AT&T says it lost $5 million a year from illegal unlocking scheme

Pakistan citizen Muhammad Fahd was charged on Monday on a 14-count federal indictment, including conspiracy to commit wire fraud, conspiracy to violate the Travel Act and the Computer Fraud and Abuse Act, four counts of wire fraud, two counts of accessing a protected computer in furtherance of fraud, two counts of intentional damage to a protected computer, and four counts of violating the Travel Act.

The Department of Justice advised Fahd was arrested on February 4, 2018 in Hong Kong at the request of the United States, but was only extradited on August 2, 2019. The case itself was investigated by the US Secret Service Electronic Crimes Task Force.

The charges stem from a scheme where Fahd and co-conspirators recruited AT&T employees with access to customer accounts, with the aim of unlocking iPhones and other smartphones between 2012 and 2017. AT&T used proprietary locking software, preventing the hardware from being used on another carrier while it was still under contract to the company, something which Fahd sought to disable on devices.

Over the period, Fahd gathered a group of employees within AT&T that had access to systems for unlocking devices. Under the scheme, Fahd would send IMEI numbers to the compromised employees for devices that were not eligible for unlocking through normal channels, such as iPhones that are too new and need to be paid off through fees to the carrier beforehand.

It is claimed Fahd paid thousands of dollars in bribes to employees, with one receiving $428,500 over the course of the five-year scheme. Some early employees were also paid to discover others within AT&T who would be susceptible to a bribe and could join the scheme.

After some of the employees in the scheme were fired by AT&T, the tactics of the group changed to the development of malware to gain direct access to AT&T's systems. Using this access, Fahd was able to make requests for cellphone unlocks remotely.

It is believed Fahd has paid out in excess of $1 million over the five years to his recruits, but the cost to AT&T was far higher. More than 2 million devices were unlocked fraudulently through AT&T, with conservative estimates of losses to the carrier running to roughly $5 million per year of the five years, or $25 million in total.

"This defendant thought he could safely run his bribery and hacking scheme from overseas, making millions of dollars while he induced young workers to choose greed over ethical conduct," said U.S. Attorney Brian T. Moran. "Now he will be held accountable for the fraud and the lives he has derailed."

The charges are punishable by up to 20 years in prison if Fahd is found guilty.