Unlocking T-Mobile phones using stolen credentials netted $25M

A former cellphone store owner made an estimated $25M by unlocking T-Mobile phones using stolen credentials. He now faces a possible prison sentence of up to 165 years…

The Department of Justice said that Argishti Khudaverdyan operated the scheme for almost five years before being caught.

A former owner of a T-Mobile retail store in Eagle Rock has been found guilty by a jury of 14 federal criminal charges for his $25 million scheme to enrich himself by stealing T-Mobile employee credentials and illegally accessing the company’s internal computer systems to illicitly “unlock” and “unblock” cellphones, the Justice Department announced today.

Argishti Khudaverdyan, 44, of Burbank, was found guilty of one count of conspiracy to commit wire fraud, three counts of wire fraud, two counts of accessing a computer to defraud and obtain value, one count of intentionally accessing a computer without authorization to obtain information, one count of conspiracy to commit money laundering, five counts of money laundering, and one count of aggravated identity theft.

The fraud began when Khudaverdyan owned a T-Mobile store, and used his credentials to offer an unlocking service in contravention of company policies. Later, he used phishing and social engineering techniques to obtain new credentials.

From January 2017 through June 2017, Khudaverdyan and a former business partner were also co-owners of Top Tier Solutions Inc., a T-Mobile store in Eagle Rock Plaza. However, after T-Mobile terminated Khudaverdyan’s contract in June 2017 based on his suspicious computer behavior and association with unauthorized unlocking of cellphones, Khudaverdyan continued his fraud.

To gain unauthorized access to T-Mobile’s protected internal computers, Khudaverdyan obtained T-Mobile employees’ credentials through various dishonest means, including sending phishing emails that appeared to be legitimate T-Mobile correspondence, and socially engineering the T-Mobile IT Help Desk. Khudaverdyan used the fraudulent emails to trick T-Mobile employees to log in with their employee credentials so he could harvest the employees’ information and fraudulently unlock the phones.

Working with others in overseas call centers, Khudaverdyan also received T‑Mobile employee credentials which he then used to access T-Mobile systems to target higher-level employees by harvesting those employees’ personal identifying information and calling the T-Mobile IT Help Desk to reset the employees’ company passwords, giving him unauthorized access to the T-Mobile systems which allowed him to unlock and unblock cellphones.

All told, Khudaverdyan and others compromised and stole more than 50 different T-Mobile employees’ credentials from employees across the United States, and they unlocked and unblocked hundreds of thousands of cellphones during the years of the scheme.

While the unlocking of phones on carrier contracts may be seen as relatively innocuous, unblocking lost and stolen phones plays an important role in encouraging future thefts. The crime was uncovered by a multi-agency investigation.

The United States Secret Service Cyber ​​Fraud Task Force (CFTF) in Los Angeles and IRS Criminal Investigation’s Western Area Cyber ​​Crime Unit investigated this matter.

The DoJ listed the potential prison terms for each offence, and The Verge notes that they add up to a maximum of 165 years.

Khudaverdyan is facing at least two years in prison for aggravated identity theft, and up to 165 years for the counts related to wire fraud, money laundering, and accessing a computer without authorization. A sentencing hearing is scheduled for October 17th.

Photo: Alexander Andrews/Unsplash

FTC: We use income earning auto affiliate links. Amuse.


Check out 9to5Mac on YouTube for more Apple news:

Leave a Comment

Your email address will not be published.