A man made millions unlocking T-Mobile phones with stolen passwords

A jury found Argishti Khodavirdian, the former owner of the T-Mobile store, guilty of using stolen credentials to unlock “hundreds of thousands of cell phones” from August 2014 to June 2019 (Across PCMag). according to Press release from the Ministry of Justice And in an indictment filed earlier this year, Khodavirdian provided about $25 million in the scheme, which also included bypassing a ban on carriers placed on lost or stolen cell phones.

For years, he reportedly used several tactics to get T-Mobile employee credentials needed to unlock phones, including phishing, social engineering, and even getting the carrier’s IT department to reset passwords for top companies, giving him access. The Justice Department says he gained access to the credentials of more than 50 employees, and used them to unlock phones from “Sprint, AT&T, and other carriers.”

According to the indictment, Khudaverdyan was able to access T-Mobile unlock tools over the open internet until 2017. After the carrier moved them to his internal network, Khudaverdyan allegedly would use the stolen credentials to access that network via T-Mobile’s Wi-Fi. stores.

The Justice Department says Khodavirdian co-owned a T-Mobile store called Top Tier Solutions Inc for a few months in 2017, even though the carrier ended up terminating the store’s contract due to suspicious behavior. (Another partner, Alen Gharehbagloo, has been charged with fraud and illegal access to computer systems and has pleaded guilty.) Over the years, the Department of Justice says Khodavirdian has marketed his unlocking services via email, brokers, and various websites, telling customers they were official openings for T-Mobile.

The indictment issued by Khodavirdian describes some of the purchases he and Garibaglu made with money they received unlocking phones; Real estate in California, $32,000 Audemars piguet royal oak watchand Land Rover. Garhpaglu and Khodavirdian are accused of renting out a Mercedes-Benz S 63 AMG and a Ferrari 458, respectively. A Rolex Sky-Dweller watch was also seized from a property.

Khudaverdyan isn’t the only person who has had trouble with the law on unlocking devices, or getting around manufacturer restrictions. Last year, a man named Muhammad Fahd was sentenced to 12 years in prison Unlock about 2 million AT&T phonesAnd there was a guy named “Gary Bowser” recently sent to prison (And the Imposing a $10 million fine) for his role in a company that sold mods for the Nintendo Switch.

In some ways, these kinds of crimes are sympathetic — it’s hard to feel bad about companies losing the revenue they would have earned by restricting what customers can do with their devices. I won’t cry because the Department of Justice says the Khodavirdian opening “has enabled T-Mobile customers to stop using T-Mobile services and thus deprive T-Mobile of revenue generated from customer service contracts and equipment installment plans.”

Of course, the fact that these unlocks are illegal means that it is difficult to operate the unlocking system without getting your hands dirty. Scamming T-Mobile employees for their credentials isn’t great, nor is it likely to unlock phones to thieves who want to sell them on the black market. But it would be difficult for people like Khudavirdian or Fahd to build a profitable, shady business that does this kind of thing if carriers make it easy for customers to do it themselves.

Khudaverdyan faces at least two years in prison for aggravated identity theft, and up to 165 years on charges related to electronic fraud, money laundering and unauthorized computer access. A sentencing hearing is scheduled for October 17.