AT&T employees took over $1 million in bribes to plant malware and unlock millions of smartphones: DOJ

by
Xeni Jardin
from on (#4MRAH)
Story Image

This is quite the 'insider threat' case.

The Department of Justice is charging a Pakistani man with bribing AT&T employees more than $1 million dollars to install malware on the company's network, and to install illegal hardware inside AT&T, in a scheme that unlocked more than 2 million mobile devices on the AT&T network.

Perhaps yours.

Read more about the case in the DOJ's announcement here.

Leader of conspiracy to illegally unlock cell phones for profit extradited from Hong Kong -- Allegedly bribed workers at AT&T's Bothell, WA Customer Service Center to plant malware and illegally unlock cell phones https://t.co/UX0v0twWRf

- WDWAnews (@WDWAnews) August 5, 2019

Fast Company tech editor Harry McCracken nails it: "If AT&T employees were willing to do this for bribes, it makes you wonder what else they might have done."

DOJ says AT&T employees took the bribes from Muhammad Fahd, a 34-year-old man from Pakistan, and his co-conspirator, Ghulam Jiwani, who is believed to be dead.

The two men are charged with paying more than $1 million in bribes to several employees at AT&T's Mobility Customer Care call center in Bothell, Washington.

One AT&T employee made $428,500 in the criminal scheme, DOJ charges.

Catalin Cimpanu at ZDNet reports:

Between April and October 2013, this initial malware collected data on how AT&T infrastructure worked.

According to court documents unsealed yesterday, this malware appears to be a keylogger, having the ability "to gather confidential and proprietary information regarding the structure and functioning of AT&T's internal protected computers and applications.

The DOJ said Fahd and his co-conspirator then created a second malware strain that leveraged the information acquired through the first. This second malware used AT&T employee credentials to perform automated actions on AT&T's internal application to unlock phone's at Fahd's behest, without needing to interact with AT&T employees every time.

In November 2014, as Fahd began having problems controlling this malware, the DOJ said he also bribed AT&T employees to install rogue wireless access points inside AT&T's Bothell call center. These devices helped Fahd with gaining access to AT&T internal apps and network, and continue the rogue phone unlocking scheme.

READ MORE:

AT&T employees took bribes to plant malware on the company's network [ZDNet]

Leader of Conspiracy to Illegally Unlock Cell Phones for Profit Extradited from Hong Kong [justice.gov]

From Twitter, below.

If AT&T employees were willing to do this for bribes, it makes you wonder what else they might have done. https://t.co/oZpJ5WDwnp

- Harry McCracken (@harrymccracken) August 6, 2019

Do you have "criminals bribe some of your employees into putting malware in your stuff" in your threat model? https://t.co/7oLSU5O5SI

- Ted (@TedOnPrivacy) August 6, 2019

I don't know that anyone is surprised @ATT allowed this to happen. https://t.co/RKKyCZCWmp

- Robert Stephens (@rstephens) August 6, 2019

Another insider threat case study: extradition & indictment of guy who made millions bribing AT&T employees to release phones from contracts and to install malware enabling same. He was able to recruit multiple employees, even after some were caught:
https://t.co/cGVhIeKhzs

- Bobby Chesney (@BobbyChesney) August 6, 2019

[via techmeme]

External Content
Source RSS or Atom Feed
Feed Location https://boingboing.net/feed
Feed Title
Feed Link https://boingboing.net/
Reply 0 comments