T-Mobile

Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was sentenced to 10 years in prison for a $25 million scheme where he unlocked and unblocked cellphones by hacking into T-Mobile’s internal systems.

Between August 2014 and June 2019, the 44-year-old man behind the scheme, who was also ordered to pay $28,473,535 in restitution, “cleaned” hundreds of thousands of cellphones for his “customers.”

Khudaverdyan’s contract as the owner of the Top Tier Solutions T-Mobile retail store in California was terminated by the wireless carrier in June 2017 due to his suspicious computer behavior and association with unauthorized unlocking of cellphones.

“From August 2014 to June 2019, Khudaverdyan fraudulently unlocked and unblocked cellphones on T-Mobile’s network, as well as the networks of Sprint, AT&T, and other carriers,” the Department of Justice said in a press release.

“Removing the unlock allowed the phones to be sold on the black market and enabled T-Mobile customers to stop using T-Mobile’s services and thereby deprive T-Mobile of revenue generated from customers’ service contracts and equipment installment plans.”

With co-defendant Alen Gharehbagloo, his former business partner and the co-owner of the mobile store, Khudaverdyan gained access to T-Mobile’s internal computer systems using credentials stolen in phishing attacks from more than 50 different T-Mobile employees.

The stolen credentials were used to access T-Mobile’s internal computer systems, and, in many cases, for password resets which locked the account owners out of the system.

“Working with others in overseas call centers, Khudaverdyan also received T-Mobile employee credentials which he then used to access T-Mobile systems to target higher-level employees by harvesting those employees’ personal identifying information and calling the T-Mobile IT Help Desk to reset the employees’ company passwords, giving him unauthorized access to the T-Mobile systems which allowed him to unlock and unblock cellphones,” US DOJ said in an August press release when Khudaverdyan pleaded guilty.

Throughout the scheme, they advertised “direct premium unlocking services for all phone carriers” to potential customers through various means, including emails and dedicated websites like unlocks247.com, swiftunlocked.com, unlockitall.com, tryunlock.com, and unlockedlocked.com.

unlockedlocked.com website screenshot
unlockedlocked.com website promoting illegal unlocking services (BleepingComputer)

​Using the stolen credentials and the IMEI numbers sent by customers through the websites they controlled, the two men unlocked hundreds of thousands of Android and iOS devices using T-Mobile’s dedicated Mobile Device Unlock (MDU) and MCare Unlock (MCare) tools.

While the MDU tool could only be used by authorized T-Mobile employees, MCare didn’t require authentication as it was based on IP address blocks assigned to T-Mobile/Metro locations.

On at least one occasion, on March 29, 2017, the defendant used his own T-Mobile credential (akhudav1) to log into a T-Mobile Wi-Fi access point from Texas and access the unlockitall.com website, directly linking himself to the illegal cellphone unlock scheme.

“Whether the iPhone is clean, financed, blocked or leased, we can perform convenient, factory-grade unlocks on all iPhone and iPad devices that have been iCloud locked without voiding your phone’s warranty,” Khudaverdyan told one potential customer in an email advertising his services, according to the superseding indictment.

“We’ve been unlocking cell phones for years, and our specialty is in providing competitive, iCloud unlocking services and Clean/Financed T-Mobile iPhone services.

“Unlike other companies that use’ hacking unlock’ with the possibility of your iPhone being re-locked in the future, our T-mobile unlock is Official and directly through Apple and T-mobile.”

Alen Gharehbagloo, his former business partner and the co-owner of the mobile store, also pleaded guilty on July 5 to conspiracy to commit wire fraud, accessing a protected computer with intent to defraud, and conspiracy to commit money laundering.

Gharehbagloo’s sentencing hearing is scheduled to take place in two months, on February 23, 2023.

Source: www.bleepingcomputer.com