A Pakistani threat actor was sentenced to 12 years in prison earlier this week after AT&T, the world’s most comprehensive telecommunications company, moreover $200 million after he and his co-collaborator coordinate a seven-year project that led to the attacker’s unlocking of almost 2 million phones.

Throughout this operation, Muhammad Fahd – the scheme leader – bribed multiple AT&T employees to do his commanding, including the unlocking of phones, giving him access to their passwords, and installing the Trojan that gave him remote access to the mobile carrier’s server.

“In the starting of 2012, Fahd 35, further with others to recruit AT&T employees at a call center addressed in Bothell, Washington, to unlock the large numbers of cellular phones for profit,” the Department of Justice (DoJ) said.

“Fahd recruited and corrupted AT&T employees to utilize their AT&T passwords to unlock the phones for unsuitable customers. “Next in the treason, Fahd had the corrupted employees install custom malware and hacking tools that permitted him to unlock phones remotely from Pakistan.”

Malware, Bribes, and Rouge Wireless Access Points

In the mid of the summer of 2021 and April 2013, Fahd recruited AT&T employees as insiders by corrupting them with hundreds of thousands of dollars to remove the carrier’s security that locked cellular phones to its network.

Initiating with April 2013, the threat actors were forced to hire a Trojan developer to create malicious tools after AT&T introduced an advanced unlocking system that prevented corrupt employees from constantly unlocking phones on his behalf.

Once set up on the organization’s network by corrupted employees, the Trojan gathered enough information to create an additional Trojan, which the threat actor utilized to remotely “process dishonest and unauthenticated unlocks requests” from Pakistan.

From November 2014 to September 2017, Fahd and several conspirators also bribed AT&T employees to plant hardware devices (such as wireless access points) on the carrier’s internal network. After this breach, the conspirators gained the access they needed to AT&T’s systems to automate the “process of submitting fraudulent and unauthorized unlock requests.

Completely the scheme, Fahd and his co-conspirators used multiple shell companies to cover up their illegal activity, including Swift Unlocks Inc, Endless Trading FZE (aka Endless Trading FZC), Endless Connections Inc, and iDevelopment Co according to the indictment.

Constant Unlocking Phones Although Informed of Recent Researches

AT&T found that 1,900,033 cellular phones were illegally unlocked by conspirators behind this scheme, resulting in $201,497,430.94 of losses due to lost payments. The company also sued former employees fired after discovering they were bribed into illegally unlocking phones and planting malware and malicious tools on its network.

“We’re attempting losses and injunctive relief from several people who joined in a scheme a couple of years ago to illegally unlock wireless telephones used on our network,” AT&T said in a statement to GeekWire at the time.

“It’s essential to note that this did not involve any improper access from customer information, or any adverse effect on our customers.” Fahd was arrested in Hong Kong in February 2018 and he was extradited to the US in August 2019. He remained in jail until he was sentenced earlier this week to 12 years in prison after pleading to conspiracy to commit wire fraud in September 2020.

“At the sentencing hearing U.S. District Judge Robert S. Lasnik for the Western District of Washington wrote that Fahd had committed a ‘terrible cybercrime above an extensive period,’ even after he was aware that law implementation was investigating,” the DOJ added.