AT&T says it lost $5 million a year from illegal unlocking scheme
A man has been accused of paying employees of AT&T over a five-year period to illegally unlock large numbers of iPhones and other devices, an act that is alleged to have cost the carrier an average of around $5 million per year in lost revenue.
Pakistan citizen Muhammad Fahd was charged on Monday on a 14-count federal indictment, including conspiracy to commit wire fraud, conspiracy to violate the Travel Act and the Computer Fraud and Abuse Act, four counts of wire fraud, two counts of accessing a protected computer in furtherance of fraud, two counts of intentional damage to a protected computer, and four counts of violating the Travel Act.
The Department of Justice advised Fahd was arrested on February 4, 2018 in Hong Kong at the request of the United States, but was only extradited on August 2, 2019. The case itself was investigated by the US Secret Service Electronic Crimes Task Force.
The charges stem from a scheme where Fahd and co-conspirators recruited AT&T employees with access to customer accounts, with the aim of unlocking iPhones and other smartphones between 2012 and 2017. AT&T used proprietary locking software, preventing the hardware from being used on another carrier while it was still under contract to the company, something which Fahd sought to disable on devices.
Over the period, Fahd gathered a group of employees within AT&T that had access to systems for unlocking devices. Under the scheme, Fahd would send IMEI numbers to the compromised employees for devices that were not eligible for unlocking through normal channels, such as iPhones that are too new and need to be paid off through fees to the carrier beforehand.
It is claimed Fahd paid thousands of dollars in bribes to employees, with one receiving $428,500 over the course of the five-year scheme. Some early employees were also paid to discover others within AT&T who would be susceptible to a bribe and could join the scheme.
After some of the employees in the scheme were fired by AT&T, the tactics of the group changed to the development of malware to gain direct access to AT&T's systems. Using this access, Fahd was able to make requests for cellphone unlocks remotely.
It is believed Fahd has paid out in excess of $1 million over the five years to his recruits, but the cost to AT&T was far higher. More than 2 million devices were unlocked fraudulently through AT&T, with conservative estimates of losses to the carrier running to roughly $5 million per year of the five years, or $25 million in total.
"This defendant thought he could safely run his bribery and hacking scheme from overseas, making millions of dollars while he induced young workers to choose greed over ethical conduct," said U.S. Attorney Brian T. Moran. "Now he will be held accountable for the fraud and the lives he has derailed."
The charges are punishable by up to 20 years in prison if Fahd is found guilty.
Pakistan citizen Muhammad Fahd was charged on Monday on a 14-count federal indictment, including conspiracy to commit wire fraud, conspiracy to violate the Travel Act and the Computer Fraud and Abuse Act, four counts of wire fraud, two counts of accessing a protected computer in furtherance of fraud, two counts of intentional damage to a protected computer, and four counts of violating the Travel Act.
The Department of Justice advised Fahd was arrested on February 4, 2018 in Hong Kong at the request of the United States, but was only extradited on August 2, 2019. The case itself was investigated by the US Secret Service Electronic Crimes Task Force.
The charges stem from a scheme where Fahd and co-conspirators recruited AT&T employees with access to customer accounts, with the aim of unlocking iPhones and other smartphones between 2012 and 2017. AT&T used proprietary locking software, preventing the hardware from being used on another carrier while it was still under contract to the company, something which Fahd sought to disable on devices.
Over the period, Fahd gathered a group of employees within AT&T that had access to systems for unlocking devices. Under the scheme, Fahd would send IMEI numbers to the compromised employees for devices that were not eligible for unlocking through normal channels, such as iPhones that are too new and need to be paid off through fees to the carrier beforehand.
It is claimed Fahd paid thousands of dollars in bribes to employees, with one receiving $428,500 over the course of the five-year scheme. Some early employees were also paid to discover others within AT&T who would be susceptible to a bribe and could join the scheme.
After some of the employees in the scheme were fired by AT&T, the tactics of the group changed to the development of malware to gain direct access to AT&T's systems. Using this access, Fahd was able to make requests for cellphone unlocks remotely.
It is believed Fahd has paid out in excess of $1 million over the five years to his recruits, but the cost to AT&T was far higher. More than 2 million devices were unlocked fraudulently through AT&T, with conservative estimates of losses to the carrier running to roughly $5 million per year of the five years, or $25 million in total.
"This defendant thought he could safely run his bribery and hacking scheme from overseas, making millions of dollars while he induced young workers to choose greed over ethical conduct," said U.S. Attorney Brian T. Moran. "Now he will be held accountable for the fraud and the lives he has derailed."
The charges are punishable by up to 20 years in prison if Fahd is found guilty.
Case 2 17 Cr 00290 RSL Fahd Indictment by Mike Wuerthele on Scribd
Comments
(To be fair, I have only had AT&T unlock a phone one time and it was pretty easy for me, though I have heard many stories where they did not make the process easy when a phone was clearly eligible to be unlocked)
In both cases they said it could take 24 to 72 hours to unlock and but they happen in 5 or 10 minutes. I never had the issues most people complained about. I think this could be due to the fact all the phones I unlocked were never under contract with AT&T. Many years ago we stop doing the so called free upgrades with AT&T we either bought them outright or financed them through Apple when Apple started to offer this service.
That said, phones should not be permitted to be locked to a carrier. If the person signs an agreement to make monthly payments or gets a discount on the phone for staying with the carrier for a certain term, then the only recourse the carrier should have is to demand payment in full for the phone immediately and any discounts that were given taken back. But people should be able to take a phone to any carrier that it will operate on without any carrier intervention needed.
AT&T is saying two million iPhones & other devices over a five year period.
I find those numbers to be unrealistic.
Well, sorta... Maybe....
Of course, they had the option of saying "No".
Sources: personal experience, a Verizon store manager, and an AT&T assistant manager.
From the iPhone Upgrade Program page on apple.com:
"Works with your carrier.
Also, “You'll be able to pick your carrier, since the device you get will be unlocked and supports 25 LTE bands.” from https://www.tomsguide.com/us/iphone-upgrade-program-faq,news-21583.html
Now Verizon was able to bamboozle the FCC to allow them to start locking devices for 60 days after they are bought new. They claim that they loose money if you buy a device from them and unlock it and leave their service. Presumably because they probably sell devices at a loss and make up the difference in the service. I doubt that happens with an iPhone and more with an android device.
If you buy an older model iPhone new and have no contract with your carrier, and are buying it outright, you should be able to unlock it, if it is locked.
If you buy your iPhones from an Apple store, they should be able to tell you if the device is locked or not before you leave the store.
PS. Even though the EU requires the carriers to sell you unlocked phones doesn’t always mean that they come that way. Some used to only unlock them if you ask them, not automatically.