
AT&T employees were bribed to install phone unlocking malware on company network - starpilot
https://www.geekwire.com/2019/seattle-area-att-employees-bribed-install-phone-unlocking-malware-company-network-authorities-say/
======
deogeo
1.) How is unlocking a phone "malware"? Isn't the lock malware, and the
unlocking serves the owner of the device? Calling it malware reeks of
regurgitating AT&T propaganda.

2.) How did this "deprive AT&T of the stream of payments it was owned under
the customers’ service contracts and installment plans."? A phone getting
unlocked doesn't void a contract, so those customers are still on the hook.

~~~
DaniloDias
Many of these devices are unlocked in bulk and sold overseas. This deprives
them of the payments that they expected for fronting the cost of the device.

~~~
nathankunicki
I still don't understand how. Regardless of who ends up using the phone,
surely the original purchaser/signer is still on the hook for the monthly
payments?

ie. If I buy a contract iPhone from AT&T then unlock and sell on the phone,
that doesn't nullify the fact that I still owe AT&T $100 a month for 24
months, regardless of where the phone is?

~~~
kevinsundar
Yes the original purchaser is still on the hook for the payments. However in
America today there are absolutely tons of people who are on the hook for
payments that they simply do not make. In the tech world people are generally
financially well off that they don't realize this. There are people that will
just shrug at the fact they owe money to a company.

At least if the phone is locked the carrier can just cut off service as an
attempt to hopefully get payment as the phone is rendered useless without
payment. However with unlocked phones theres no way for them to get the money
they are owed. It's insanely expensive for them to go after each and every
subcriber legally that doesnt pay.

Remember, they are loaning these devices to subscribers who cannot pay the
entire cost upfront with the hope they will pay them back over the course of
the contract. Unlocking the phone gets rid of the one collateral they have.
Thats the reason your account must be in good standing to unlock early with
every major carrier and why some do credit checks.

------
spectrum1234
ATT support is awful.

I recently had to contact support and through chat support the person said
they were adding notes to my account. Of course when I call support another
day they have no record of this. They then proceed to forward my call to 2
other departments each of which has no idea why I'm calling. I talked to each
of these people for several minutes.

How can a company possibly function like this?

~~~
belltaco
Same with Comcast, if not worse. For some reason their systems appear to take
forever to load a customer account. One could probably find and pull a
physical file of a user account faster in the pre-computer days out of a huge
room full of wall to wall filing cabinets. I am not sure if it's ineptness or
they pretend to take long to make support calls as frustrating as possible.

~~~
tzs
The trick I've found with Comcast is to go to their offices. The in-person
support people have always been able to deal with whatever I was there for
quickly and satisfactorily.

~~~
munk-a
I don't want to, as a consumer I'd like to get decent customer service in a
manner that isn't directly inconveniencing to either me or, even, the company.
I don't demand that reps show up at my door, but it is seriously annoying how
far Comcast will go out of their way refusing to help you.

~~~
sokoloff
I've had pretty excellent support from Comcast via chat on the 3 occasions
I've needed to use them in the last 5 years or so. It doesn't seem like it's
going to be as fast as a phone call, but it seems like I can easily express
what I want/need and the chat agent seems to respond intelligently and
effectively.

------
kiallmacinnes
> “Now he will be held accountable for the fraud and the lives he has
> derailed.”

Whoa there. What? Yes, he's committed a crime and should be held accountable
for that. But..

Who's lives has he derailed? If I was to accept a bribe to commit a crime,
nobody is derailing my life but me - to say anything else suggests a level of
intelligence bordering on inability to understand and take responsibility for
my actions. Can I use this defence for non bribery related crimes? How about
assassin for hire?

Prosecute him for the crimes he committed and prosecute those who accepted
bribes for their crimes. Theres just no reason to exaggerate like this.

Edit: And, to add, I dislike the discount / rental / lock in model the
carriers use, but it does sound like crimes were committed.

~~~
brentm
Federal prosecutors love a good dramatic press conference.

~~~
a3n
The only thing missing is to have invoked some set of government employees as
"brave men and women" or "heroes."

------
chiefalchemist
Looks like they completely buried the lead. That is, US carriers use
proprietary hardware/software devices to establish and maintain a profitable
strangle-hold on the consumer.

No doubt the law the broken. There's no justification for that. However, the
lead is the lead is the lead, and it's burried.

~~~
psychometry
It's "lede"...

~~~
dredmorbius
By usage, not so much.

[https://books.google.com/ngrams/graph?content=bury%20the%20l...](https://books.google.com/ngrams/graph?content=bury%20the%20lede%2C%20bury%20the%20lead&year_start=1800&year_end=2000&corpus=15&smoothing=3&direct_url=t1%3B%2Cbury%20the%20lead%3B%2Cc0)

------
alfalfasprout
Given how poorly AT&T and the like treat customers I can't really feel bad
that they lost out on $5mm of fees on their crappy overpriced contracts.

------
chendragon
Is this how the eBay phone unlocking services work?

Usually they say something about servers and "sending your IMEI to the server"
etc, and sometimes it can take a certain number of hours.

~~~
JRKrause
I bought an ATT locked iPhone SE from Ebay just 2 months ago. The unlocking
process was essentially just going to ATT website and typing in the IMEI and
they unlock it within 15 minutes for free. I assume all the "pay $10 to unlock
your phone" services are just counting on the average person being too lazy to
discover your can just do the legwork yourself.

~~~
withinrafael
The mobile operator provided unlock only works on devices of a certain age.
You can't typically, for example, purchase a new flagship device and unlock it
on day one. The illegitimate methods bypass this restriction.

~~~
therealx
Theres a method of unlocking new/any iOS device using the GSX api that Apple
maintains for the remaining list of Authorized Stores. Apple will not approve
anyone new for the list, and they have changed up the requirements to connect
to the API lately from just a username/password (which were often hacked or
bribed), to client side certificates and blessed static ips (at a time when
even the OS X networking libraries didn't support this), to a new version just
now that I won't give the details but you can find if you do some github
searching.

------
jzunit
His methods were illegal but can we please recognize this guy for being an
ABSOLUTE HERO for unlocking all those phones and giving the people what they
wanted.

~~~
jdblair
A contract was violated when these phones were unlocked. In return for a
locked phone the buyer received a subsidy from AT&T on the cost of the
hardware. I don't want people to violate contracts with me, why should I
recognize someone as a hero just because I don't like the contract?

To be absolutely clear, I don't like locked phones, either, so I always buy
non-carrier-locked devices and it means I pay the full, unsubsidized hardware
price.

[edited to fix a typo]

~~~
jzunit
Contracts are violated all the time - it's called efficient breach. Most of
the time, there are no penalties either. If AT&T overcharges you, and you
don't notice - they just take your money without consequence.

If you can get away with efficient breach of contract, do it. As a former
lawyer who write contracts all day, I will give you a virtual high five.

~~~
kevinsundar
Sure it may be legal but is it whats morally good? If someone / your employer
entered into a contract with you to pay you for your legal services for a year
and then efficiently breached the terms would you give them a high five and be
fine with it? In your example, would you give AT&T a high five for efficiently
breaching their contract and taking money from a subscriber?

Also I'm not sure if you're using the right terminology. From Wex, Efficient
breach: A breach of contract in which the breaching party finds it cheaper to
pay damages than to perform under the contract. [1]

You're not paying them when you unlock your phone out of contract so it
wouldn't be efficient breach. It's just breach of contract. Also as you know
it's not really breach of contract or not until a judge says so, so you can't
just call contract violations that happen all the time an efficient breach.

I have a bit of legal education from years ago and I understand that there are
many things that are legally "right" but there are other things to consider
too.

[1][https://www.law.cornell.edu/wex/efficient_breach](https://www.law.cornell.edu/wex/efficient_breach)

------
olliej
Companies need to assume that their network is compromised.

Ignoring anything else that means they need to adopt E2E encryption for all
user data (except where legally mandated to be insecure, or when the data has
a fundamental need to be accessible - e.g. your bank needs to know how much
money you have). Anything else, including dumbass politicians demanding magic
crypto, makes your user data a valuable and achievable target.

------
_bxg1
Wait... what? The "malware" just unlocked the phones' carrier locks? Was it
the phones' owners who were paying him to unlock them from AT&T? Why is an
illegal scheme even necessary for doing that? I'm quite confused.

~~~
gear54rus
Why is illegal scheme necessary to create derivative works of Mickey mouse?
Because this world, while being peaceful, is overrun with hostile actors at
every corner.

~~~
_bxg1
No, I mean, you can literally ask AT&T and they'll unlock your phone. Or if
this was before that was possible, you could still just root it yourself. I
don't see why the network or its employees had to be involved at all.

~~~
throwfDfZ9yPK
NO! Rooting your phone will not result in a carrier unlock. I am not aware of
the specific technical details, but there are mechanisms in place which RMS
would call "Negative in the freedom dimension."

In my case I followed your advice, thinking like a logical human, that rooting
my phone could allow myself to unlock my device (which I paid retail price
from their walled garden market for pre-locked devicess, no subsidy and also
following years of service) but i discovered many many months after the fact
that the cellular megacorp can use their OTA update service in some instances
to reverse your assertion of control over your device somehow.

I used a dodgy unlock service in a time of desperation, and would later find
myself locked out from my fully paid device yet again. The handset cost as
much as a crappy but roadworthy car and was paid in full.

These convoluted service lock agreements do nothing at all but ensure paying
customers are beholden to the capricious will of these amoral corporate
entities. The marketing and lobbying makes us think this is a good deal.

EDIT: I used an opensource rooting method, and later used a dodgy unlock
service which i believe this person may have been involved in reselling.

~~~
_bxg1
Rooting alone doesn't accomplish anything, but once rooted you can do anything
to your phone, including carrier-unlocking, blocking updates, or rewriting the
whole operating system. The only thing a carrier could still do in theory is
blacklist your device from connecting to their network, which I've never heard
of anyone doing.

~~~
throwfDfZ9yPK
This is simply not the case.

The SIM lock methods are a little bit diferent from handset to handset, but
flashing LineageOS will not unlock your handset. I know there are some
handsets which the SIM Lock may be manipulated via block device, but you often
have to issue dialer commands to the baseband firmware.

------
dmitrygr
Absolutely no pity for at&t, and please tell me where I can contribute to the
defense fund. Phone locking is idiotic and anyone working against that is my
hero.

------
Humdeee
> ... while he induced young workers to choose greed over ethical conduct

Corrected:

> ... while he induced young workers to choose ethical conduct over corporate
> greed

~~~
4ntonius8lock
Agreed.

Did he commit a crime? Yes.

Did he commit a crime against criminals? Yes.

ATT is such a horrible, rent seeking parasite on our economy, I'm rooting for
whoever is redistributing that wealth. I'm not too fond of the guy, but the
enemies of my enemies can be friends.

------
pinewurst
I think it's very important to note the long-term crappy treatment of AT&T
employees by management - most recently illustrated by the wholesale transfer
of thousands of senior IT people to IBM (an even worse employer, doubtlessly
for off-the-AT&T books elimination).

A good employer, and most are better than AT&T, has a certain level of loyalty
as a defense. This bribe thing doesn't surprise me one tiny bit.

------
trhway
>The indictment doesn’t get into how Fahd was caught. He was arrested in Hong
Kong in February 2018 at the request of U.S. authorities. Fahd was extradited
from Hong Kong to the U.S. last week to face 14 different charges in federal
court

interesting that extradiction to US is ok while to mainland China - isnt.
Speaks volumes about whom HK people trusts more, and it doesn't look very
promising wrt. peaceful and harmonious full integration of HK.

Wrt. the original post - impressive that AT&T couldnt notice what was
happening at that scale for that long. Somebody need to sell them one more
audit software package.

------
55555
> The indictment doesn’t get into how Fahd was caught. He was arrested in Hong
> Kong in February 2018 at the request of U.S. authorities. Fahd was
> extradited from Hong Kong to the U.S. last week to face 14 different charges
> in federal court in Seattle, including wire fraud, violating the Travel Act
> and intentional damage to a protected computer.

How was Edward Snowden allowed to chill in Hong Kong? Was it because the
indictment/extradition request was political and they don't honor those on our
behalf? I thought HK just ignored US arrest warrants.

~~~
lawnchair_larry
He wasn’t. That’s why he had to leave abruptly, and why he was stranded at his
layover in Russia.

------
sundayedition
I wonder what the footprint is do the SIM hijacking, e.g. is anyone a
sufficiently high enough bribe away from the type of scheme that compromises
their account because it only takes 1 employee to effect it.

I've been switching to hardware keys when I'm able but it's not always
feasible. I just bought a Titan key combo and you can't use most 3rd party
email clients with it so that made it kind of useless to me (since Gmail's
mail app isn't that great)

~~~
Nextgrid
Fraudulent SIM swaps are already being done and it's a lot less sophisticated
than this - just show up to a store with a fake ID (or bribe the low-wage
employee who isn't paid enough to give a shit so I can't really blame them).

~~~
shiftpgdn
Your SMS based 2FA is only as secure as the lowest paid employee at a cell
phone store.

~~~
Nextgrid
Lowest paid employee at the store? How about lowest paid idiot at the
outsourced customer "service" centre.

------
benguild
I was always wondering who was on payroll at AT&T for this.

------
nvr219
This guy deserves a medal

------
gingerbenage357
This is one of the problems with the cloud as well. You assume your website is
well and safe but a Digital Ocean (or whatever) employee could always hack it.

~~~
kbar13
this is one of the problems with datacenters as well. you assume your router
is well and safe but the NSA (or whatever) employee could always intercept it
in transit and hack it.

~~~
rolltiide
this is the problem with offshore hosts as well. you assume the lack of an
information sharing treaty and plain text writing of a law ensures the privacy
of your data, but the government can just arbitrarily hand it over to the
first FBI agent that asks

~~~
balabaster
this is the problem with hosting it at home on your own server with your own
hardware. Your kids will hack it when you're not looking and install a Roblox
server and let every idiot into your server to do whatever they want with it.
Also, kids are stupidly easy to bribe.

------
mschuster91
> Now he will be held accountable for the fraud and the lives he has derailed

What? Whose lives? Those of the executives who got a couple thousand dollars
less on their multi million boni packages?

Don't get me wrong, bribing people to install malware is reprehensible, but
that argument is just... unbelievably braindead.

------
walshemj
How do you avoid charges that serious by "leaving" the company sounds like
AT&T security is a bit wishy washy.

I would AT&T would have wanted to make an example some of them.

In the UK getting busted by the Plod / MET or the Security Service would have
been preferable to the internal security.

~~~
greenyoda
It's possible that some executive wanted to cover it up to avoid the
embarrassment of having this happen on their watch. If they press charges, the
matter becomes public (both inside and outside the company). If they let the
perpetrators walk, nobody finds out (or so they might have thought).

------
noodlesUK
When a phone is “locked”, what does that entail? Is there a list of IMEIs
somewhere that carriers check against when phones connect to their network, or
is it something on the handset itself? If it’s software on the phone, surely
it’s possible to hack it on the phone itself?

~~~
Scoundreller
Handset itself. Though blacklists can exist too (depends on country and
product).

For some older phones, you could download a keygen because the algo has been
cracked.

But, for Apple, I understand all unlocks go through Apple HQ via the provider.
Hence the need to malware the provider.

My guess is that the tech for locking is pretty good. It’s probably a
prerequisite for these providers to sell your device.

Possibly with some penalty if the manufacturer can’t keep its lock robust.

~~~
noodlesUK
Wouldn’t it be a nice value-add if manufacturers provided an unlock after say
a year or two after initial purchase? My experience with carriers is that even
if you’re eligible for an unlock they’re a nightmare to get.

------
throwfDfZ9yPK
Throwaway here. This bit me in the ass. (I think)

Quite a while ago I was on an AT&T family plan with my aforementioned family.
An unexpected death in my family caused a falling out/estrangement situation
which jeopardized our cellular service, along the lines of an intestate
inheritance, forfeited property, decades of fraud/extortion...and my
borderline personality mother becoming enraged at the fact that we would now
be reassessing my family's troubled history in the wake of this tragedy. The
result of these events were that my (quite old) AT&T smartphone service was
unexpecgedly cancelled, leaving me out in the cold. I needed service fast, and
got a sim card ASAP but I did not reckon that my (fully paid for) cellular
device would be carrier locked.

This is my mistake of course, but the result is that I was, late at night,
caught out with no functional device to use with my sim card, and a brand new
MVNO service agreement. I took to the internet in order to find a solution,
and ended up using my privacy.com account to pay for a rather sketchy Samsung
unlock service, which worked like a charm.

Eager to forget this entire affair, I moved on with my life.

One day about a month or two ago, my Samsung handset began demanding a carrier
unlock code. Confused, and in need of service, I shelled out for the nearest
used smartphone thing I could find.

This was rather alarming as I was cut off, yet again, and until this day I had
no idea how my handset had relocked itsself! my MVNO CSR couldn't help, bless
his/her soul, insisting I would need to contact the carrier for the unlock
code. Instead, I hit that thing with a hammer and called it a night.

After I used the dodgy unlock software which I paid a 20 for, I had monitored
my handset for malicious activity via my personal security gateway but could
never identify anything unusually malicious.

Now I have a backup plan, and carry a spare flip phone.

If your mother has access to lexisnexis, I might consider a restraining order
if your situation sounds familiar.

I concluded that AT&T has rescinded these unlock codes, leaving untold numbers
of legitimate users without a way to conduct business.

Carrier locked devices should be outlawed. AT&T appears to my naive eyes as a
malevolent shitshow, much like verizon and comcast and other rent seeking
walled garden extortionists. The history of these telephone companies precedes
them, but gosh i wish that my real life didn't feel like it existed in Eve
Online.

------
digikata
I have a feeling that multiple carriers have a similar problem. I traveled to
another city and noticed that some incoming spam calls shifted to incoming
numbers with the local area code.

------
qwerty456127
Good. Locking phones should be fought and, ideally, outlawed.

------
supercanuck
malware is defined as software that will cause damage. This doesn't appear to
have caused any damage to the owner's phone.

------
jasoneckert
I blame the movie "Office Space" for influencing the AT&T employee's behavior
(just kidding ;-)

------
roflchoppa2
this dudes my hero.

------
tehjoker
Hero. Free our man!

------
throwaway3627
Seems like a public service IMHO. ;)

------
ixtli
This person did nothing wrong. Laws holding people accountable for helping
people who are being abused by an unaccountable power are themselves abusive
and should be struck down.

