“Two things about the NSA stunned me right off the bat: how technologically sophisticated it was compared with the CIA, and how much less vigilant it was about security in its every iteration, from the compartmentalization of information to data encryption.” – Edward Snowden.
The United States Department of Justice (“DOJ”) issued a news release regarding Muhammad Fahd (“Fahd”), whom the United States Secret Service investigated, apprehended, and sentenced. On September 16 Fahd was sentenced to 12 years in prison for unlawfully unlocking nearly 2 million phones defrauding AT&T and causing $200 Million in losses. Fahd conspired to recruit AT&T employees at a call center to unlock large numbers of phones for profit, set up fake business accounts and bank accounts, create fake invoices, inject malware, steal credentials, and much more.
AT&T created new controls making it more difficult to unlock the phones via bribed employees. In response, Fahd hired a software developer to construct malware to be injected in AT&T systems without authorization, expedite the unlocking of phones, and in mass quantities. It also allowed Fahd remote access to commit his crimes of unlocking the phones from Pakistan.
Judge Robert S. Lasnik stated that Fahd had committed a “terrible cybercrime over an extended period” even though he was apparently aware that he was being investigated by law enforcement.