by Karl Bode, techdirt
The DOJ recently announced that AT&T employees have been paid more than $1 million in bribes to unlock millions of smartphones, and to install malware and unauthorized hardware on the company’s network. According to the full DOJ complaint (pdf), Muhammad Fahd, a 34 year-old man from Pakistan and a (presumed dead) co-conspirator, Ghulam Jiwani, paid off AT&T employees at the company’s Mobility Customer Care call center in Bothell, Washington. In return, from April 2012 until September 2017, the two men unlocked iPhones so they could be used on another carrier’s network.
Worse, the bribed employees happily installed malware and keyloggers providing broad access to the AT&T network. That includes keyloggers intended to gather data on AT&T’s internal systems and processes:
“The DOJ said Fahd and his co-conspirator then created a second malware strain that leveraged the information acquired through the first. This second malware used AT&T employee credentials to perform automated actions on AT&T’s internal application to unlock phone’s at Fahd’s behest, without needing to interact with AT&T employees every time. In November 2014, as Fahd began having problems controlling this malware, the DOJ said he also bribed AT&T employees to install rogue wireless access points inside AT&T’s Bothell call center. These devices helped Fahd with gaining access to AT&T internal apps and network, and continue the rogue phone unlocking scheme.”
© 2019 techdirt