T-Mobile hacker gets 10 years for $25M cellphone scheme

Share post:

Argishti Khudaverdyan, a 44-year-old Los Angeles former T-Mobile retail store owner, was sentenced to ten years in federal prison for stealing $25 million from wireless carriers between 2014 and 2019 by illegally unlocking and unblocking phones by hacking into T-Mobile’s internal systems.

The scheme involved stealing T-Mobile employee credentials and illegally accessing the company’s internal computer systems to illicitly “unlock” and “unblock” cellphones, according to the US Department of Justice (DOJ).

According to authorities, unlocking phones allowed them to be switched to another carrier or sold on the black market. This was what Khudaverdyan did while also removing blocks placed by carriers in the case of lost or stolen phones.

Khudaverdyan used phishing emails and other methods to trick T-Mobile employees into providing their information in order to unlock the phones.

Authorities said he and others stole credentials from more than 50 employees across the country. The stolen credentials were used to gain access to T-internal Mobile’s computer systems and, in many cases, to reset passwords, locking account holders out of the system.

Khudaverdyan unlocked plenty of Android and iOS devices using T-Mobile’s dedicated Mobile Device Unlock (MDU) and MCare Unlock (MCare) tools, using stolen credentials and IMEI numbers sent by customers through websites they controlled.

MCare did not require authentication because it was based on IP address blocks assigned to T-Mobile/Metro locations, whereas the MDU tool could only be used by authorized T-Mobile employees.

According to a statement from the U.S. Attorney’s Office, Khudaverdyan was also ordered to pay nearly $28.5 million in restitution.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways