A former T-Mobile store owner has been found guilty of unlocking “hundreds of thousands of cellphones” using stolen credentials. Even more surprisingly, the man, Argishti Khudaverdyan, was able to make millions out of this scheme. 

Earlier today, PCMag reported that Khudaverdyan used various tactics to unlock customers’ cell phones between August 2014 to June 2019. A previously filed indictment revealed that Khudaverdyan earned approximately $25 million from doing so. 

The store owner was found to have used different strategies to gain T-Mobile employee credentials so these phones could be unlocked. Some of his schemes include phishing, social engineering, and also involving T-Mo’s IT department to reset the passwords of higher team members. As a result, he was able to gain access to these phones. The Department of Justice (DoJ) revealed that Khudaverdyan gained access to the credentials of over 50 employees. He was able to use this information to unlock devices blocked by “Sprint, AT&T, and other carriers.”

The indictment also revealed that Khudaverdyan used the carrier’s unlocking tools until 2017. When T-Mobile moved these tools to its internal network, the store owner resorted to using stolen credentials and accessing the network through T-Mo stores’ Wi-Fi. 

T-Mobile flagged down another store that he co-owned for suspicious behavior. His co-owner at that store pleaded guilty to the accusations thrown at him. And since then, Khudaverdyan would market his services through email, various websites, and brokers. He promised customers that these were official T-Mobile unlocks. 

The indictment listed down some of the purchases that were bought from the money obtained via unlocking phones. These transactions include several properties in California, a Land Rover, a $32,000 Audemars Piguet Royal Oak watch, and a Rolex Sky-Dweller. Khudaverdyan is accused of leasing a Ferrari 458 while his co-owner is accused of leasing a Mercedes-Benz S 63 AMG. 

He faces at least two years of prison time for aggravated identity theft as well as up to 165 years for money laundering, wire fraud, and accessing a computer without authorization. His hearing is scheduled for October 17th. 

Source: The Verge