![](\"https:\/\/media.wired.com\/photos\/5d49d6c2b8989800097b9448\/master\/pass\/security_bribery_484555426.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Louise Matsakis| Date: Wed, 07 Aug 2019 20:51:25 +0000<\/strong><\/p>\n A dramatic saga <\/span>that began with a civil lawsuit between AT&T and former employees has resulted in a high-profile arrest. Muhammad Fahd, 34, and his co-conspirators allegedly paid AT&T employees more than $1 million in bribes over five years to install malware and spying devices at their offices in Washington, according to a Department of Justice indictment<\/a> unsealed Monday. Fahd was first arrested in Hong Kong in February 2018, and was extradited to the United States Friday. He is accused of orchestrating an elaborate conspiracy from the other side of the world, designed not to steal sensitive customer data or proprietary information but to illegally \u201cunlock\u201d more than 2 million AT&T cell phones.<\/p>\n The newest iPhones<\/a> and Android smartphones can now cost upwards of $700. To afford them, millions of Americans sign one- or two-year contracts with their mobile carriers, which allows them to pay for their phones in monthly installments. As a protection against theft, carriers \u201clock\u201d the devices, stopping them from being easily sold or used with another mobile network. Customers can request to unlock their phones for valid reasons like traveling overseas, but an ecosystem of shady entities has sprung up that offer to do it without proper authorization. Some claim to carry out the process via technical means, but Fahd and those who worked with him are accused of recruiting AT&T employees to help unlock phones from the inside, paying one worker as much as $428,500 over five years.<\/p>\n The indictment unsealed this week is just the latest development in a case that\u2019s been playing out in US courts for years. In 2015, AT&T filed a civil lawsuit<\/a> against three former employees in connection with a phone unlocking scheme. Kyra Evans, Marc Sapatin, and Nguyen Lam all worked in an AT&T customer call center in Bothell, Washington, where AT&T alleged they unlocked thousands of phones by installing malware on company computers. The lawsuit also named anonymous John Doe defendants who allegedly helped run the operation. According to the lawsuit, AT&T was tipped off to their activity in September 2013, when IT staff noticed a surge in unlock requests, which \u201coccurred within milliseconds of one another, suggesting the use of an automated or scripted process.\u201d The lawsuit was halted a month after it was filed, when some of the defendants learned they were \u201ctargets of a long-running federal criminal investigation\u201d that had already been underway for more than two years<\/em>.<\/p>\n Federal investigators were after more than a handful of call center workers. They were looking for the operation\u2019s leaders. Last fall, Evans, Sapatin, and a third ex-employee not named in the 2015 lawsuit, DeVaughn Woods, reached plea agreements with the US government. All three pleaded guilty to charges connected to their dealings with Fahd, and agreed to testify against him at trial, according to court documents<\/a>. Fahd has now been charged with wire fraud, accessing a protected computer in furtherance of fraud, two counts of intentional damage to a protected computer, and four counts of violating the Travel Act, among other charges. The indictment names another co-conspirator, Ghulam Jiwani, who court documents say passed away while in custody in Hong Kong.<\/p>\n \u201cWe have been working closely with law enforcement since this scheme was uncovered to bring these criminals to justice and are pleased with these developments,\u201d a spokesperson for AT&T said in an email. Lawyers for Fahd, Evans, Lam, Woods, and Sapatin did not immediately respond to requests for comment. The AT&T spokesperson said the company didn\u2019t have anything additional to share about the status of the civil lawsuit.<\/p>\n The Justice Department\u2019s charges describe an elaborate ruse that began in 2012. At first, the indictment alleges, Fahd and Jiwani ran their unlocking business without the use of any fancy technology. Fahd reached out to the AT&T employees on Facebook, over the phone, and through other means, often going by "Frank" or "Frankie." He then offered to pay them for unlocking AT&T devices, which they normally could in response to legitimate customer requests. Fahd instructed them to communicate with him using prepaid cell phones and anonymous email addresses, according to court records. Once they were on board, the workers were given lists of international mobile equipment identity numbers\u2014unique to each device\u2014and told to free the phones from their associated AT&T contract plans. To receive their payments, the AT&T workers were told to set up business banking accounts and fake shell companies. One even traveled to Dubai to accept a bribe, according to the DOJ.<\/p>\n Jiwani and Fahd\u2019s scheme soon grew more complex, according to the indictment. In April 2013, they began asking AT&T employees to install malware on their work computers, which was designed to observe how the company\u2019s network functioned. Using that information, they developed a software program that made it possible to carry out the unlocking process remotely, ostensibly so bribed employees didn\u2019t need to enter each IMEI number manually at their desk. Six months later, Fahd and Jiwani ran into a problem: AT&T had discovered their malware, and several of the employees who were using it subsequently left the company or were fired, including Evans, Sapatin, and Lam. But the hiccup didn\u2019t stop the scam for very long.<\/p>\n Not all of the bribed AT&T employees were apparently caught. Fahd allegedly went on to instruct the remaining workers to install not only malware but also hardware devices, which were used to process unauthorized unlock requests until approximately September 2017. All the while, federal authorities were apparently investigating the criminal activity, according to court documents. In February of 2018, Fahd was finally arrested. He made his first appearance in a Seattle federal court on Monday.<\/p>\n There\u2019s an enormous, global appetite for secondhand smartphones, which are useless if still tethered to years-long contracts with US carriers like AT&T. The DOJ\u2019s indictment provides a glimpse at some of the ways that demand is met. \u201cThe wireless industry has frequently fallen victim to large-scale phone trafficking operations in which illegal operators buy or steal large quantities of phones,\u201d lawyers for AT&T wrote in their original 2015 lawsuit. They \u201cunlock them, and resell them in foreign markets.\u201d<\/p>\n The case is also evidence of a cybersecurity threat that\u2019s proven difficult for wireless carriers to combat: their own customer service employees. Customer service reps need access to sensitive data and tools in order to do their jobs, but they may also be overworked<\/a> and poorly compensated. In a separate case from May, the Department of Justice accused<\/a> two former AT&T contract employees and one Verizon employee of providing customer information in exchange for bribes, which was used to steal victims\u2019 phone numbers<\/a>.<\/p>\n