Gets 12 Years For AT&T Hacking Scheme
September 17, 2021
Overall loss to AT&T estimated at
more than $200 million
A resident of Pakistan was sentenced today in the Western
District of Washington to 12 years in prison for his leadership
role in a seven-year scheme to unlawfully unlock phones to
defraud AT&T Inc. (AT&T). At the sentencing hearing U.S.
District Judge Robert S. Lasnik noted that Fahd had committed a
ďterrible cybercrime over an extended period,Ē even after he was
aware that law enforcement was investigating.
Beginning in 2012, Muhammad Fahd, 35, conspired with others to
recruit AT&T employees at a call center located in Bothell,
Washington, to unlock large numbers of cellular phones for
profit. Fahd recruited and bribed AT&T employees to use their
AT&T credentials to unlock phones for ineligible customers.
Later in the conspiracy, Fahd had the bribed employees install
custom malware and hacking tools that allowed him to unlock
phones remotely from Pakistan. In September 2020, he pleaded
guilty to conspiracy to commit wire fraud.
ďThis defendant is a modern-day cybercriminal who combined his
technological expertise with old-school techniques such as
bribery, intimidation, and exploitation to run a criminal
organization causing $200 million in losses,Ē said Acting U.S.
Attorney Tessa M. Gorman. ďAnd the damage was not just
financial. Sadly, he persuaded and pressured young people into
engaging in criminal conduct, spreading the damage of his greedy
scheme to others.Ē
Cellular phones such as iPhones cost hundreds of dollars. To
make the phones more affordable, during the relevant time, AT&T
subsidized the purchase cost of phones or sold phones to
customers under installment plans. Unlocking a phone effectively
removes it from AT&Tís network, thereby allowing the account
holder to avoid having to pay AT&T for service or to make any
payments for purchase of the phone.
According to records filed in the case, in approximately June or
July of 2012, using the alias ďFrank Zhang,Ē Fahd contacted an
AT & T employee through Facebook. Fahd offered the employee
significant sums of money if the employee would help Fahd
secretly unlock phones at AT&T. Fahd also asked the employee to
recruit other AT&T employees to help with the unauthorized
unlocks. Fahd needed additional AT&T employees to join the
scheme, because Fahd wanted someone to be always available to
expand his ability to do unauthorized unlocks.
Fahd also instructed the recruited employees to set up fake
businesses, and bank accounts for those businesses, to receive
payments, and to create fictitious invoices for every deposit
made into the fake businessesí bank accounts to create the
appearance that the money was payment for genuine services.
In the spring of 2013, AT&T implemented a new unlocking system
that made it more difficult for the bribed employees to unlock
IMEIs for Fahd. In response, Fahd hired a software developer to
design malware that could be installed without authorization on
AT&Tís computer system to unlock phones more efficiently and in
larger numbers. At Fahdís request, the employees provided
confidential information to Fahd about AT&Tís computer system
and unlocking procedures to assist in this process. Fahd also
had the employees install malware on AT&Tís computers that
captured information about AT&Tís computer system and the
network access credentials of other AT&T employees. Fahd
provided the information to his malware developer, so the
developer could tailor the malware to work on AT&Tís computers.
AT&Tís forensic analysis shows the total number of cellular
telephones fraudulently unlocked by members of the scheme was
1,900,033 phones. AT&T has further determined that the loss it
suffered because customers, whose cellular phones were illegally
unlocked, failed to complete payments for their cellular
telephones was $201,497,430.94.
Lasnik ordered restitution of $200,620,698. (The difference
between this amount and the total loss reflects restitution
ordered against bribed AT&T employees in related prosecutions.)
Fahd was indicted in 2017, and arrested in Hong Kong in 2018. He
was extradited and appeared in U.S. District Court in Seattle in
August 2019. He pleaded guilty to conspiracy to commit wire
fraud in September 2020.
This case is the result of an investigation conducted by the
Seattle field office of the United States Secret Service,
IRS-CI, and the U.S. Department of Justice. The Justice
Departmentís Office of International Affairs provided
This case was prosecuted by Assistant U.S. Attorneys Andrew
Friedman and Francis Franze-Nakamura of the Western District of
Washington, and Senior Counsel Anthony Teelucksingh of the
Criminal Divisionís Computer Crime and Intellectual Property