AT&T lets itself get bribed. The result - notorious malware on the network

Pakistani man accused of bribing AT&T employees

AT&T lets itself get bribed. Result: notorious malware on the networkTwo Pakistanis bribe AT&T employees to inject malware and unlock phones

News about AT&T taking bribes has fastly flown around the web. As it has been reported, it all started in April 2012 and took action until September 2017. During this period, a cybercriminal from Pakistan offered bribes to some AT&T employers in exchange to getting the possibility to unlock iPhones and use them outside the company's network system or install malware on the network.[1] All of this information was first provided by the United States Department of Justice that has accused the criminal from Pakistan guilty for his actions.

It appears that the main suspect is a 34-year old man named Muhammad Fahd, also recognized as Frank Zhang. He, together with his co-conspirator Ghulam Jiwani,[2] were responsible for three businesses – iDevelopment, Connections Inc., Endless Trading FZE. They won't be able to run these companies anymore as Muhammad Fahd has already been arrested in February, last year, and, according to the pressed charges, is facing 20 years behind the bars.

According to the incrimination note, these two men have spent over $1 million to bribe AT&T. The action took place at the Mobility Customer Care call point in Washington:[3]

Beginning at a date unknown, but no later than April 2012, and continuing through in or about September 2017, at Bothell, within the Western District of Washington, and elsewhere, MUHAMMAD DAH, aka Frank Zhang, GHULAM JIWANI, and other known and unknown to the Grand Jury, did knowingly and intentionally, agree and conspire to device and execute and attempt to execute, a scheme and artifice to defraud, and for obtaining money and property by means of materially false and fraudulent pretenses, representations, and promises; and in executing and attempting to execute this scheme and artifice, to knowingly cause to be transmitted in interstate and foreign commerce, by means of wire communication, certain signs, signals and sounds as further described below, in violation of Title 18, United States Code, Section 1343.

The main goal was to inject malware used to spy on the company's inner processes

The two criminals who decided to bribe AT&T managed to make contact with its employees via telephone or by sending Facebook messages. Also, it is known that some email communication was performed via the email address. Those who were seduced by the offer got the money transferred to their bank accounts or in cash. In exchange, the employees had to encode some mobile phone IMEIs for the crooks.[4]

On April 2013, a lot of employees left the company or were forced to leave, so the activity was forced to stop. This time, criminals renewed their bribing, but for different and even more malicious purposes. Now the crooks decided to convince the AT&T employees to take the money and let them install a piece of malware on AT&T's network.

According to the statement released by the court, the malicious software appeared to be a keylogger which was capable of gathering various sensitive information about the structure and operation principle of the company's machines and software.

AT&T is facing around $5 million losses per year due to the malicious activity

Muhammad Fahd has also generated the malicious component aimed to misuse AT&T workers' credentials to perform independent activities on the company's apps, e.g. unlock mobile phones without a need to repeat the interaction with the organization's employees. Another thing that helped the hacker to access the network and unlock mobile devices was the injection of bogus wireless access points.

Sadly, many of these actions appeared to bring big success for the crooks as the men managed to encode over $2 million phones some of which cost $500, and similar.[5] However, in order to achieve such goal, the criminals needed to transfer a very big amount of money, which is $1 million in total. $428,500 from that million was transferred to just ONE worker from AT&T.[6] Even though the whole group of criminals has already been brought to light, the losses for AT&T still remain unknown. It is believed that it is over $5 million per year.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions