A DOJ case opened against Muhammad Fahd, 34, from Pakistan, and his co-conspirator, Ghulam Jiwani, believed to be dead, says that the pair paid AT&T employees at company's Mobility Customer Care call centre in Bothell, Washington more than a million dollars.
The bribery scheme lasted from at least April 2012 until September 2017. Initially, the two Pakistani men bribed AT&T employees to unlock expensive iPhones so they could be used outside AT&T's network.
Employees received lists of IMEI phone codes which they had to unlock for cash. Employees would then receive bribes in their bank accounts, in shell companies they created, or as cash, from the two Pakistani men.
This initial stage of the scheme lasted funtil April 2013, when several employees left or were fired by AT&T.
Fahd changed tactics and started bribing AT&T employees to install a keylogger on at the Bothell call centre. Between April and October 2013, this initial malware collected data on how AT&T infrastructure worked.
This gave Fahd the ability "to gather confidential and proprietary information regarding the structure and functioning of AT&T's internal protected computers and applications".
The DOJ said Fahd and his co-conspirator then created a second malware strain that used the information acquired through the first. This second malware used AT&T employee credentials to perform automated actions on AT&T's internal application to unlock iPhones at will.
In November 2014, as Fahd began having problems controlling this malware, the DOJ said he also bribed AT&T employees to install rogue wireless access points inside AT&T's Bothell call centre.
These devices helped Fahd to gain access to AT&T internal apps and network and continue the rogue phone unlocking scheme.
One AT&T employee made $428,500
The DOJ claims Fahd and Jiwani paid more than $1 million in bribes to AT&T employees, and successfully unlocked more than two million devices, most of which were iPhones. One AT&T employee received more than $428,500 in bribes over five years, investigators said.
Fahd was arrested in Hong Kong in February 2018, and extradited to the US on August 2, last week. He now faces a litany of charges that may send him behind bars for up to 20 years.
AT&T estimated it lost revenue of more than $5 million/year from Fahd's phone unlocking scheme.