Skip to content


Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was sentenced to 10 years in prison for a $25 million scheme in which he unlocked and locked cell phones by hacking into T-Mobile’s internal systems.

Between August 2014 and June 2019, the 44-year-old man behind the scheme, who also ordered to pay $28,473,535 in restitution, “cleaned” hundreds of thousands of cellphones for his “customers.”

Khudaverdian’s contract as owner of Top Tier Solutions T-Mobile, a California retailer, was terminated by the wireless carrier in June 2017 over suspicious computer behavior and unauthorized cell phone unlocking.

“From August 2014 to June 2019, Khudaverdyan fraudulently unlocked and blocked mobile phones on the T-Mobile network, as well as the networks of Sprint, AT&T and other operators,” the Ministry of Justice said in a statement.

“Removing the unlock allowed the phones to be sold on the black market and enabled T-Mobile customers to stop using T-Mobile services, thereby depriving T-Mobile of revenue from customer service contracts and equipment installment plans.”

Along with co-defendant Alen Gharehbaglou, his former business partner and co-owner of the mobile store, Khudaverdian accessed T-Mobile’s internal computer systems using credentials stolen from more than 50 different T-Mobile employees in phishing attacks.

The stolen credentials were used to access T-Mobile’s internal computer systems and, in many cases, reset passwords, which locked account holders out of the system.

“Working with others in overseas call centers, Khudaverdian also obtained T-Mobile employee credentials, which he then used to access T-Mobile systems to target higher-level employees by collecting those employees’ personally identifiable information and calling T-Mobile IT Help Desk: reset employees’ company passwords, allowing him to gain unauthorized access to T-Mobile systems, which allowed him to unlock and unlock cell phones,” according to an August press release from the U.S. District Court when Khudaverdyan pleaded guilty.

Throughout the scheme, they advertised “direct premium unlocking services for all phone carriers” to potential customers through various means, including emails and dedicated websites such as unlocks247.com, swiftunlocked.com, unlockitall.com, tryunlock.com and unlocked.com.

Screenshot of unlockedlocked.com
unlockedlocked.com, a website that promotes illegal unlocking services (BleepingComputer)

Using stolen credentials and IMEI numbers submitted by customers through websites they controlled, the two men unlocked hundreds of thousands of Android and iOS devices using T-Mobile’s special Mobile Device Unlock (MDU) and MCare Unlock (MCare) tools.

While the MDU tool could only be used by authorized T-Mobile employees, MCare did not require authentication because it was based on blocks of IP addresses assigned to T-Mobile/Metro locations.

On at least one occasion, on March 29, 2017, the defendant used his own T-Mobile credential (akhudav1) to access a T-Mobile Wi-Fi hotspot from Texas and access the unlockitall.com website, linking directly to an illegal cell phone unlocker. scheme.

“Whether the iPhone is clean, financed, locked or leased, we can perform convenient, factory-grade unlocks on all iPhones and iPads locked to iCloud without voiding your phone’s warranty,” said Khudaverdyan in his advertising letter to a potential client. services, according to the superseding indictment.

“We’ve been unlocking cell phones for years and our specialty is providing competitive iCloud unlock services and clean/financed T-Mobile iPhone services.

“Unlike other companies that use ‘hacking unlock’ with the possibility of re-locking your iPhone in the future, our T-mobile unlock is official and directly through Apple and T-mobile.”

Alain Gharehbaglu, his former business partner and co-owner of the mobile store, also pleaded guilty on July 5 to conspiracy to commit wire fraud, fraudulently accessing a protected computer and conspiracy to commit money laundering.

Gharehbaglu’s sentencing is scheduled for two months from now, on February 23, 2023.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *