Security News > 2022 > December > T-Mobile hacker gets 10 years for $25 million phone unlock scheme
Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was sentenced to 10 years in prison for a $25 million scheme where he unlocked and unblocked cellphones by hacking into T-Mobile's internal systems.
"Removing the unlock allowed the phones to be sold on the black market and enabled T-Mobile customers to stop using T-Mobile's services and thereby deprive T-Mobile of revenue generated from customers' service contracts and equipment installment plans."
With co-defendant Alen Gharehbagloo, his former business partner and the co-owner of the mobile store, Khudaverdyan gained access to T-Mobile's internal computer systems using credentials stolen in phishing attacks from more than 50 different T-Mobile employees.
"Working with others in overseas call centers, Khudaverdyan also received T-Mobile employee credentials which he then used to access T-Mobile systems to target higher-level employees by harvesting those employees' personal identifying information and calling the T-Mobile IT Help Desk to reset the employees' company passwords, giving him unauthorized access to the T-Mobile systems which allowed him to unlock and unblock cellphones," US DOJ said in an August press release when Khudaverdyan pleaded guilty.
Using the stolen credentials and the IMEI numbers sent by customers through the websites they controlled, the two men unlocked hundreds of thousands of Android and iOS devices using T-Mobile's dedicated Mobile Device Unlock and MCare Unlock tools.
On at least one occasion, on March 29, 2017, the defendant used his own T-Mobile credential to log into a T-Mobile Wi-Fi access point from Texas and access the unlockitall.com website, directly linking himself to the illegal cellphone unlock scheme.
News URL
Related news
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- T-Mobile pays $31.5 million FCC settlement over 4 data breaches (source)
- T-Mobile US fined $31.5M for network security breaches between 2021 and 2023 (source)
- T-Mobile confirms it was hacked in recent wave of telecom breaches (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments (source)