For several years, he used a variety of tactics to obtain the credentials of T-Mobile employees needed to unlock phones, including phishing, social engineering, and even forcing the operator’s IT department to reset their superiors’ passwords. The Justice Department claims that more than 50 employees have accessed their credentials and used them to unlock “Sprint, AT&T and other carriers” phones.
According to the indictment, Khudaverdyan had access to T-Mobile unlocking tools until 2017. After the carrier transferred them to its internal network, Khudaverdyan allegedly used the stolen credentials to access that network via Wi-Fi at T-Mobile stores.
MOJ alleges that Khudaverdyan has been selling unlocking services via email, agents, and various websites for years, telling customers that these are official T-Mobile unlocks.
Khudaverdyan faces a prison sentence of at least two years for aggravated identity theft and up to 165 years on charges of electronic fraud, money laundering and unauthorized computer access. A criminal hearing was scheduled for October 17.