A man from California has been found guilty(Opens in a new window) hacking into T-Mobile systems to unlock cell phones from the carrier, which he turned into a multi-million dollar business.
Argishti Khudaverdyan, 44, originally owned a T-Mobile store in the Eagle Rock area of Los Angeles. According to prosecutors, Khudaverdyan used the unauthorized access to T-Mobile to collect $25 million in illegal revenue from customers looking for ways to unlock their phones.
The plan took aim at how T-Mobile can lock smartphones onto the company’s wireless network, preventing subscribers from switching their devices to another carrier before their contracts expire. Locking a cell phone can also prevent a contract customer from absconding with the hardware and reselling it for a profit.
Khudaverdyan decided to offer a phone unlocking service to customers for a fee. To do this, he sent phishing emails to T-Mobile employees with access to the company’s internal systems designed to trick them into giving up their login credentials.
The operation led to Khudaverdyan unlocking hundreds of thousands of cellphones, including Apple iPhones, during the scheme, which ran from 2014 to 2019, according to federal investigators. The service also “unlocks” phones that have been reported lost or stolen.
Khudaverdyan promoted the unlocking services through brokers, email invitations and websites such as unlocks247.com, swiftunlocked.com and unlockitall.com, according(Opens in a new window) in court documents. In addition, he falsely claimed that the unlocking service officially came from T-Mobile, the Justice Department said.
Khudaverdyan and an associate also used their official T-Mobile connections to gain access to the company’s IT systems. This resulted in the mobile phone company in 2017 terminating its contract with him due to his suspicious computer use and his association with unauthorized cell phone unlocking.
Recommended by our editors
Despite this, Khudaverdyan continued to run his phone unlocking business by creating various ways to phish T-Mobile employees. This includes sending real T-Mobile emails to targets and T-Mobile IT Help Desk social engineering. More than 50 T-Mobile employees in the US had their credentials stolen in the process. But the indictment against him shows that federal investigators were able to track the digital paper he left behind to prove his involvement in the scheme.
Khudaverdyan now faces decades in prison for the various offenses, which include conspiracy to commit telecommunications fraud, money laundering and computer hacking. A sentencing hearing is scheduled for October 17.
Do you like what you read?
Sign up SecurityWatch newsletter of the top privacy and security stories delivered straight to your inbox.