Cybercriminals continue to create new ways to earn easy money, and every scheme seems to have its own unique flavor.
Most recently, a former T-Mobile retail store owner was convicted for stealing employee credentials to illegally access internal computer systems and unlock and unblock cellphones.
The U.S. Department of Justice (DOJ) says Argishti Khudaverdyan, 44, was found guilty of 14 federal criminal charges for the scheme he ran from 2014 to 2019 that netted $25 million in criminal proceeds.
The DOJ explains the scheme:
"Khudaverdyan fraudulently unlocked and unblocked cellphones on T-Mobile's network, as well as the networks of Sprint, AT&T and other carriers. Removing the unlock allowed the phones to be sold on the black market and enabled T-Mobile customers to stop using T-Mobile's services and thereby deprive T-Mobile of revenue generated from customers' service contracts and equipment installment plans."
Court documents show that Khudaverdyan and another business partner owned a store called Top Tier Solutions Inc., which was a T-Mobile store, in Los Angeles in January 2017. By June of the same year, T-Mobile terminated their contract, citing suspicious computer behavior and association with unauthorized unlocking of cellphones.
Khudaverdyan continued his fraudulent scheme after claiming that the unlocks he was providing were "official" T-Mobile unlocks. How was he unlocking these phones?
The former store owner used various phishing techniques to steal T-Mobile employee credentials. Very often he would socially engineer employees at the IT help desk to get their credentials. He would then target higher ranking employees, using their personal identifying information to reset their company passwords through the help desk. This gave him unauthorized access to the T-Mobile systems, allowing him to unlock and unblock cellphones.
The DOJ says that Khudaverdyan and his associates "compromised and stole more than 50 different T-Mobile employees' credentials from employees across the United States." During that time, they unlocked and unblocked hundreds and thousands of phones.
Khudaverdyan was found guilty of one count of conspiracy to commit wire fraud, three counts of wire fraud, two counts of accessing a computer to defraud and obtain value, one count of intentionally accessing a computer without authorization to obtain information, one count of conspiracy to commit money laundering, five counts of money laundering, and one count of aggravated identity theft.
The statutory maximum prison time he faces for each crime are as follows:
- 20 years in federal prison for each wire fraud count
- 20 years in federal prison for conspiracy to commit money laundering
- 10 years in federal prison for each money laundering count
- five years in federal prison for each count of intentionally accessing a computer without authorization to obtain information
- five years in federal prison for the count of accessing a computer to defraud and obtain value
- mandatory two years in federal prison for aggravated identity theft
His next unlock will be from a cell block.