1.) How is unlocking a phone "malware"? Isn't the lock malware, and the unlocking serves the owner of the device? Calling it malware reeks of regurgitating AT&T propaganda.
2.) How did this "deprive AT&T of the stream of payments it was owned under the customers’ service contracts and installment plans."? A phone getting unlocked doesn't void a contract, so those customers are still on the hook.
1. It's malware from the perspective of the entity whose computers it was installed on. To respond to your meta-point, phone locks are merely a technical control to help ensure consumers abide by their contractual obligations. At least, this is the case since companies have been obligated to offer unlocks for phones whose contracts are paid off.
2. Presumably, it's a combination of a number of mechanisms, like judgment-proof consumers or identity thieves unlocking and reselling devices.
It sounds like he had to install malware in the call center / AT&T remote location so he could get the unlock codes remotely. "Malware" is probably not the correct term.
Once the phone is ported to another network, the original provider is basically SOL, contract or no.
>Fahd allegedly recruited AT&T “insiders” to install malware programs that gathered confidential information and submitted unlock requests using employee credentials via a remote server.
Sounds like the malware was stealing creds to be used to unlock the phones.
Many of these devices are unlocked in bulk and sold overseas. This deprives them of the payments that they expected for fronting the cost of the device.
I recently had to contact support and through chat support the person said they were adding notes to my account. Of course when I call support another day they have no record of this. They then proceed to forward my call to 2 other departments each of which has no idea why I'm calling. I talked to each of these people for several minutes.
> “Now he will be held accountable for the fraud and the lives he has derailed.”
Whoa there. What? Yes, he's committed a crime and should be held accountable for that. But..
Who's lives has he derailed? If I was to accept a bribe to commit a crime, nobody is derailing my life but me - to say anything else suggests a level of intelligence bordering on inability to understand and take responsibility for my actions. Can I use this defence for non bribery related crimes? How about assassin for hire?
Prosecute him for the crimes he committed and prosecute those who accepted bribes for their crimes. Theres just no reason to exaggerate like this.
Edit: And, to add, I dislike the discount / rental / lock in model the carriers use, but it does sound like crimes were committed.
I guess you could consider all of the employees that got fired/will get fired/left before they got fired. Their lives got derailed but that's on them. No one held a gun to their head, this guy was on the other side of the world and convinced some AT&T techs to do this for money. If they were willing to install malware for money, AT&T is just lucky the guy was only after unlocked phones. I'm sure the employee handbook doesn't explicitly say "don't install malware for strange Pakistani men for money" but I'm sure they had enough training to put all of the pieces together...
If you profit off of a violent crime by making that crime more profitable, I believe you are morally culpable in that crime.
This person made muggings more profitable, and profited from it. If there was even one concussion from a mugging that otherwise wouldn't have happened, I would say that's a life derailed. Not provable, but likely.
Looks like they completely buried the lead. That is, US carriers use proprietary hardware/software devices to establish and maintain a profitable strangle-hold on the consumer.
No doubt the law the broken. There's no justification for that. However, the lead is the lead is the lead, and it's burried.
I bought an ATT locked iPhone SE from Ebay just 2 months ago. The unlocking process was essentially just going to ATT website and typing in the IMEI and they unlock it within 15 minutes for free. I assume all the "pay $10 to unlock your phone" services are just counting on the average person being too lazy to discover your can just do the legwork yourself.
His methods were illegal but can we please recognize this guy for being an ABSOLUTE HERO for unlocking all those phones and giving the people what they wanted.
A contract was violated when these phones were unlocked. In return for a locked phone the buyer received a subsidy from AT&T on the cost of the hardware. I don't want people to violate contracts with me, why should I recognize someone as a hero just because I don't like the contract?
To be absolutely clear, I don't like locked phones, either, so I always buy non-carrier-locked devices and it means I pay the full, unsubsidized hardware price.
The people can get what they want by buying an unlocked phone. It's not like it's hard. I haven't bought a provider-locked phone in over a decade, because I move and travel a lot. This guy is a criminal, plain and simple.
Companies need to assume that their network is compromised.
Ignoring anything else that means they need to adopt E2E encryption for all user data (except where legally mandated to be insecure, or when the data has a fundamental need to be accessible - e.g. your bank needs to know how much money you have). Anything else, including dumbass politicians demanding magic crypto, makes your user data a valuable and achievable target.
Wait... what? The "malware" just unlocked the phones' carrier locks? Was it the phones' owners who were paying him to unlock them from AT&T? Why is an illegal scheme even necessary for doing that? I'm quite confused.
Why is illegal scheme necessary to create derivative works of Mickey mouse? Because this world, while being peaceful, is overrun with hostile actors at every corner.
Absolutely no pity for at&t, and please tell me where I can contribute to the defense fund. Phone locking is idiotic and anyone working against that is my hero.
ATT is such a horrible, rent seeking parasite on our economy, I'm rooting for whoever is redistributing that wealth. I'm not too fond of the guy, but the enemies of my enemies can be friends.
I think it's very important to note the long-term crappy treatment of AT&T employees by management - most recently illustrated by the wholesale transfer of thousands of senior IT people to IBM (an even worse employer, doubtlessly for off-the-AT&T books elimination).
A good employer, and most are better than AT&T, has a certain level of loyalty as a defense. This bribe thing doesn't surprise me one tiny bit.
>The indictment doesn’t get into how Fahd was caught. He was arrested in Hong Kong in February 2018 at the request of U.S. authorities. Fahd was extradited from Hong Kong to the U.S. last week to face 14 different charges in federal court
interesting that extradiction to US is ok while to mainland China - isnt. Speaks volumes about whom HK people trusts more, and it doesn't look very promising wrt. peaceful and harmonious full integration of HK.
Wrt. the original post - impressive that AT&T couldnt notice what was happening at that scale for that long. Somebody need to sell them one more audit software package.
> The indictment doesn’t get into how Fahd was caught. He was arrested in Hong Kong in February 2018 at the request of U.S. authorities. Fahd was extradited from Hong Kong to the U.S. last week to face 14 different charges in federal court in Seattle, including wire fraud, violating the Travel Act and intentional damage to a protected computer.
How was Edward Snowden allowed to chill in Hong Kong? Was it because the indictment/extradition request was political and they don't honor those on our behalf? I thought HK just ignored US arrest warrants.
I wonder what the footprint is do the SIM hijacking, e.g. is anyone a sufficiently high enough bribe away from the type of scheme that compromises their account because it only takes 1 employee to effect it.
I've been switching to hardware keys when I'm able but it's not always feasible. I just bought a Titan key combo and you can't use most 3rd party email clients with it so that made it kind of useless to me (since Gmail's mail app isn't that great)
Fraudulent SIM swaps are already being done and it's a lot less sophisticated than this - just show up to a store with a fake ID (or bribe the low-wage employee who isn't paid enough to give a shit so I can't really blame them).
This is one of the problems with the cloud as well. You assume your website is well and safe but a Digital Ocean (or whatever) employee could always hack it.
this is one of the problems with datacenters as well. you assume your router is well and safe but the NSA (or whatever) employee could always intercept it in transit and hack it.
It's possible that some executive wanted to cover it up to avoid the embarrassment of having this happen on their watch. If they press charges, the matter becomes public (both inside and outside the company). If they let the perpetrators walk, nobody finds out (or so they might have thought).
[+] [-] deogeo|6 years ago|reply
2.) How did this "deprive AT&T of the stream of payments it was owned under the customers’ service contracts and installment plans."? A phone getting unlocked doesn't void a contract, so those customers are still on the hook.
[+] [-] ljf|6 years ago|reply
[+] [-] ijpoijpoihpiuoh|6 years ago|reply
2. Presumably, it's a combination of a number of mechanisms, like judgment-proof consumers or identity thieves unlocking and reselling devices.
[+] [-] icedchai|6 years ago|reply
Once the phone is ported to another network, the original provider is basically SOL, contract or no.
[+] [-] some_random|6 years ago|reply
>Fahd allegedly recruited AT&T “insiders” to install malware programs that gathered confidential information and submitted unlock requests using employee credentials via a remote server.
Sounds like the malware was stealing creds to be used to unlock the phones.
[+] [-] 3xblah|6 years ago|reply
Those are just allegations, not facts.
[+] [-] Causality1|6 years ago|reply
[+] [-] DaniloDias|6 years ago|reply
[+] [-] spectrum1234|6 years ago|reply
I recently had to contact support and through chat support the person said they were adding notes to my account. Of course when I call support another day they have no record of this. They then proceed to forward my call to 2 other departments each of which has no idea why I'm calling. I talked to each of these people for several minutes.
How can a company possibly function like this?
[+] [-] kiallmacinnes|6 years ago|reply
Whoa there. What? Yes, he's committed a crime and should be held accountable for that. But..
Who's lives has he derailed? If I was to accept a bribe to commit a crime, nobody is derailing my life but me - to say anything else suggests a level of intelligence bordering on inability to understand and take responsibility for my actions. Can I use this defence for non bribery related crimes? How about assassin for hire?
Prosecute him for the crimes he committed and prosecute those who accepted bribes for their crimes. Theres just no reason to exaggerate like this.
Edit: And, to add, I dislike the discount / rental / lock in model the carriers use, but it does sound like crimes were committed.
[+] [-] moftz|6 years ago|reply
[+] [-] brentm|6 years ago|reply
[+] [-] cortesoft|6 years ago|reply
[+] [-] bitcurious|6 years ago|reply
This person made muggings more profitable, and profited from it. If there was even one concussion from a mugging that otherwise wouldn't have happened, I would say that's a life derailed. Not provable, but likely.
[+] [-] gowld|6 years ago|reply
[+] [-] chiefalchemist|6 years ago|reply
No doubt the law the broken. There's no justification for that. However, the lead is the lead is the lead, and it's burried.
[+] [-] alfalfasprout|6 years ago|reply
[+] [-] chendragon|6 years ago|reply
Usually they say something about servers and "sending your IMEI to the server" etc, and sometimes it can take a certain number of hours.
[+] [-] gruez|6 years ago|reply
[+] [-] JRKrause|6 years ago|reply
[+] [-] 55555|6 years ago|reply
[+] [-] jzunit|6 years ago|reply
[+] [-] jdblair|6 years ago|reply
To be absolutely clear, I don't like locked phones, either, so I always buy non-carrier-locked devices and it means I pay the full, unsubsidized hardware price.
[edited to fix a typo]
[+] [-] intopieces|6 years ago|reply
[+] [-] caymanjim|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] 0x262d|6 years ago|reply
[+] [-] olliej|6 years ago|reply
Ignoring anything else that means they need to adopt E2E encryption for all user data (except where legally mandated to be insecure, or when the data has a fundamental need to be accessible - e.g. your bank needs to know how much money you have). Anything else, including dumbass politicians demanding magic crypto, makes your user data a valuable and achievable target.
[+] [-] _bxg1|6 years ago|reply
[+] [-] gear54rus|6 years ago|reply
[+] [-] thedanbob|6 years ago|reply
[+] [-] dmitrygr|6 years ago|reply
[+] [-] Humdeee|6 years ago|reply
Corrected:
> ... while he induced young workers to choose ethical conduct over corporate greed
[+] [-] 4ntonius8lock|6 years ago|reply
Did he commit a crime? Yes.
Did he commit a crime against criminals? Yes.
ATT is such a horrible, rent seeking parasite on our economy, I'm rooting for whoever is redistributing that wealth. I'm not too fond of the guy, but the enemies of my enemies can be friends.
[+] [-] pinewurst|6 years ago|reply
A good employer, and most are better than AT&T, has a certain level of loyalty as a defense. This bribe thing doesn't surprise me one tiny bit.
[+] [-] trhway|6 years ago|reply
interesting that extradiction to US is ok while to mainland China - isnt. Speaks volumes about whom HK people trusts more, and it doesn't look very promising wrt. peaceful and harmonious full integration of HK.
Wrt. the original post - impressive that AT&T couldnt notice what was happening at that scale for that long. Somebody need to sell them one more audit software package.
[+] [-] 55555|6 years ago|reply
How was Edward Snowden allowed to chill in Hong Kong? Was it because the indictment/extradition request was political and they don't honor those on our behalf? I thought HK just ignored US arrest warrants.
[+] [-] lawnchair_larry|6 years ago|reply
[+] [-] sundayedition|6 years ago|reply
I've been switching to hardware keys when I'm able but it's not always feasible. I just bought a Titan key combo and you can't use most 3rd party email clients with it so that made it kind of useless to me (since Gmail's mail app isn't that great)
[+] [-] Nextgrid|6 years ago|reply
[+] [-] benguild|6 years ago|reply
[+] [-] nvr219|6 years ago|reply
[+] [-] gingerbenage357|6 years ago|reply
[+] [-] kbar13|6 years ago|reply
[+] [-] somehnguy|6 years ago|reply
[deleted]
[+] [-] mschuster91|6 years ago|reply
What? Whose lives? Those of the executives who got a couple thousand dollars less on their multi million boni packages?
Don't get me wrong, bribing people to install malware is reprehensible, but that argument is just... unbelievably braindead.
[+] [-] walshemj|6 years ago|reply
I would AT&T would have wanted to make an example some of them.
In the UK getting busted by the Plod / MET or the Security Service would have been preferable to the internal security.
[+] [-] greenyoda|6 years ago|reply