Posted on December 19, 2022 at 6:45 PM

T-Mobile hacker imprisoned to ten years over $25 million phone unlock scheme

Argishti Khudaverdyan has received a ten-year prison sentence. Khudaverdyan is a previous owner of a T-Mobile retail store, who has been convicted for running a $25 million phone unlock scheme by gaining unauthorized access to the internal systems of T-Mobile.

T-Mobile hacker imprisoned for ten years

Khudaverdyan will be going to prison for ten years after being found guilty in this scheme that happened between August 2014 and June 2019. The 44-year-old must also pay restitution of $28,473,535.

Khudaverdyan is being accused of “cleaning” hundreds of thousands of cell phones for his previous clients at his T-Mobile retail store. The 44-year-old man had a T-Mobile retail store in California that he used to conduct illegal activities. However, T-Mobile terminated its contract with him in June 2017, accusing him of suspicious behavior and involvement in unlocking cell phones without authorization.

The Department of Justice issued a press release saying that between August 2014 and June 2019. Khudaverdyan had unlocked and unblocked multiple cell phones linked to the T-Mobile network. Khudaverdyan also unlocked mobile phones on networks such as AT&T, Sprint, and other mobile carriers.

The DoJ further said that removing this unlock allowed these phones to be sold in the black market while allowing T-Mobile customers to halt using the services offered by the wireless carrier. This caused a significant drop in the company’s revenues.

“Removing the unlock allowed the phones to be sold on the black market and enabled T-Mobile customers to stop using T-Mobile’s services and thereby deprive T-Mobile of revenue generated from customers’ service contracts and equipment installment plans,” the DoJ added.

Phone unlocking scheme

Besides Khudaverdyan, the other co-defendant, in this case, is Alen Gharehbagloo, the former business partner and a co-owner of the T-Mobile retail store. Khudaverdyan gained unauthorized access to the internal computer systems of T-Mobile. He gained access by using stolen credentials acquired during other malicious attacks such as phishing campaigns targeting over 50 employees that worked at T-Mobile.

The stolen employee credentials were also used to obtain access to the T-Mobile internal computer systems. In most cases, the details were used to reset employee passwords, where the account owners were locked out of the system.

In August, which was the month when Khudaverdyan pled guilty to infiltrating user devices, the DoJ noted that the defendant also worked with other people based on overseas call centers. He obtained more T-Mobile employee credentials that he later used to infiltrate the T-Mobile systems and target high-level employees by collecting their personal identifying information.

Khudaverdyan later called the T-Mobile IT Help Desk to change the company passwords of T-Mobile employees. This gave him access to T-Mobile systems that he later used to unblock cell phones.

When running this scheme, Khudaverdyan and his business partner advertised themselves as people providing premium unlocking services for all phone carriers to potential customers using various methods such as emails and dedicated websites.

After accessing the stolen employee credentials and the IMEI numbers sent by customers using websites they owned, the two helped to unlock thousands of devices via the T-Mobile dedicated Mobile Device Unlock and the MCare Unlock tools.

The MDU tool is exclusive to authorized employees at T-Mobile. However, MCare did not need any authentication as it used the IP address blocks used on T-Mobile and Metro locations.

On one occasion, Khudaverdyan used his personal T-Mobile credential to access a T-Mobile Wi-Fi access point while in Texas and gain entry to the unlockitall.com website. This action linked him with the phone unlocking scheme.

In one of his advertising messages, Khudaverdyan had told a client that his company would “perform convenient, factory-grade unlocks on all iPhone and iPad devices that have been iCloud locked without voiding your phone’s warranty.” The company promoted itself as having unlocked cell phones for many years.

Moreover, Khudaverdyan said that, unlike other phone unlocking companies, his unlock services guaranteed that the iPhone would not be locked again in the future. He further said that the company’s T-Mobile unlock services were official and offered directly through Apple and T-Mobile.

The store’s co-owner, Gharehbagloo, has also pled guilty to conspiracy to commit wire fraud and for accessing a protected computer device with plans to commit fraud and money laundering. His hearing is scheduled to take place within two months.