A US district court has sentenced a man who unlocked 1.9 million phones to 12 years in prison. Muhammad Fahd continued to defraud the company even after learning of an investigation against him, according to the Department of Justice. At Fahd's sentencing hearing, Judge Robert S. Lasnik said he committed a “terrible cybercrime over an extended period,” with AT&T said to have lost $201.5 million as a result.
Fahd contacted an AT&T employee through Facebook in 2012 and bribed them to help him unlock customers' phones with "significant sums of money," . Fahd, a citizen of Pakistan and Grenada, urged the employee to recruit co-workers at a Bothell, Washington call center for the scheme too.
The DOJ says the employees unlocked phones for "ineligible customers," who paid Fahd a fee. In spring 2013, AT&T rolled out a system that made it more difficult for the employees to unlock IMEIs. Fahd then recruited an engineer to build malware that would be installed on AT&T's systems to help him unlock phones more efficiently and remotely. The DOJ says the employees gave Fahd details about the company's systems and unlocking methods to aid that process. The malware is said to have obtained information about the system and other AT&T employees' access credentials. The developer used those details to modify the malware.
AT&T claims Fahd and his associates unlocked just over 1.9 million phones through the scheme. The company says because of the unlocks, customers didn't complete payments on their devices, leading to the nine-figure loss.
Fahd was arrested in Hong Kong in 2018 following a 2017 indictment. He was extradited to the US and pleaded guilty to conspiracy to commit wire fraud in September 2020.