A man made millions by unlocking T-Mobile phones with stolen passwords

A jury has found Argishti Khudaverdyan, a former T-Mobile store owner, guilty of using stolen credentials to unlock “hundreds of thousands of cell phones” from August 2014 to June 2019 (via PCMag). According to a Justice Department press release and an indictment filed earlier this year, Khudaverdyan made about $25 million from the scheme, which also involved bypassing carrier blocks on lost or stolen cell phones.

He reportedly used a variety of tactics for years to obtain the T-Mobile employee credentials needed to unlock phones, including phishing, social engineering, and even getting the carrier’s IT department to reset the passwords of senior officials. which gave him access. The DOJ says it accessed the credentials of more than 50 employees and used it to unlock phones from “Sprint, AT&T, and other carriers.”

According to the indictment, Khudaverdyan had access to T-Mobile’s unlocking tools through the open internet until 2017. After the carrier moved them to its internal network, Khudaverdyan allegedly used stolen credentials to access that network over Wi-Fi at T-Mobile. stores.

The DOJ says Khudaverdyan co-owned a T-Mobile store called Top Tier Solutions Inc for a few months in 2017, though the carrier eventually canceled the store’s contract due to suspicious behavior. (The other co-owner, Alen Gharehbagloo, was also charged with fraud and illegal access to computer systems and pleads guilty.) Over the years, the DOJ says Khudaverdyan has marketed its unlocking services through email, brokers, and various websites. , telling customers they were official T-Mobile unlocks.

Khudaverdyan’s indictment details some of the purchases he and Gharehbagloo made with the money they got from unlocking phones; properties in California, a $32,000 Audemars Piguet Royal Oak watch and a Land Rover. Gharehbagloo and Khudaverdyan are accused of leasing a Mercedes-Benz S 63 AMG and a Ferrari 458 respectively. A Rolex Sky-Dweller has also been seized from one of the buildings.

Khudaverdyan isn’t the only person who has run into trouble with the law for unlocking devices or otherwise circumventing manufacturer-imposed limits. Last year, a man named Muhammad Fahd was sentenced to 12 years in prison for unlocking about 2 million AT&T phones, and a man named Gary Bowser was recently sent to prison (and fined $10 million) for his role in a company that makes mods for the Nintendo Switch.

In some ways, crimes like this are sympathetic — it’s hard to feel bad for companies that are missing out on revenue they would have earned by limiting what customers can do with their devices. I’m not going to cry because the DOJ says Khudaverdyan’s unlocks have “allowed T-Mobile customers to stop using T-Mobile’s services and thereby deprive T-Mobile of the revenue generated by customer service contracts.” and equipment payment plans.”

Of course, the fact that such unlocks are illegal means it’s hard to run an unlock scheme without getting your hands dirty. Swindling T-Mobile employees for their credentials isn’t great, nor is it possible to unlock phones for thieves who want to sell them on the black market. But it would be hard for the likes of Khudaverdyan or Fahd to build lucrative and seedy businesses doing this sort of thing if carriers made it much easier for customers to do it themselves.

Khudaverdyan faces a jail term of at least two years for serious identity theft and up to 165 years for charges related to wire transfer fraud, money laundering and unauthorized access to a computer. A hearing is scheduled for October 17.

Show Love ❤️