[ad_1]

T-Mobile

Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was sentenced to 10 years in prison for a $25 million scheme in which he unlocked and unlocked cellphones by hacking into T’s internal systems. -Mobile.

Between August 2014 and June 2019, the 44-year-old man behind the scheme, who was also ordered to pay $28,473,535 in restitution, ‘cleaned up’ hundreds of thousands of cellphones for his ‘customers’ .

Khudaverdyan’s contract as the owner of the Top Tier Solutions T-Mobile retail store in California was terminated by the mobile operator in June 2017 due to his suspicious computer behavior and his association with the unauthorized unlocking of mobile phones.

“From August 2014 to June 2019, Khudaverdyan fraudulently unlocked and unlocked cell phones on T-Mobile’s network, as well as the networks of Sprint, AT&T, and other carriers,” the Justice Department said. said in a press release.

“Removing unlocking allowed phones to be sold on the black market and allowed T-Mobile customers to stop using T-Mobile’s services and thereby deprive T-Mobile of contract revenue customer service plans and equipment installment plans.”

Along with co-defendant Alen Gharehbagloo, his former business partner and co-owner of the mobile store, Khudaverdyan gained access to T-Mobile’s internal computer systems using credentials stolen in phishing attacks on more than 50 different employees from T-Mobile.

The stolen credentials were used to gain access to internal T-Mobile computer systems and, in many cases, for password resets that locked account owners out of the system.

“Working with others in call centers overseas, Khudaverdyan also received the credentials of T-Mobile employees which he then used to gain access to T-Mobile systems in order to target the higher-level employees by harvesting those employees’ personally identifying information and calling T-Mobile’s IT help desk to reset employees’ company passwords, giving it unauthorized access to systems T-Mobile, which enabled it to unlock and unlock cell phones,” the US DOJ said in an August press release. when Khudaverdyan pleaded guilty.

Throughout the program, they advertised “premium direct unlock services for all carriers” to potential customers through various means, including emails and dedicated websites like unlock247.com, swiftunlocked.com, unlockitall.com, tryunlock.comand unblockedblocked.com.

Screenshot of unlockedlocked.com website
unlockedlocked.com website promoting illegal unlocking services (BleepingComputer)

Using stolen credentials and IMEI numbers submitted by customers through websites they controlled, the pair unlocked hundreds of thousands of Android and iOS devices using dedicated Mobile tools. Device Unlock (MDU) and MCare Unlock (MCare) from T-Mobile.

While the MDU tool could only be used by authorized T-Mobile employees, MCare did not require authentication as it was based on blocks of IP addresses assigned to T-Mobile/Metro locations.

On at least one occasion, on March 29, 2017, the accused used his own T-Mobile credentials (akhudav1) to log into a T-Mobile Wi-Fi hotspot from Texas and access the site. web unlockitall.com, directly connecting to the illegal cell phone unlock pattern.

“Whether the iPhone is clean, financed, locked, or rented, we can perform convenient, factory-quality unlocks on all iPhone and iPad devices that have been locked to iCloud without voiding your phone’s warranty,” Khudaverdyan told a potential customer in an e-mail announcing its services, according to the substitute indictment.

“We’ve been unlocking cell phones for years, and our specialty is providing competitive iCloud unlocking services and own/financed T-Mobile iPhone services.

“Unlike other companies that use ‘hack unlock’ with the possibility of your iPhone being locked again in the future, our T-mobile unlock is official and direct through Apple and T-mobile.”

Alen Gharehbagloo, his former business partner and co-owner of the mobile store, also pleaded guilty on July 5 to conspiracy to commit wire fraud, gaining access to a protected computer with intent to defraud, and conspiracy to launder. money.

Gharehbagloo’s sentencing hearing is due in two months, on February 23, 2023.

[ad_2]

Source link