A California man has been found guilty(Opens in a new window) of hacking into T-Mobile systems to unlock cell phones from the mobile carrier, which he turned into a multi-million-dollar business.
Argishti Khudaverdyan, 44, originally owned a T-Mobile store in the Eagle Rock area of Los Angeles. According to prosecutors, Khudaverdyan used the unauthorized T-Mobile access to rake in $25 million in illegal proceeds from customers looking for ways to unlock their phones.
The scheme targeted how T-Mobile can lock smartphones to the company’s wireless network, preventing subscribers from switching their devices to another provider before their contracts are up. The cell phone locking can also stop a customer on contract from absconding with the hardware and reselling it for a profit.
Khudaverdyan decided to offer a phone-unlocking service to customers for a fee. To do so, he sent phishing emails to T-Mobile employees with access to the company’s internal systems that were designed to trick them into giving up their login credentials.
The business led Khudaverdyan to unlock hundreds of thousands of cell phones, including Apple iPhones, during the scheme, which lasted from 2014 until 2019, according to federal investigators. The service also “unblocked” phones that had been reported lost or stolen.
Khudaverdyan promoted his unlocking services through brokers, email solicitations, and websites such as unlocks247.com, swiftunlocked.com, and unlockitall.com, according(Opens in a new window) to court documents. In addition, he falsely claimed the unlocking service officially came from T-Mobile, the Justice Department said.
Khudaverdyan and an associate also used their official T-Mobile logins to access the company’s IT systems. This caused the carrier in 2017 to terminate its contract with him due to the suspicious computer use and his association with unauthorized cell-phone unlocking.
Recommended by Our Editors
Nevertheless, Khudaverdyan continued to run his phone-unlocking business by creating various ways to phish T-Mobile employees. This including sending real-looking T-Mobile emails to targets and socially engineering the T-Mobile IT Help Desk. More than 50 T-Mobile staffers in the US had their logins stolen in the process. But the indictment against him shows federal investigators were able to track the digital paper trail he left behind to prove his involvement in the scheme.
Khudaverdyan now faces decades in prison for the various offenses, which include conspiracy to commit wire fraud, money laundering, and the computer hacking. A sentencing hearing has been scheduled for Oct. 17.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.