On August 6, the U.S. Department of Justice announced that on August 5, the U.S. District Court for the Western District of Washington unsealed an indictment charging Muhammad Fahd, a Pakistani national, with multiple offenses relating to his leadership of a conspiracy to illegally unlock cellphones for profit. The unsealing of the indictment followed Fahd’s extradition from Hong Kong to the United States on August 2.
The indictment alleges that Fahd, using telephone, Facebook, and other communications channels, contacted and recruited insiders at AT&T, including employees at the AT&T call center in Bethell, Washington, who were willing to take bribes to participate in fraudulently unlocking cellphones. During the course of the conspiracy, which allegedly ran from 2012 to 2017, Fahd and others not connected with AT&T allegedly paid more than $1 million in bribes to AT&T insiders who joined the conspiracy, including one coconspirator who received a total of $428,500.
Fahd allegedly “paid AT&T insiders to use their computer credentials and access to disable AT&T’s proprietary locking software that prevented ineligible phones from being removed from AT&T’s network.” According to the Justice Department, he
would send the employees batches of international mobile equipment identity (IMEI) numbers for cell phones that were not eligible to be removed from AT&T’s network. The employees would then unlock the phones. After some of the co-conspirators were terminated by AT&T, the remaining co-conspirator employees aided Fahd in developing and installing additional tools that would allow Fahd to use the AT&T computers to unlock cell phones from a remote location.
The scheme reportedly “resulted in millions of phones being removed from AT&T service and/or payment plans, costing the company millions of dollars.”
Fahd is charged in 14 counts of the indictment. They include conspiracy to commit wire fraud, conspiracy to violate the Travel Act and the Computer Fraud and Abuse Act, four counts of wire fraud, two counts of accessing a protected computer in furtherance of fraud, two counts of intentional damage to a protected computer, and four counts of violating the Travel Act. To date, three of Fahd’s alleged coconspirators have pleaded guilty, “admitting they were paid thousands of dollars for facilitating Fahd’s fraudulent scheme.”
Note: This case should help anti-bribery and corruption (ABC) and cybersecurity compliance officers to recognize the importance of identifying all internal corporate functions that can pose bribery and corruption risk. Although many would not think of call-center operations as a high-risk function, the allegations in the indictment indicate that the defendant was able, even remotely, to exploit call-center employees’ discretion to unlock phones for their personal profit at the expense of their employer.