T-Mobile hacker gets 10 years for $25M cellphone scheme

Share post:

Argishti Khudaverdyan, a 44-year-old Los Angeles former T-Mobile retail store owner, was sentenced to ten years in federal prison for stealing $25 million from wireless carriers between 2014 and 2019 by illegally unlocking and unblocking phones by hacking into T-Mobile’s internal systems.

The scheme involved stealing T-Mobile employee credentials and illegally accessing the company’s internal computer systems to illicitly “unlock” and “unblock” cellphones, according to the US Department of Justice (DOJ).

According to authorities, unlocking phones allowed them to be switched to another carrier or sold on the black market. This was what Khudaverdyan did while also removing blocks placed by carriers in the case of lost or stolen phones.

Khudaverdyan used phishing emails and other methods to trick T-Mobile employees into providing their information in order to unlock the phones.

Authorities said he and others stole credentials from more than 50 employees across the country. The stolen credentials were used to gain access to T-internal Mobile’s computer systems and, in many cases, to reset passwords, locking account holders out of the system.

Khudaverdyan unlocked plenty of Android and iOS devices using T-Mobile’s dedicated Mobile Device Unlock (MDU) and MCare Unlock (MCare) tools, using stolen credentials and IMEI numbers sent by customers through websites they controlled.

MCare did not require authentication because it was based on IP address blocks assigned to T-Mobile/Metro locations, whereas the MDU tool could only be used by authorized T-Mobile employees.

According to a statement from the U.S. Attorney’s Office, Khudaverdyan was also ordered to pay nearly $28.5 million in restitution.

The sources for this piece include an article in BleepingComputer.


Related articles

Cyber Security Today, Week in Review for week ending Friday, June 21, 2024

Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday June...

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways