A man made millions unlocking T-Mobile phones with stolen passwords

Photo by Amelia Holowaty Krales / The Verge

The former owner of a T-Mobile store has been found guilty of using stolen credentials to unlocked hundreds of thousands of cellphones. According to a press release from the Department of Justice and an indictment filed earlier this year, Khudaverdyan made around $25 million from the scheme.

He used a number of tactics to get T-Mobile employee credentials, including phish, social engineering, and even getting the carrier's IT department to reset higher-ups' passwords. The DOJ says he unlocked phones from AT&T and other carriers.

According to the indictment, Khudaverdyan was able to access T-Mobile'sunlocking tools over the open internet. After the carrier moved them onto its internal network, Khudaverdyan is said to have used stolen credentials to access it.

T-Mobile terminated the store's contract because of suspicious behavior, according to the DOJ. Alen Gharehbagloo, one of the co-owners, was accused of fraud and illegal access to computer systems. The DOJ says that he marketed his services via email, broker, and various websites, telling customers that they were T-Mobile unlocks.

A Land Rover, a $32,000 Audemars Piguet Royal Oak watch, and properties in California were some of the purchases made by the two men. The Mercedes-Benz S 63 AMG and theFerrari 458 were leased by the two men. One of the properties had a Sky-Dweller taken from it.

There are other people who have gotten in trouble with the law for circumventing manufacturer limits. Last year, a man named Muhammad Fahd was sentenced to 12 years in prison forunlocking around 2 million AT&T phones, and a man named Gary Bowser was sent to prison for his role in a company that sold mod for the Nintendo.

It's hard to feel bad for companies that lose out on revenue because they restrict what customers can do with their devices in these crimes. I am not going to cry because the DOJ says that the unlocks allowed T-Mobile customers to stop using the service and deprive T-Mobile of revenue.

It's difficult to run an unlocked scheme without getting your hands dirty because it's illegal. It isn't a good idea to defraud T-Mobile employees for their credentials, and it isn't a good idea to unlock phones for criminals who want to sell them on the black market. If carriers made it easier for customers to do it themselves, it would be harder for people like Khudaverdyan or Fahd to build businesses like this.

There are at least two years in prison for identity theft, and up to 165 years for wire fraud, money laundering, and access to a computer without authorization. There will be a sentencing hearing in October.