AT&T Phone-Unlocking Malware Ring Costs Carrier $200M

Threat Post - 

With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier’s U.S. network — all the way from Pakistan.

The ringleader of a seven-year phone-unlocking and malware scheme will head to the clink for 12 years, according to the Department of Justice, after effectively compromising AT&T’s internal networks to install credential-thieving malware.

The perp, one Muhammad Fahd of Pakistan and Grenada, was convicted of grooming AT&T employees at a Bothell, Wash. call center to take part in the scam. He and his now-deceased co-conspirator bribed employees to first use their AT&T credentials to sever phones from the AT&T network for customers who were still under contract — meaning those customers could take their newly independent phones to another service. And then later, Fahd asked his accomplices in the call center to install custom malware and “hacking tools that allowed him to unlock phones remotely from Pakistan,” according to court documents.

In all, the 35-year-old Fahd effectively defrauded AT&T out of more than $200 million in lost subscription fees after divorcing nearly 2 million mobile phones from the carrier, the DoJ explained.

Read More: