Argishti Khudaverdyan, a former T-Mobile store owner, was found guilty of running a US$25 million scheme that allowed him to access T-Mobile’s internal systems to unlock mobile phones.

“From August 2014 to June 2019, Khudaverdyan fraudulently unlocked and unblocked cellphones on T-Mobile’s network, as well as the networks of Sprint, AT&T and other carriers. Removing the unlock allowed the phones to be sold on the black market and enabled T-Mobile customers to stop using T-Mobile’s services and thereby deprive T-Mobile of revenue generated from customers’ service contracts and equipment installment plans,”the U.S. Department of Justice said.

To carry out the unlocks, Khudaverdyan compromised more than 50 T-Mobile employee IDs, the majority of which belong to senior employees, through phishing emails and social engineering.

These stolen login credentials were used to access T-Mobile’s internal systems, and he also performed password resets that locked account holders out of the system.

Khudaverdyan faces a maximum sentence of 20 years in prison for each wire fraud, 20 years for conspiracy to commit money laundering, 10 years for money laundering, 5 years for unauthorized computer access, 5 years for accessing a computer for fraud and 2 years for aggravated identity theft.

The sources for this piece include an article in BleepingComputer.