Man who made millions unlocking T-Mobile phones using stolen passwords found guilty
A Los Angeles jury has found a former owner of a T-Mobile retail store guilty of using stolen credentials to unlock “hundreds of thousands of cellphones” between 2014 and 2019. Argishti Khudaverdyan, 44, made around $25m from the scheme which involved stealing T-Mobile employee credentials and illegally accessing the company’s internal computer systems to illicitly “unlock” and “unblock” cellphones, the US Department of Justice (DoJ) said in a statement on Monday. In the period between August 2014 and June 2019, he was found to have fraudulently accessed over 50 employees’ credentials, using them to unlock phones from “Sprint, AT&T and other carriers”. During this time, cellphone companies like T-Mobile “locked” their customers’ phones so they could be used only on the company’s network until the customers’ phone and service contracts had been fulfilled. Phones had to be “unlocked” to switch to a different carrier, while the carriers also “blocked” cellphones to protect consumers in the case of lost or stolen cellphones. “Removing the unlock allowed the phones to be sold on the black market and enabled T-Mobile customers to stop using T-Mobile’s services and thereby deprive T-Mobile of revenue generated from customers’ service contracts and equipment installment plans,” the DoJ said. The 44-year-old acquired employees’ credentials via dishonest means such as sending phishing emails that appeared to be legitimate T-Mobile correspondence and tricking people at the T-Mobile IT Help Desk, according to the indictment. Khudaverdyan also received T‑Mobile employee credentials, working with others in overseas call centers. He then used this information to access T-Mobile systems to target higher-level employees by harvesting their personal identifying information. With this data, he called the T-Mobile IT Help Desk to reset the employees’ company passwords, giving him unauthorised access to T-Mobile systems that allowed him to unlock and unblock cellphones. “All told, Khudaverdyan and others compromised and stole more than 50 different T-Mobile employees’ credentials from employees across the United States, and they unlocked and unblocked hundreds of thousands of cellphones during the years of the scheme,” according to the DoJ. “Khudaverdyan obtained more than $25m for these criminal activities. He used these illegal proceeds to pay for, among other things, real estate in Burbank and Northridge,” the statement noted. The DoJ said he marketed his unlocking services via email, brokers and websites, telling customers that the fraudulent unlocks he provided were “official” T-Mobile unlocks. Khudaverdyan could be looking at least two years in prison for “aggravated identity theft” and up to 165 years for counts related to wire fraud, money laundering and accessing a computer without authorisation. His sentencing is scheduled for 17 October. Read More Mystery hacker says 1 billion people exposed in ‘biggest hack in history’ US disrupts North Korean hackers that targeted hospitals Apple to add 'lockdown' safeguard on iPhones, iPads, Macs Log4j software flaw 'endemic,' new cyber safety panel says Researchers: Chinese-made GPS tracker highly vulnerable Chinese hackers can breach routers and steal passwords, FBI and NSA warns
A Los Angeles jury has found a former owner of a T-Mobile retail store guilty of using stolen credentials to unlock “hundreds of thousands of cellphones” between 2014 and 2019.
Argishti Khudaverdyan, 44, made around $25m from the scheme which involved stealing T-Mobile employee credentials and illegally accessing the company’s internal computer systems to illicitly “unlock” and “unblock” cellphones, the US Department of Justice (DoJ) said in a statement on Monday.
In the period between August 2014 and June 2019, he was found to have fraudulently accessed over 50 employees’ credentials, using them to unlock phones from “Sprint, AT&T and other carriers”.
During this time, cellphone companies like T-Mobile “locked” their customers’ phones so they could be used only on the company’s network until the customers’ phone and service contracts had been fulfilled.
Phones had to be “unlocked” to switch to a different carrier, while the carriers also “blocked” cellphones to protect consumers in the case of lost or stolen cellphones.
“Removing the unlock allowed the phones to be sold on the black market and enabled T-Mobile customers to stop using T-Mobile’s services and thereby deprive T-Mobile of revenue generated from customers’ service contracts and equipment installment plans,” the DoJ said.
The 44-year-old acquired employees’ credentials via dishonest means such as sending phishing emails that appeared to be legitimate T-Mobile correspondence and tricking people at the T-Mobile IT Help Desk, according to the indictment.
Khudaverdyan also received T‑Mobile employee credentials, working with others in overseas call centers.
He then used this information to access T-Mobile systems to target higher-level employees by harvesting their personal identifying information.
With this data, he called the T-Mobile IT Help Desk to reset the employees’ company passwords, giving him unauthorised access to T-Mobile systems that allowed him to unlock and unblock cellphones.
“All told, Khudaverdyan and others compromised and stole more than 50 different T-Mobile employees’ credentials from employees across the United States, and they unlocked and unblocked hundreds of thousands of cellphones during the years of the scheme,” according to the DoJ.
“Khudaverdyan obtained more than $25m for these criminal activities. He used these illegal proceeds to pay for, among other things, real estate in Burbank and Northridge,” the statement noted.
The DoJ said he marketed his unlocking services via email, brokers and websites, telling customers that the fraudulent unlocks he provided were “official” T-Mobile unlocks.
Khudaverdyan could be looking at least two years in prison for “aggravated identity theft” and up to 165 years for counts related to wire fraud, money laundering and accessing a computer without authorisation.
His sentencing is scheduled for 17 October.
Read More Mystery hacker says 1 billion people exposed in ‘biggest hack in history’
US disrupts North Korean hackers that targeted hospitals
Apple to add 'lockdown' safeguard on iPhones, iPads, Macs
Log4j software flaw 'endemic,' new cyber safety panel says
Researchers: Chinese-made GPS tracker highly vulnerable
Chinese hackers can breach routers and steal passwords, FBI and NSA warns