AT&T files lawsuit against former employees for installing malware, illegally unlocking phones

The former employees allegedly used malware to illegally unlock countless devices using AT&T's network. [Updated]


[Update 14.55GMT: AT&T statement]

AT&T has filed a lawsuit against former employees who installed malware on the firm's networks as part of a business which unlocked the carrier's devices illegally.

Within the lawsuit, filed last week, the telecommunications giant claims the ex-customer support personnel -- Marc Sapatin, Nguyen Lam, and Kyra Evans -- used malware to fraudulently process "hundreds of thousands" of unlock requests through the AT&T network.

Filed at the Washington Seattle District Court, the lawsuit not only targets the former employees, but also mobile device unlocking service SwiftUnlocks and a number of unnamed developers who allegedly created the malicious software.

AT&T sells locked phones, but customers can call up and request an unlock code in some circumstances. According to the complaint, malware was loaded into the carrier's network which exploited "Torch," a web portal which allowed authenticated users to troubleshoot devices and send unlock requests on behalf of AT&T customers.

A "recent surge" of unlock requests were linked to the former employees and their credentials, raising suspicion that an automated script which sent and processed these requests may have been in operation.

Suspicions were further provoked as unlocked requests occurred "within milliseconds of one another," which is naturally not the normal course of business.

An investigation revealed the existence of malware on the aforementioned former staff members' computers which accepted commands from a remote server to be communicated to Torch, using the former employees' credentials for the authentication step.

AT&T alleges that from April to September 2013, the operation resulted in "the unauthorized unlocking of thousands of phones on AT&T's wireless network," which the carrier labeled "fraudulent."

"Through this conduct, the Unlock Scheme caused substantial damage to AT&T's protected computer systems and effectively stole AT&T's subsidy investment in its phones," the complaint reads.

Evans allegedly received at least $20,000 for installing and upgrading the malware on AT&T's networks from SwiftUnlocks, which charges online customers up to $50 to unlock a phone locked to carriers including AT&T, T-Mobile and LG. Sapatin allegedly raked in over $10,000, while it is not known if Lam was paid by the company.

AT&T claims the scheme has resulted in "significant losses," not only financially but in terms of reputation. The company is accusing the parties of network violations, breach of duty and loyalty, business interference and unjust enrichment, and so has demanded a trial by jury.

An AT&T spokesman told ZDNet:

"We're seeking damages and injunctive relief from several people who engaged in a scheme a couple of years ago to illegally unlock wireless telephones used on our network. It's important to note that this did not involve any improper access of customer information, or any adverse effect on our customers.

ZDNet has reached out to SwiftUnlocks and will update if we hear back.

Read on: Top picks