WASHINGTON: A US court has sentenced a Pakistani to 12 years in prison for illegally unlocking mobile phones, which caused an American Company — AT&T — to lose $200 million.

According to the US Attorney’s Office in Seattle, Mohammad Fahd, 35, of Karachi played a “leadership role in a seven-year scheme to unlawfully unlock phones to defraud AT&T”.

AT&T’s forensic analysis, quoted in the official statement, shows that Fahd and his co-conspirator unlocked as many as 1,900,033 phones. This caused the company to lose $201,497,430 and 94 cents in seven years.

At the sentencing hearing, US District Judge Robert S. Lasnik noted that Fahd had committed a “terrible cybercrime over an extended period”, even after he was aware that law enforcement was monitoring him.

Fahd began his scam in 2012 and conspired with others to recruit AT&T employees at a call centre located in Bothell, Washington, to unlock large numbers of cellular phones for profit.

Fahd unlawfully unlocked phones to defraud AT&T

Fahd recruited and bribed AT&T employees to use their AT&T credentials to unlock phones for ineligible customers. Later, Fahd had bribed employees to install custom malware and hacking tools that allowed him to unlock phones remotely from Pakistan. In September 2020, he pleaded guilty to conspiracy to commit wire fraud.

“This defendant is a modern-day cybercriminal who combined his technological expertise with old-school techniques such as bribery, intimidation, and exploitation to run a criminal organisation causing $200 million in losses,” said Acting US Attorney Tessa M. Gorman.

“And the damage was not just financial. Sadly, he persuaded and pressured young people into engaging in criminal conduct, spreading the damage of his greedy scheme to others.”

Cellular phones cost hundreds of dollars but American companies subsidise the purchase cost if customers buy their service as well. The companies also offer phones to potential customers under installment plans. Unlocking a phone effectively removes it from a network, allowing the account holder to go to a cheaper service provider without paying the instalments and other charges included in the contract.

A statement released by the Seattle attorney’s office, between June and July 2012, Fahd contacted an AT&T employee through Facebook, using the alias “Frank Zhang”. He offered the employee significant sums of money if the employee would help him secretly unlock phones at AT&T.

Fahd also asked the employee to recruit other AT&T employees to help with the unauthorised unlocks.

“Fahd needed additional AT&T employees to join the scheme, because he wanted someone to be always available to expand his ability to do unauthorised unlocks,” the attorney’s office said.

Fahd also instructed the recruited employees to set up fake businesses, and bank accounts to receive payments. He urged them to make fictitious invoices for every deposit made into the fake businesses’ bank accounts to create the appearance that the money was payment for genuine services.

In the spring of 2013, AT&T implemented a new unlocking system that made it more difficult for the bribed employees to unlock phones for Fahd. In response, Fahd hired a software developer to design malware that could be installed without authorisation on AT&T’s computer system to unlock phones more efficiently and in larger numbers.

At Fahd’s request, the employees provided confidential information to him about AT&T’s computer system and unlocking procedures to assist in this process.

Fahd also had the employees install malware on AT&T’s computers that captured information about AT&T’s computer system and the network access credentials of other AT&T employees. Fahd provided the information to his malware developer, so the developer could tailor the malware to work on AT&T’s computers.

Judge Lasnik ordered restitution of $200,620,698. The difference between this amount and the total loss reflects restitution ordered against bribed AT&T employees in related prosecutions.

Fahd was indicted in 2017 and arrested in Hong Kong in 2018. He was extradited and appeared in US District Court in Seattle in August 2019. He pleaded guilty to conspiracy to commit wire fraud in September 2020.

Published in Dawn, September 21st, 2021