From an Outsider to an Insider
AT&T discovered that from 2012 to 2018 that their own employees took bribes from an outsider and worked against the company.
To begin, news of the attack on AT&T began to make headlines when the Department of Justice released a statement regarding the issue. To summarize, the DOJ charged a Pakistani man for bribing AT&T employees with over one million dollars to unlock customer devices and install malware.
Further, as investigations began, more details emerged about the person responsible. Law enforcement placed Muhammad Fahd, a 34 year old man from Pakistan under arrest earlier this year in Hong Kong. Continuing, officials extradited Fahd this past weekend to the US to face his crimes.
Now, let’s take a look at how Fahd bribed AT&T employees and what they had to do to make their payday.
Starting at the beginning, Fahd and his partner, Ghulam Jiwani used Facebook messages and phone calls to find their insiders. (His partner is now presumed to be deceased.)
After connecting with employees, the bribe amount became established and the work began.
Following the start of the scheme, Fahd used his insider contacts for several tasks. One being recruiting more employees to work for him. Employees that recruited others received additional bribe money. Thus, raising the incentive to create a larger network of people for Fahd.
Next, employees executed several requests made by Fahd. One, unlock smartphones and two, install malware on devices and the AT&T network.
To further explain, the DOJ reported the following. Fahd had employees, “use their computer credentials and access to disable AT&T’s proprietary locking software that prevented ineligible phones from being removed from AT&T’s network”. This is how he was able to gain access to disabled phones.
Fahd’s plans ran from April 2012 to September 2017. During that run, several employees left the company or lost their job and could no longer be of service.
Over those 5 years, over one million dollars were used in the bribing arrangements. AT&T lost roughly four million dollars in revenue due to this scheme.
Alas, the perfect plan couldn’t last forever. Fahd’s arrest led him face charges of “conspiracy to commit wire fraud, conspiracy to violate the Travel Act and the Computer Fraud and Abuse Act, four counts of wire fraud, two counts of accessing a protected computer in furtherance of fraud, two counts of intentional damage to a protected computer, and four counts of violating the Travel Act” (DOJ).
The other employees who stayed the entire time have also been charged for similar crimes, and the DOJ reports that they are pleading guilty to the charges.
Where does AT&T Stand?
To conclude, AT&T reports that they are working with law enforcement to get the situation cleaned up and taken care of.
In the process, they have uncovered other security issues that they are working to correct. Such efforts are to ensure that something like this never happens again.
By Taylor Ritchey
Are you a Capital One card holder? Check out our article on their recent hack that left 106 million customer’s information at risk.