Scammer Made $25mn by Unlocking Phones Using Stolen T‑Mobile Credentials

Last week the former owner of a T‑Mobile store in California was found guilty of stealing login credentials from over 50 T‑Mobile employees and using them to unlock and unblock handsets across a 5-year period. Argishti Khudaverdyan’s illegal service was advertised as offering ‘official’ T‑Mobile unlocks via brokers, email campaigns and the website. Khudaverdyan generated USD25mn in revenue from the unlocking and unblocking of several hundred thousand mobile phones.

Khudaverdyan succeeded in gaining unauthorized access to T‑Mobile’s systems by sending phishing emails to T‑Mobile employees that looked like bona fide correspondence, encouraging the unwary to submit their details so Khudaverdyan could harvest the information. He also worked with accomplices in overseas call centers to obtain personal data about T‑Mobile employees as part of a process of systematically working his way through the company hierarchy until he found targets that had access to the relevant corporate systems. Khudaverdyan would then exploit the personal data he had gathered by calling the T‑Mobile IT Help Desk and manipulating them into resetting passwords.

For 6 months Khudaverdyan was also one of the owners of Top Tier Solutions Inc, a T‑Mobile store in Eagle Rock, a neighborhood in the Los Angeles metropolitan area. However, it appears that he treated this business venture as subordinate to his illegal enterprise, which had begun over two years earlier. T‑Mobile terminated Khudaverdyan’s contract in June 2017 because of the suspicious way he used computer systems. Earlier this year Top Tier Solutions co-owner Alen Gharehbagloo pled guilty to associated charges of fraud, money laundering and accessing computers with the intent to defraud. Khudaverdyan’s sentence hearing will take place in October, where he will receive at least a two year prison sentence for aggravated identity theft and could potentially receive sentences of up to 20 years for each count of fraud and money laundering.

I have written before about telcos needing to do more to mitigate the risk that employees will fall victim to phishing and social engineering. Whilst it is sensible to warn customers about the dangers of scams, there often appears to be a subconscious desire to solely associate scammers and hackers with widespread attacks on customers despite the greatest threat coming from highly targeted attacks on insiders who have privileged access to systems and data. Some of the people I see giving advice to telcos about crime prevention are ignorant of basic requirements for security hygiene, as evident from the way they conduct their own business and their inability to adapt when challenged about those weaknesses. Too often I see telco employees receiving advice about security that is on a par with that given to customers when it should be much more stringent.

The prosecutors’ press release about Khudaverdyan and his conviction can be found here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.