AT&T sues former employees for scheme to distribute hundreds of thousands of unlock codes for phones

AT&T Mobility (NYSE: T) filed a lawsuit against three former employees who allegedly were paid tens of thousands of dollars to place malware on company computers to illegally help transmit hundreds of thousands of AT&T unlock codes out of the carrier's system.  

The lawsuit, which was filed earlier this month in U.S. District Court in Seattle and first uncovered by GeekWire, alleges that a California-based company called Swift Unlocks concocted the idea and then sold the unlocking services to AT&T customers. The company is also being sued.

"We're seeking damages and injunctive relief from several people who engaged in a scheme a couple of years ago to illegally unlock wireless telephones used on our network," AT&T said in a statement to several news outlets. "It's important to note that this did not involve any improper access of customer information, or any adverse effect on our customers."

Wireless carriers started abiding fully by a code of conduct in February on unlocking phones, which lets customers take phones to other carriers. Carriers must clearly explain their policies on unlocking. Once postpaid customers finish their service contracts on postpaid plans, carriers must, upon request, unlock customers' phones within two business days. In terms of prepaid phones, carriers, upon request, must unlock prepaid phones no later than one year after activation. However, unlocking a device does not make it compatible with other carriers' networks, as the device needs the chipsets and radios that can access the spectrum bands used by other carriers. 

According to GeekWire, the lawsuit claims that Swift Unlocks was conspiring with AT&T employees at its customer service center in Bothell, Wash., to secretly get unlock codes for devices that were still under contract, meaning the carrier was not under obligation to unlock the phones.

As GeekWire notes, there are multiple websites that offer unlocking services under the Swift Unlocks moniker, including, which offers to unlock AT&T devices for between $10 and $50.

The lawsuit names Kyra Evans, Nguyen Lam and Marc Sapatin as former customer call center employees and alleges that they knowingly installed malware on company computers to give Prashant Vira, who runs Swift Unlocks, remote access to the machines. Vira, and around 50 other unidentified individuals, allegedly ran a program designed to use the employees' credentials to access the unlock codes, according to GeekWire.

As ZDNet notes, the lawsuit claims the malware exploited "Torch," an AT&T web portal which allowed authenticated users to troubleshoot devices and send unlock requests on behalf of AT&T customers. AT&T said in the lawsuit that a "recent surge" of unlock requests were linked to the former employees and their credentials, and the carrier became suspicious that some kind of program was automatically generating the unlock requests, especially after such occurred "within milliseconds of one another," which normally doesn't happen.

AT&T alleges in the lawsuit that from April to September 2013, the operation resulted in "the unauthorized unlocking of thousands of phones on AT&T's wireless network," which the carrier labeled "fraudulent."

"Through this conduct, the Unlock Scheme caused substantial damage to AT&T's protected computer systems and effectively stole AT&T's subsidy investment in its phones," the complaint said.  

AT&T claims in its lawsuit that the scheme allowed Swift Unlocks to secretly obtain access to "hundreds of thousands" of unlock codes before AT&T discovered the malware around October 2013. No one accused in the suit still works for AT&T, but is still active. The company does offer unlock services for some T-Mobile US (NYSE:TMUS) and Verizon Wireless (NYSE: VZ) devices.

Swift Unlocks did not immediately respond to a request for comment.

For more:
- see the lawsuit
- see this GeekWire article 
- see this ZDNet article 
- see this CNET article 
- see this The Verge article 

Related articles:
Verizon to activate unlocked, non-Verizon iPhones and Nexus 6 phones
AT&T fined $25M for customer data breaches used to obtain codes to unlock phones
Sprint, T-Mobile not meeting all cell phone unlocking policy commitments, advocate say
Verizon, AT&T, Sprint, T-Mobile and others now fully embrace cell phone unlocking rules
AT&T confirms data breach as hackers hunted for codes to unlock phones