On Monday, the U.S. Department of Justice (DOJ) indicted Pakistani man Muhammad Fahd for subverting AT&T’s network as part of a criminal conspiracy. The DOJ accuses Fahd of hacking the carrier’s network to unlock more than 2 million handsets illegally. Moreover, the agency alleges the 34-year-old paid AT&T workers hundreds of thousands of dollars to facilitate his operation.
The DOJ initially filed charges against Fahd in 2017 but didn’t place him under arrest until 2018. The U.S. Secret Service Electronic Crimes Task Force took custody of the suspect after extraditing him from Hong Kong on August 2. The foreign national faces up to 20 years in prison if convicted on all 14 federal charges he’s facing.
How the Scam Worked
According to the DOJ, Fahd maintained an elaborate criminal operation that involved compromising the AT&T network from 2012 to 2017. To facilitate his crimes, the suspect allegedly bribed some of the carrier’s call center workers to unlock specific international mobile equipment identity (IMEI) numbers. Consequently, the owner of the handset connected to the unlocked IMEI could take their phone to another provider.
AT&T unlocks its customers’ phones, but only after they fulfill the financial terms of their contracts. Fahd allegedly subverted that process by fraudulently unlocking handset owners’ devices early for a fee. As such, the DOJ argues he deprived the telecommunications company of millions of dollars.
The DOJ’s filing indicates Fahd’s operation was incredibly lucrative. The suspect allegedly paid his co-conspirators quite well to betray the company. Indeed, the agency accuses the Pakistani citizen of paying one AT&T staffer $428,500 over five years to commit fraud.
Furthermore, the organization accuses Fahd of establishing a rather baroque criminal operation. To evade detection, the suspect allegedly created a series of front companies to facilitate contact between himself and his co-conspirators. After joining his criminal enterprise, he instructed the AT&T staffers to set up their own dummy corporations to receive payments.
Fraud Becomes Cyber-Attack
Like an ambitious Silicon Valley founder, Fahd allegedly came up a with software solution to optimize an analog business model. In addition to tasking his co-conspirators with manually unlocking AT&T IMEIs, the suspect is accused of using malware to automate the process.
The DOJ states Fahd paid his subordinates to install malicious software onto the wireless carrier’s computer network. The agency said the programs scanned AT&T systems and provided the suspect with information on how its proprietary systems functioned. With that data, Fahd allegedly created additional malware to allow an operator to submit IMEI requests remotely.
Also, the agency states the suspect had his cohorts install unauthorized computer hardware in AT&T facilities. Once operational, the components allegedly allowed Fahd to unlock corporate-owned handsets automatically. The telecommunications corporation told Ars Technica the conspirators never gained access to customer data.
Accordingly, the DOJ indicted Fahd on changes of committing fraud, compromising a computer to commit fraud, and for multiple Travel Act violations.
The Electronic Crimes Task Force already arrested three of Fahd’s alleged co-conspirators who worked at a Bothell, Washington call center. The trio pled guilty to their crimes and are now awaiting sentencing on November 1.