fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

AT&T Lost $200M in Seven Years to Illegal Phone Unlocking Scheme

AT&T Lost $200M in Seven Years to Illegal Phone Unlocking Scheme

A Pakistani fraudster was sentenced to 12 years in prison earlier this week after AT&T, the world’s largest telecommunications company, lost over $200 million after he and his co-conspirators coordinated a seven-year scheme that led to the fraudulent unlocking of almost 2 million phones.

Throughout this operation, Muhammad Fahd — the scheme leader — bribed multiple AT&T employees to do his bidding, including unlocking phones, giving him access to their credentials, and installing malware that gave him remote access to the mobile carrier’s servers.

“Beginning in 2012, Fahd, 35, conspired with others to recruit AT&T employees at a call center located in Bothell, Washington, to unlock large numbers of cellular phones for profit,” the Department of Justice (DOJ) said.

“Fahd recruited and bribed AT&T employees to use their AT&T credentials to unlock phones for ineligible customers.

“Later in the conspiracy, Fahd had the bribed employees install custom malware and hacking tools that allowed him to unlock phones remotely from Pakistan.”

Also Read: Top 3 Common Data Protection Mistakes, Revealed

Bribes, malware, and rogue wireless access points

Between the summer of 2012 and April 2013, Fahd recruited AT&T employees as insiders by bribing them with hundreds of thousands of dollars to remove the carrier’s protection that locked cellular phones to its network.

Starting with April 2013, the fraudster was forced to hire a malware developer to design malicious tools after AT&T introduced a new unlocking system that prevented corrupt employees from continuing unlocking phones on his behalf.

Once deployed on the company’s network by bribed employees, the malware collected enough info to create additional malware, which the fraudsters used to remotely “process fraudulent and unauthorized unlock requests” from Pakistan.

From November 2014 to September 2017, Fahd and several conspirators also bribed AT&T employees to plant hardware devices (such as wireless access points) on the carrier’s internal network.

After this breach, the conspirators gained the access they needed to AT&T’s systems to automate the “process of submitting fraudulent and unauthorized unlock requests.

Throughout the scheme, Fahd and his co-conspirators used multiple shell companies to cover-up their illegal activity, including Swift Unlocks Inc, Endless Trading FZE (aka Endless Trading FZC), Endless Connections Inc, and iDevelopment Co according to the indictment.

Continued unlocking phones although aware of ongoing investigation

AT&T found that 1,900,033 cellular phones were illegally unlocked by conspirators behind this scheme, resulting in $201,497,430.94 of losses due to lost payments.

The company also sued former employees fired after discovering they were bribed into illegally unlocking phones and planting malware and malicious tools on its network.

“We’re seeking damages and injunctive relief from several people who engaged in a scheme a couple of years ago to illegally unlock wireless telephones used on our network,” AT&T said in a statement to GeekWire at the time.

“It’s important to note that this did not involve any improper access of customer information, or any adverse effect on our customers.”

Fahd was arrested in Hong Kong in February 2018 and he was extradited to the US in August 2019.

He remained in jail until he was sentenced earlier this week to 12 years in prison after pleading to conspiracy to commit wire fraud in September 2020.

Also Read: The Financial Cost of Ransomware Attack

“At the sentencing hearing U.S. District Judge Robert S. Lasnik for the Western District of Washington noted that Fahd had committed a ‘terrible cybercrime over an extended period,’ even after he was aware that law enforcement was investigating,” the DOJ added.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us