view in thread ]

  3. icon
    DannyB (profile), 9 Aug 2019 @ 5:57am

    At least AT&T isn't planting malware for free

    It would be a crime if AT&T planted malware.

    But if they are making a profit for doing so, for another party, then it is commerce, and therefore it must be perfectly okay, right?

    AT&T's malware for bribes is an important topic to be disgust.

    reply to this | link to this | view in thread ]

  4. identicon
    Anonymous Coward, 9 Aug 2019 @ 9:26am

    Why the gratuitous final paragraph? It is irrelevant to the story.

    reply to this | link to this | view in thread ]

  5. identicon
    Anonymous Coward, 9 Aug 2019 @ 9:38am

    Where's Poochie?

    AT&T, ladies and gentlemen. The corporation that can do no wrong by out_of_the_blue's book - and no surprise why!

    reply to this | link to this | view in thread ]

  6. icon
    ECA (profile), 9 Aug 2019 @ 1:13pm

    WOW..

    How advanced of a system do you need?
    This is so funny.
    Anyone with abit of programming can Inject into a system, and no sysop/admin notices? or the system never told anyone about it??

    And Apple phones dont have AV programs?? I thought we taught them about that Problem Long ago..

    reply to this | link to this | view in thread ]

  7. identicon
    Seasoned Seattle Tech worker, 9 Aug 2019 @ 5:58pm

    Meanwhile, Microsoft is obsessed with employees viewing porn

    This is very interesting that employees can do significant harm to AT&T and other carriers.

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.