The Inside Story Of How Pakistan Took Down The FBI’s Most-Wanted Cybercriminal
Just before dawn on Feb. 14, in a quiet residential suburb of Karachi, Pakistan’s chief cybersecurity officer, Mir Mazhar Jabbar, stood silently outside the home of Noor Aziz Uddin — a man the FBI calls one of its “most wanted” cybercriminals. Jabbar knocked. Standing behind Jabbar was a team of local Karachi police officers, waiting to raid Uddin’s home and place him under arrest.
Uddin, inside, knew that investigators were after him. For the last two-and-a-half years, Uddin had been on the run, the subject of an international manhunt. According to the FBI, Uddin was the mastermind behind a global phone fraud. Most recently, he’d been seen in Saudi Arabia, but he also had been known to travel to the United Arab Emirates, Italy, Malaysia, Pakistan and even, of all places, Newark, New Jersey.
But really, he could have been anywhere.
Uddin was a slippery character — a 52-year-old hacker who used multiple aliases, a guy with a massive bank account who seemed to always be one step ahead of the law. In 2012, he was arrested by Interpol but, because of an evidentiary snafu, he walked. The next year, the FBI put a $50,000 bounty on his head for any information that could lead to his arrest.
Then, in early 2015, that tip finally came in. It landed in Pakistan’s Federal Investigation Agency, and was directed to Jabbar, the cybersecurity official. The tip was a cell phone number that apparently belonged to Uddin. Jabbar contacted the wireless service provider. The carrier then gave him access to the phone’s GPS coordinates.
And that’s how Jabbar ended up on Uddin’s doorstep last month.
The irony that Uddin would ultimately be found because of a hacked phone number was not lost on Jabbar. According to the FBI, Uddin is the mastermind behind a massive phone hacking crime ring that netted him and an accomplice, Farhan Arshad, a massive fortune. Over about four years, from 2008 to 2012, they grossed more than $50 million by hacking phones — mostly landlines — all around the world.
Most people are familiar with the idea of credit card hackers. But very few know about phone hackers, or PBX (private branch exchange) hackers, or even “phreakers,” as they’re referred to by insiders. According to experts, the scam is on the rise — and it’s startlingly simple. The FBI says that Uddin, along with Arshad, would hack into the phone lines of U.S. companies, hijack their phone numbers, and begin auto-dialing like crazy. They’d use the numbers to call premium-rate lines, which, typically, charge the customer anywhere from 50 cents to $3 per minute.
But the crux of the scam is this: The hackers actually own those premium-rate lines, so they’re really just paying themselves by dialing with their victim’s phones.