Man Hacked T-Mobile Employees to Unlock Cell Phones, Raised $25 Million
A man in California has been found guilty(Opens in a new window) hacking into T-Mobile systems to unlock cellphones from the carrier, which he turned into a multi-million dollar business.
Argishti Khudaverdyan, 44, originally owned a T-Mobile store in the Eagle Rock neighborhood of Los Angeles. According to prosecutors, Khudaverdyan used the unauthorized T-Mobile access to collect $25 million in illegal revenue from customers looking for ways to unlock their phones.
The scheme targeted how T-Mobile can lock smartphones to the company’s wireless network, preventing subscribers from switching their devices to another provider before their contracts are up. The mobile lock can also stop a customer on contract from running away with the hardware and reselling it at a profit.
Khudaverdian decided to offer a phone unlocking service to customers for a fee. To do so, he sent phishing emails to T-Mobile employees with access to the company’s internal systems designed to trick them into giving up their login credentials.
The business led to Khudaverdyan unlocking hundreds of thousands of cell phones, including Apple iPhones, during the scheme, which lasted from 2014 to 2019, according to federal investigators. The service also “removed” phones that had been reported lost or stolen.
Khudaverdyan promoted his unlocking services through brokers, email solicitations and websites such as unlocks247.com, swiftunlocked.com and unlockitall.com, according to(Opens in a new window) to legal documents. In addition, he falsely claimed that the unlocking service officially came from T-Mobile, the Justice Department said.
Khudaverdyan and an associate also used their official T-Mobile logins to access the company’s IT systems. This led the operator to terminate the contract with him in 2017 due to suspicious computer use and his association with unauthorized cell phone unlocking.
Recommended by our editors
Nevertheless, Khudaverdyan continued to operate his phone unlocking business by creating various ways to phish T-Mobile employees. This includes sending real T-Mobile emails to targets and social development by the T-Mobile IT Help Desk. More than 50 T-Mobile employees in the US had their login credentials stolen in the process. But the indictment against him shows that federal investigators were able to trace the digital paper trail he left to prove his involvement in the scheme.
Khudaverdyan now faces decades in prison for the various offences, which include conspiracy to commit wire fraud, money laundering and computer hacking. A sentencing is scheduled for October 17.
Do you like what you read?
Sign up SecurityWatch newsletter for our best privacy and security stories delivered straight to your inbox.