AT&T Employees Took Bribes To Plant Malware On Company's Network

from the ill-communication dept

The DOJ this week announced that AT&T employees have been paid more than $1 million in bribes to unlock millions of smartphones, and to install malware and unauthorized hardware on the company's network. According to the full DOJ complaint (pdf), Muhammad Fahd, a 34-year-old man from Pakistan and a (presumed dead) co-conspirator, Ghulam Jiwani, paid off AT&T employees at the company's Mobility Customer Care call center in Bothell, Washington. In return, from April 2012 until September 2017, the two men unlocked iPhones so they could be used on another carrier's network.

Worse, the bribed employees happily installed malware and keyloggers providing broad access to the AT&T network. That includes keyloggers intended to gather data on AT&T's internal systems and processes:

The DOJ said Fahd and his co-conspirator then created a second malware strain that leveraged the information acquired through the first. This second malware used AT&T employee credentials to perform automated actions on AT&T's internal application to unlock phone's at Fahd's behest, without needing to interact with AT&T employees every time. In November 2014, as Fahd began having problems controlling this malware, the DOJ said he also bribed AT&T employees to install rogue wireless access points inside AT&T's Bothell call center. These devices helped Fahd with gaining access to AT&T internal apps and network, and continue the rogue phone unlocking scheme.

Carriers have had a bit of a problem with rogue employees being bribed. Similar tactics have been used by hackers engaged in "SIM hijacking," which involves posing as a wireless customer, then fooling a wireless carrier to port the victim's cell phone number right out from underneath them, letting the attacker then pose as the customer to potentially devastating effect. Both AT&T and T-Mobile have subsequently been sued after instances where SIM hijacking then lead to identity and cryptocurrency theft, though both companies have been busy trying to dodge culpability for failing to keep consumer data secure.

The DOJ notes that one AT&T employee received more than $428,500 in bribes over a five year period. And the operators of the scam appear to have been focused on running an illegal phone unlocking ring via a number of bogus companies including Endless Trading FZE, Endless Connections Inc., and iDevelopment. Fahd was arrested in Hong Kong in February 2018, and extradited to the US last week. AT&T, meanwhile, states that it lost upwards of $5 million in revenue annually as the result of the unlocking scheme. The DOJ does not detail the width and scope of the private data accessed via the malware planted by the duo.

Granted while the DOJ and government regulators were quick to run to AT&T's assistance in this instance, they've been far more hesitant to police AT&T's own, direct role in failing to secure customers' private data. No action has been taken (nor criticism levied) against AT&T for failing to police both SIM hijacking scams being run on its own customers, nor has any agency taken action against revelations that AT&T and other mobile carriers spent years selling private customer location data to a universe of shady middlemen.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bribes, doj, ghulam jiwani, muhammad fahd, security
Companies: at&t