AT&T sues former employees, alleging massive phone unlocking scheme

18 Sep 2015 | Author: | No comments yet »

AT&T says rogue employees secretly unlocked hundreds of thousands of phones.

AT&T’s customers aren’t the only ones who hated the carrier’s draconian phone unlocking policies. AT&T said three of its employees secretly installed software on its network so a cellphone unlocking service could surreptitiously funnel hundreds of thousands of requests to its servers to remove software locks on phones. The locks prevent phones from being used on competing networks and have been an important tool used by cellular carriers to prevent customers from jumping ship. The company would sell unlock codes for anything from an iPhone to a Fire Phone, letting AT&T customers wriggle out of their contracts long before the subsidy was paid off. California-based Swift Unlocks, which allegedly orchestrated the scheme and in turn sold the illicit unlocking services to AT&T customers, is also being sued.

Consumers are legally allowed to request that their carrier unlock their phones — once they’ve been paid off in full — so that the phone can then be connected to a competing carrier’s network. They can be electronically removed, usually after fulfilling a contract obligation, but many websites offer the same service for a small fee with no questions asked.

The unlocking of smartphones has been a hotly debated issue as the Federal Communications Commission has introduced new rules over the past few years. But carriers are not obligated to unlock them except in certain circumstances, such as when customers have paid off their contracts or device financing plans. Most carriers, including AT&T, often sell phones at discounted rates because they know they can recoup that money by selling their own wireless services for the devices. District Court for the Western District of Washington in which it accuses two companies, four people and an unknown software developer or developers, of participating in the audacious scheme.

To make sure customers stay long enough to pay back the phone subsidy, carriers install locking software that won’t allow phones to work on other carriers’ networks. AT&T claims Swift Unlocks paid AT&T employee Marc Sapatin $10,500, and Kyra Evans $20,000, to install unlock software in the carrier’s systems while they worked at an AT&T call center in 2013. Once you’ve paid off your wireless contract, the FCC now requires carriers to give customers an unlock code that will allow them to take their device to another wireless provider — if they so choose. The carrier first discovered something was amiss in September 2013 when a surge in the number of unlock requests alerted the company to the possible abuse of “Torch,” the software used to unlock cellphones, it said in the complaint. The carrier, the nation’s second largest, says the defendants created a software program that allowed an external server to issue unlock permissions to AT&T phones.

Upon investigation, the company discovered that the logins and passwords of two employees at a center in Washington were responsible for a large number of the requests and those requests happened within milliseconds of each other. On the computers of Evans and Sapatin, investigators found unauthorized software intended to route unlocking requests from an external source through AT&T’s computer system, it said. Unfortunately for the accused, those requests were still being made under their own employee codes, so the company quickly traced the new requests back to them. “It’s important to note that this did not involve any improper access of customer information, or any adverse effect on our customers,” an AT&T spokesman told The Verge. AT&T says its investigators uncovered numerous iterations of the software, which grew in complexity until it was eventually able to submit the automatic requests.

During the same period, AT&T was hacked by a criminal organization looking to unlock stolen phones before selling them, a breach that also resulted in a $25 million fine from the FCC. On the company’s website, it describes why someone would want to unlock a phone, saying it can make switching SIM cards for international travel easier, allows you to fetch a higher price when reselling your phone and makes it possible to switch carriers to take advantage of promotions. The malware allowed commands to be issued from a remote, unauthorized server and used “valid customer service personnel identification numbers” to process automated unlock requests without proper authorization, AT&T wrote. The carrier names Kyra Evans, Nguyen Lam and Marc Sapatin as former customer call center employees who knowingly installed malware on company computers to give Prashan Vira, who runs Swift Unlocks, remote access to the machines. Vira, and about 50 others who haven’t been identified yet, are then accused of running programs designed to use the employees’ credentials to access the unlock codes.

Sapatin is accused of trying to recruit another AT&T employee to join the scheme, telling the worker all she needed to do was click a link provided by someone else to download the malware. Early versions of the malware “gathered confidential and proprietary information regarding AT&T’s internal applications and computer systems and transmitted that information to John Doe Defendants 1-50 through the remote server,” AT&T said. “The John Doe Defendants used that information to adjust the malware to specifically facilitate the hacking of [AT&T’s customer service] application and then sent revised malware files to Evans for installation.” These John Doe defendants also re-sold fraudulently unlocked phones, AT&T alleged. The alleged scheme is similar to others “in which illegal operators buy or steal large quantities of phones (prepaid or with term contracts), unlock them, and resell them in foreign markets that do not subsidize the devices,” AT&T wrote. The suit alleges that the scheme allowed Swift Unlocks to secretly obtain access to “hundreds of thousands” of unlock codes until AT&T discovered the malware around October 2013. Sapatin allegedly tried to recruit other AT&T employees, telling one “that she would make $2,000 every two weeks through her participation in the Unlock Scheme,” AT&T wrote.

AT&T is seeking financial damages in an amount to be determined at trial, and injunctions preventing the defendants from continuing the alleged activity. UPDATE: After this published, AT&T sent Ars a statement, saying, “We’re seeking damages and injunctive relief from several people who engaged in a scheme a couple of years ago to illegally unlock wireless telephones used on our network.

Here you can write a commentary on the recording "AT&T sues former employees, alleging massive phone unlocking scheme".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site