Former Owner of T-Mobile Retail Store Accessed

There has been an enormous breach within the internal system of T-Mobile that has caused a lot of damage to the company. T-Mobile’s internal systems were illegally accessed by a former owner of a retail store in order to unblock and unlock cellular phones. 

In addition to profiting $25 million from the hack, the hacker was also able to obtain the credentials of T-Mobile employees illegally.

The 44-year-old hacker, Argishti Khudaverdyan is accused of running a scheme between 2014 and 2019. As part of this scheme, he is accused of unlocking the phones from network operators.

Fraudulent Unlocking Services

The aim of this scheme is to enable these phones to be used with other telecommunication providers so that people could use them with other services.

The scheme was designed to affect mobile providers who have offered the devices at a special price to their customers or even provided them for free.

By locking them in their networks for a certain period of time, they are able to offset the cost. The hacker unlocked the devices that are reported to the company as stolen or lost devices by their rightful owners, and as a result, the company blocked those devices.

This is particularly detrimental when a stolen cellphone is unlocked and used as a tool or a communication medium.

The former T-Mobile store owner, Khudaverdyan, successfully ran this illicit service of unlocking and unblocking the smartphones on the company’s network fraudulently from August 2014 to June 2019. The following carriers’ devices were also unlocked along with T-Mobile:-

  • Sprint
  • AT&T

Using websites such as unlocks247[.]com to promote his unlocking services, Khudaverdyan promotes his unlocking services to potential clients. In addition to spam email, he also used a variety of brokers and other media to reach out to potential clients.

Over 50 T-Mobile employee credentials were compromised by Khudaverdyan in order to perform the unlockings. As a result of social engineering techniques and phishing emails that imitated actual internal correspondence of T-Mobile, the attack was carried out.

Charges

A couple of unauthorized access events were investigated by T-Mobile in 2017. As a result of these investigations, Khudaverdyan was suspected of conducting malicious activities, due to which his contract with the company was terminated.

Here below we have mentioned all the maximum charges that Khudaverdyan could face during his final hearing which was scheduled for October 17:-

  • For each wire fraud, 20 years of imprisonment.
  • For conspiracy to commit money laundering, 20 years of imprisonment.
  • For money laundering, 10 years of imprisonment.
  • For unauthorized computer access, 5 years of imprisonment.
  • For accessing a computer to defraud, 5 years of imprisonment.
  • For aggravated identity theft, 2 years of imprisonment.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.