Security News > 2022 > August > Mobile store owner hacked T-Mobile employees to unlock phones

A former owner of a T-Mobile retail store in California has been found guilty of a $25 million scheme where he illegally accessed T-Mobile's internal systems to unlock and unblock cell phones.

"From August 2014 to June 2019, Khudaverdyan fraudulently unlocked and unblocked cellphones on T-Mobile's network, as well as the networks of Sprint, AT&T and other carriers," details the announcement of the U.S. Department of Justice.

"Removing the unlock allowed the phones to be sold on the black market and enabled T-Mobile customers to stop using T-Mobile's services and thereby deprive T-Mobile of revenue generated from customers' service contracts and equipment installment plans."

To perform the unlocks, Khudaverdyan compromised over 50 T-Mobile employee credentials, many belonging to high-ranking employees with powerful privileges.

"Working with others in overseas call centers, Khudaverdyan also received T‑Mobile employee credentials which he then used to access T-Mobile systems to target higher-level employees by harvesting those employees' personal identifying information and calling the T-Mobile IT Help Desk to reset the employees' company passwords, giving him unauthorized access to the T-Mobile systems which allowed him to unlock and unblock cellphones," explained the DOJ press release.

The man continued the same fraud by partnering with another owner of a T-Mobile store in Los Angeles, Alen Gharehbagloo, who has also pleaded guilty to three felonies and is scheduled to hear his sentence on December 5, 2022.

News URL

https://www.bleepingcomputer.com/news/security/mobile-store-owner-hacked-t-mobile-employees-to-unlock-phones/