When Congress legalized phone unlocking in 2014, they added a bunch of carve-outs that let phone companies veto your attempt to unlock your phone, with the big one being that you couldn't unlock your phone while you were still in a contract that provided it to you at a reduced price.
That meant that you couldn't (for example) unlock your phone so you could use it with a foreign SIM while traveling, or simply continue to pay your bill to the company that sold you the phone while using another company's SIM to get cheaper data or some other desirable service.
This created a black market in unauthorized phone unlocking.
The DOJ has just indicted Muhammad Fahd and extradited him from Hong Kong, claiming that he paid out $420,000 to AT&T employees in a five-year fraud operation that resulted in his unlocking of millions of phones.
The indictment says that Fahd systematized his operation, paying insiders to install malware and compromised routers that let him have the run of AT&T's network so he could unlock phones on his own. These insiders have pleaded guilty and are apparently going to give testimony against Fahd.
The DOJ estimates that, in total, his actions cost AT&T millions of dollars in lost revenue as phones were transferred off its network. Forbes reports that Fahd would take payments from customers who were looking to unlock their phones and leave AT&T's network. He would make payments to his AT&T contacts via a series of front companies after initially approaching them over Facebook Messenger or via a telephone call. Three of these insiders have already pleaded guilty to being paid to participate in the scheme.
Hacker paid AT&T employees thousands of dollars to unlock millions of phones, DOJ claims
[Jon Porter/The Verge]