T-Mobile hacker gets 10 years for $25M cellphone scheme

Share post:

Argishti Khudaverdyan, a 44-year-old Los Angeles former T-Mobile retail store owner, was sentenced to ten years in federal prison for stealing $25 million from wireless carriers between 2014 and 2019 by illegally unlocking and unblocking phones by hacking into T-Mobile’s internal systems.

The scheme involved stealing T-Mobile employee credentials and illegally accessing the company’s internal computer systems to illicitly “unlock” and “unblock” cellphones, according to the US Department of Justice (DOJ).

According to authorities, unlocking phones allowed them to be switched to another carrier or sold on the black market. This was what Khudaverdyan did while also removing blocks placed by carriers in the case of lost or stolen phones.

Khudaverdyan used phishing emails and other methods to trick T-Mobile employees into providing their information in order to unlock the phones.

Authorities said he and others stole credentials from more than 50 employees across the country. The stolen credentials were used to gain access to T-internal Mobile’s computer systems and, in many cases, to reset passwords, locking account holders out of the system.

Khudaverdyan unlocked plenty of Android and iOS devices using T-Mobile’s dedicated Mobile Device Unlock (MDU) and MCare Unlock (MCare) tools, using stolen credentials and IMEI numbers sent by customers through websites they controlled.

MCare did not require authentication because it was based on IP address blocks assigned to T-Mobile/Metro locations, whereas the MDU tool could only be used by authorized T-Mobile employees.

According to a statement from the U.S. Attorney’s Office, Khudaverdyan was also ordered to pay nearly $28.5 million in restitution.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Avery Data Breach: Credit Card Skimmer Affects Over 61,000 Customers

Label maker Avery has disclosed a data breach affecting 61,193 customers, caused by a credit card skimmer that...

Scammed Company Ordered to Pay $190k for Fraudulent Invoice Payment

A hacker gained access to Mobius Group’s email system and sent instructions from a legitimate email address, directing...

Sneaky 2FA: A Sophisticated Attack Defeats Both 2FA and Phishing Protections

A new phishing kit, ominously named "Sneaky 2FA," has emerged, targeting Microsoft 365 users by bypassing two-factor authentication...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways