Hello, welcome to the Thursday, August 8th, 2019 edition of the Sansoment Storms and a Stormcast.

My name is Johannes Ulrich.

I'm recording from Denver, Colorado.

Usually if a company employee does install malware on their system, they do so without really knowing what's happening.

They're falling for some email that contains the malicious attachment, or they are installing

software that they think is benign, or maybe even they think they install a new security tool.

Well, AT&T had sort of a different experience. or maybe even they think they install a new security tool.

Well, AT&T had sort of a different experience here in insiders intentionally installing not just malware,

but also installing network equipment to allow criminals access to AT&T's network.

The goal here was actually not customer data. The goal here was unlocked codes for mobile devices.

Usually if you do have a contract with AT&T, you need to wait for that contract to be fulfilled before you can obtain

an unlock code and then move your device to a different carrier. This particular gang did offer

third-party unlock services for customers who could not legitimately unlock their phone with AT&T.

Now initially they just essentially forwarded these requests to insiders who then provided

the unlock codes.

This then evolved into the insiders actually giving these criminals credentials to connect to AT&D's network.

But of course, these unusual access patterns were eventually discovered.

In the end, the insiders did install Malware and some unspecified network device.

Now, it says you have wireless access. I'm not really sure if this is

a Wi-Fi access point or really more like a cell phone modem maybe that bridged the

AT&T internal network to a cell phone connection. So these criminals who apparently were located

in Pakistan were able to connect directly to AT&T's internal network,

...