How this guy illegally unlocked 2 million android and iPhone cell phones

The U.S. Department of Justice (DOJ) announced that a Pakistani citizen has been sentenced to 12 years in prison after being found guilty of bribing employees of the telecommunications company AT&T, causing them to install malware on their computer systems and allowing illegal access to nearly 2 million smartphones, generating huge losses for the company.

Muhamad Fahd, 35, paid more than $1 million in bribes to the company’s employees over the course of nearly a year, acting in complicity with a now-deceased individual to conduct complex fraud operations.

The scammers began working in 2012, contacting some employees at a Washington-based AT&T call center via Facebook. Fahd promised employees large payments of money if they agreed to unlock the phones so they could be sold and used outside the company’s network. To receive his bribes, the defendant mentioned the creation of shell companies and bank accounts under his control.

Fahd recoused the money invested in the bribes by selling a phone unlocking service through, a platform that is currently out of order.

The defendant continued to carry out his fraudulent scheme for a few months, until in April 2013 AT&T implemented a new process for the unlocking of devices, also firing employees who participated in this illegal operation. By then, Fahd had already hired a malware developer looking for a method to evade the company’s security mechanisms, contacting an employee to convince him to install the malicious software.

According to reports, the malware was basically a keylogger, although it is also mentioned that the attack involved the use of a later-stage variant to enable a remote access point. Although the employee did install the malware, the company’s security teams detected malicious activity related to unlocking devices.

AT&T’s investigation concluded that fraud operators unlocked a total of 1,900,000 iPhone and Android smartphones illegally, equivalent to a loss of more than $200 million USD. In addition to being fired, the employees involved will also face legal process.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.