This is quite the 'insider threat' case.
The Department of Justice is charging a Pakistani man with bribing AT&T employees more than $1 million dollars to install malware on the company's network, and to install illegal hardware inside AT&T, in a scheme that unlocked more than 2 million mobile devices on the AT&T network.
Read more about the case in the DOJ's announcement here.
Leader of conspiracy to illegally unlock cell phones for profit extradited from Hong Kong — Allegedly bribed workers at AT&T's Bothell, WA Customer Service Center to plant malware and illegally unlock cell phones https://t.co/UX0v0twWRf
— WDWAnews (@WDWAnews) August 5, 2019
DOJ says AT&T employees took the bribes from Muhammad Fahd, a 34-year-old man from Pakistan, and his co-conspirator, Ghulam Jiwani, who is believed to be dead.
The two men are charged with paying more than $1 million in bribes to several employees at AT&T's Mobility Customer Care call center in Bothell, Washington.
One AT&T employee made $428,500 in the criminal scheme, DOJ charges.
Catalin Cimpanu at ZDNet reports:
Between April and October 2013, this initial malware collected data on how AT&T infrastructure worked.
According to court documents unsealed yesterday, this malware appears to be a keylogger, having the ability "to gather confidential and proprietary information regarding the structure and functioning of AT&T's internal protected computers and applications.
The DOJ said Fahd and his co-conspirator then created a second malware strain that leveraged the information acquired through the first. This second malware used AT&T employee credentials to perform automated actions on AT&T's internal application to unlock phone's at Fahd's behest, without needing to interact with AT&T employees every time.
In November 2014, as Fahd began having problems controlling this malware, the DOJ said he also bribed AT&T employees to install rogue wireless access points inside AT&T's Bothell call center. These devices helped Fahd with gaining access to AT&T internal apps and network, and continue the rogue phone unlocking scheme.
From Twitter, below.
If AT&T employees were willing to do this for bribes, it makes you wonder what else they might have done. https://t.co/oZpJ5WDwnp
— Harry McCracken (@harrymccracken) August 6, 2019
Do you have "criminals bribe some of your employees into putting malware in your stuff" in your threat model? https://t.co/7oLSU5O5SI
— Ted (@TedOnPrivacy) August 6, 2019
— Robert Stephens (@rstephens) August 6, 2019
Another insider threat case study: extradition & indictment of guy who made millions bribing AT&T employees to release phones from contracts and to install malware enabling same. He was able to recruit multiple employees, even after some were caught:
— Bobby Chesney (@BobbyChesney) August 6, 2019