A 34-year-old Pakistani man has been charged with paying AT&T employees more than $1 million to plant malicious software that make it possible to use iPhones outside AT&T’s controls, the U.S. Department of Justice said Tuesday.
Muhammad Fahd conspired with another man, Ghulam Jiwani, according to a newly unsealed indictment. The scheme, which lasted in some form from April 2012 to September 2017, involved the two men approaching AT&T employees, often through Facebook or by phone, then offering cash in exchange for the employees’ agreement to unlock specific phones, based on their identifying IMEI codes. The scheme unlocked more than 2 million cell phones over the five-year span, prosecutors say.
Unlocked devices are compatible with any cell carrier, depriving “the remaining value of the customer’s service contract and, if applicable, remaining payments under the customer’s installment plan,” according to the indictment.
Fahd, who also went by the name Frank Zhang, operated under a company called Endless Trading FZE. Prosecutors say he paid one employee $428,500 over the time period in question. He was arrested Feb. 4 in Hong Kong and extradited to the U.S. on Aug. 2.
An attorney for Fahd could not be located for comment.
Jiwani, who is now deceased, allegedly made illicit payments via Western Union, and by meeting in person with insiders during trips from Pakistan to the U.S., Dubai, and the United Arab Emirates.
As part of the scheme, Fahd and his insiders allegedly inserted malicious software onto AT&T’s network at a company call center in Bothell, Washington. The hacking tool was capable of collecting confidential and proprietary data about the structure and functioning of AT&T’s digital infrastructure.
“Once the malware was perfected, Muhammad Fahd instructed the insiders to plant the unlocking malware on AT&T’s internal protected computers and to run the unlocking malware while they were at work,” the indictment states. “The unlocking malware used valid AT&T network credentials that belonged to co-conspirators and others, without authorization, to interact with AT&T’s internal protected computer network and process automated unauthorized unlock requests submitted from an external server.”
AT&T discovered the scheme in October 2013 and approached employees it suspected were responsible. When they promptly left the company, Fahd allegedly recruited other insiders who were willing to accept bribes.
“The defendant thought he could safely run his bribery and hacking scheme from overseas, making millions of dollars while he induced young workers to choose greed over ethical conduct,” U.S. Attorney Brian Moran for the Western District of Washington said in a statement.
The indictment is available in full below.