T-Mobile ‘social engineer’ store owner ran $25 million black market operation
The five-year campaign saw the former owner defraud the company after stealing more than 50 employees' login credentials
The former owner of a US T-Mobile store has been found guilty of numerous frauds relating to a lucrative scheme involving the illegal locking and unblocking of mobile phones.
Forty-four-year-old Argishti Khudaverdyan of Burbank, California, was found guilty of numerous counts of fraud and money laundering and faces a maximum sentence of 152 years in prison.
Khudaverdyan owned a retail T-Mobile store in Eagle Rock and generated $25 million (£20.55 million) through a “multi-year scheme” involving him stealing staff login credentials to unlock and unblock phones.
The former owner unlocked customers’ phones from the T-Mobile network - usually a capability only afforded to customers after their contract had been fulfilled, and also did the same with other carriers such as AT&T and Sprint.
The scheme ran between August 2014 and June 2019, allowing customers to sell their devices “on the black market” and deprive the affected carriers of revenue, said the US Department of Justice.
Khudaverdyan’s employment with T-Mobile was terminated in 2017 after the company noticed suspicious activity on its systems from the former store owner.
He continued his illicit business by stealing T-Mobile login credentials belonging to more than 50 employees through a variety of means, including phishing and other social engineering tactics used against the likes of the T-Mobile IT help desk.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Khudaverdyan also worked with others in call centres based outside the US to acquire the credentials which were then used to target “higher-level employees” as part of the illegal unlocking process.
He would reset their passwords by convincing the T-Mobile help desk that he was the employee to which the credentials belonged, and gained the access he needed to continue running his lucrative operation.
The US Department of Justice said over the years Khudaverdyan’s operation ran, he unlocked “hundreds of thousands” of mobile phones and used the proceeds to purchase property in the Burbank and Northridge areas of California, among other things.
Khudaverdyan co-owned the Eagle Rock T-Mobile store with another business associate, Alen Gharehbaglo, who was also implicated in the operation and faces felony charges, although markedly fewer than Khudaverdyan.
Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.