The FBI and Philippine law enforcement officials arrested four people in the Philippines this week who were allegedly paid by terrorists to hack into AT&T’s system, but the company said its system was not breached.
The four, who were arrested Wednesday in Manila, were paid by the same Saudi Arabian-based terrorist group identified by the FBI as funding the 2008 attack on Mumbai, the Philippines’ Criminal Investigation and Detection Group (CIDG) said in a statement. The coordinated attacks in India’s largest city claimed 164 lives and wounded at least 308.
“The hacking activity resulted in almost $2 million in losses incurred by the company,” the CIDG said in a statement.
The suspects hacked the trunk-like PBX (private branch exchange) phone lines of different telecommunications companies, including AT&T, the CIDG said. Money stolen in the hacks was diverted to bank accounts belonging to the terrorists, who paid the Filipino hackers on commission, the group said.
The four allegedly worked for a group originally run by Muhammad Zamir, a Pakistani arrested by the FBI in 2007 who was associated with Jemaah Islamiah, a Southeast Asian militant group with links to Al Qaeda.
“Zamir’s group, later tagged by the FBI to be the financial source of the terrorist attack in Mumbai, India, on November 26, 2008, is also the same group that paid Kwan’s group of hackers in Manila,” Police Senior Superintendent Gilbert Sosa said in the statement.
An AT&T representative told Reuters that it “ended up writing off some fraudulent charges that appeared on customer bills” but did not comment on the $2 million figure.
“AT&T and its network were neither targeted nor breached by the hackers,” AT&T spokeswoman Jan Rasmussen said. “AT&T only assisted law enforcement in the investigation that led to the arrest of a group of hackers.”
The FBI requested the CIDG’s assistance in March after discovering the hacking group had targeted AT&T in the U.S., the CIDG said.
Earlier in the week, AT&T said it thwarted an attempt to steal mobile customer data and that no accounts were breached.