Reading the headline, I thought what a harsh sentence for jailbreaking a few phones. Turns out we have to come up with a new word for what has been going on here.
This isn’t about DFU mode, exploiting bugs, or clever SIM hacks. These people broke into the telcom systems to actually unlock these devices for good.
«In total, Khudaverdyan and others compromised and stole more than 50 different T-Mobile employees’ credentials from employees across the United States, and they unlocked and unblocked hundreds of thousands of cellphones during the years of the scheme. Khudaverdyan obtained more than $25 million for these criminal activities.»
That still seems harsh if T-Mobile rent extraction was the only true harm and there wasn't eg sim-swapping or id theft involved.
(e: I missed the $25M proceeds. Changes my thoughts a little, but still, 10 yrs seems like a lot if T-mobile was the only victim... seems like taking all his money and then some, compensating T-Mobile for actual costs, and giving the rest to the local public school or whatever would be better all-around and we can all shed some crocodile tears for the telcos.)
It is not rent extraction if people choose to accept a subsidized device at T-Mobile’s expense in exchange for T-Mobile knowing that device will have to be used on T-Mobile’s network, and hence resulting in at least a certain amount of revenue.
That is just a contract that one side wants to break. It is extremely easy for anyone who does not want a locked to carrier phone to buy an unlocked phone and use it with any carrier they want.
I didn't say we should legalize what he did. I said the punishment sounds harsh.
T-Mobile already receives an incredible amount of assistance from the state, both direct and indirect. Erasing an eighth of someone's life at the taxpayer's expense on top of all of that seems like a bit much.
And don't worry, I too realize the telcos are people too. I stipulated we would all cry crocodile tears for the telco and pay them back for whatever their actual losses were (which were likely a tiny fraction of his proceeds).
It is harsh but he helped people commit fraud against T Mobile and received 25 million for it, which must be a fraction of what his clients gained, or else they wouldn't pay him.
I am fairly sympathetic to white-collar crime but after he made his first million he could have sat down and thought about the morality of it all. He was already rich so he had the leisure time to contemplate perhaps not breaking the law...
Now, if he decided the law was immoral and it was correct to break it in protest then that is defensible but that's not the case here.
Instead, he continued to break the law but labeled it as “official t mobile unlocks” in order to trick people who had no intention of becoming criminal action into giving him money to do the crime. That to me is beyond the line.
For me, this is akin to selling weed labeled as expensive oregano because you want to expand your market beyond potheads. People deserve to know what they are getting into.
Considering even the US government uses SMS 2FA, which means control of your phone number is tantamount to authorization to do things on your behalf, there should be severe penalties for breaking into the systems of phone network operators.
Not that the SMS 2FA is the appropriate way to be doing things, but it is what it is, and the government is not wanting to take on any liability, and the mobile networks do not want any liability (nor should it be foisted upon them), keeping the punishment high for stuff like this seems like the best we can hope for.
> which were likely a tiny fraction of his proceeds
The losses probably substantially exceed his proceeds because these unlocking services enable all kinds of other fraud. If he charges $50 to unlock a $1000 phone that someone got on credit and will never pay for and that will be exported to China where it can now be freely used thanks to the unlock, then what is T-Mobile's loss amount - $50 or $1000?
There isn't always ID theft involved though, it's often just a small scale "bust out" where a person needs $300 and is willing to ruin their credit to get it.
My little theory is the more likely it is for individuals to copy such a criminal scheme the more the justice system wants to set an example with the punishment.
WRT schemes like this one, maybe so. I don't know. But on the broader point of hard prison sentences being good for deterrence, the US recidivism rate speaks for itself.
A trial costs both sides a lot of time and money. In most cases the defendants really are guilty (they had so much evidence on this guy I'm not sure why he even chose to go trial), the government has a lot of evidence against them and they would receive no benefit from going to trial unless they are being prosecuted under some new theory of liability that they could maybe convince a jury is invalid. Honestly it's surprising the conviction rate is only 95% instead of 99.9%. Federal law enforcement has multi billion dollar budgets, they can issue warrants and subpoenas and wiretaps, they can give "friendly knocks" and threaten people with jail time for not cooperating. How do they ever even lose?
Lack of motivation. Relatively few people on the prosecution side truly care about winning, especially as time passes.
Cases can easily take years, personnel changes ruin everything.
If you have money and aren't accused of anything totally crazy, you can easily completely ruin the governments chances by simply getting a few of the main people involved private sector jobs. This happens every day.
>one count of conspiracy to commit wire fraud, three counts of wire fraud, two counts of accessing a computer to defraud and obtain value, one count of intentionally accessing a computer without authorization to obtain information, one count of conspiracy to commit money laundering, five counts of money laundering, and one count of aggravated identity theft.
Which one of these charges is illegally unlocking phones? He went to prison for hacking T-Mobile, the title seems like it's trying to scare potential jailbreakers.
The article says he accepted money for "official TMobile" unlocks. That sounds fraudulent and likely involved money transfer over wires. So the first two counts you listed?
??? Locking phones should have been illegal. You can enforce contracts through other means, all locking does is prevent the owner from switching carriers at the end of a term or legally reselling the phone after it's paid off and they get a new one...
Unblocking stolen phones I can understand but carriers got away with locking phones for far too long.
TFA states after T-Mobile terminated their relationship with his business, he social engineered their help desk to steal credentials from other employees. It also states he made $25MM from the use of the stolen credentials.
Not that I disagree that telcos should stop locking phones. Then again, this is why I don't buy telco branded phones to start with.
but it doesn't seem like he did anything (morally) wrong with that access. Just helped people dodge T-Mobile's abusive practices. It would be one thing if there was like SIM swapping or something, but it doesn't look like that happened here.
> all locking does is prevent the owner from switching carriers at the end of a term or legally reselling the phone after it's paid off and they get a new one...
All US mobile networks unblock phones once the contract term ends. Although, it should happen automatically rather than the phone owner having to request it.
> To gain unauthorized access to T-Mobile’s protected internal computers, Khudaverdyan obtained T-Mobile employees’ credentials through various dishonest means, including sending phishing emails that appeared to be legitimate T-Mobile correspondence, and socially engineering the T-Mobile IT Help Desk. Khudaverdyan used the fraudulent emails to trick T-Mobile employees to log in with their employee credentials so he could harvest the employees’ information and fraudulently unlock the phones.
> In total, Khudaverdyan and others compromised and stole more than 50 different T-Mobile employees’ credentials from employees across the United States, and they unlocked and unblocked hundreds of thousands of cellphones during the years of the scheme.
> Khudaverdyan obtained more than $25 million for these criminal activities.
Given how many devices were involved, it's fairly likely that a substantial number of them were stolen. You don't get to "hundreds of thousands" of devices unlocked by helping out individual customers.
This sort of detail isn't going to be the focus of the DoJ press release because it's tangential to the case, and harder to prove than the (fairly clear-cut) unauthorized computer access angle. But it's in there -- notice the mention that the store owner's actions "allowed the phones to be sold on the black market", for example, as well as the prosecutor's statement that he "further[ed] the trafficking of lost and stolen cell phones".
> You don't get to "hundreds of thousands" of devices unlocked by helping out individual customers.
I don't doubt that there were stolen devices involved, but it's actually really easy for me to imagine finding a few hundred thousand customers who would pay for an "official" unblock so they can switch carriers.
Some numbers:
1. >50% of customers are willing to change their carrier
2. T-Mobile has 100M customers
Conservatively, this gives a TAM of at least millions, maybe 10s of millions, of customers per year. And he had, let's say, 500K, probably less, total customers over the years. So he was getting, what, 1% of non-phone-thief customers per year? Less? Easy to imagine getting there without working with phone theft rings.
It's funny how little we think about it like that. Harming corporate profits in many cases means we've reduced friction and improved total economic efficiency.
But yeah, obviously hacking the telecom is a no-no.
“We” do not think about it like that because it has been many, many years since the US regulatory agency has required US mobile networks to unlock phones after the contract ends:
Unlocked phones have long been available for purchase, and no one is forcing anyone to choose to accept a mobile network subsidy in exchange for the lock.
"Harming corporate profits" seems like a weird spin, considering locked phones are typically on long-term contracts that subsidize the purchase price. If you buy a lease-to-own car, then stop making payments and go to a different auto dealership is that just "economic efficiency?"
your analogy doesn't work because cars aren't locked to dealerships. If the dealer controlled how you used your car and restricted what you did with your car via some sort of artificial software limitation within the vehicle, then removing that limitation would also be a good thing.
If cars dealerships also owned their own network of fuel stations. They sell you the car for cheap but require you to use their network of expensive fuel stations for x years. The cars have an encrypted chip that detects if its connected to the specific approved gas station when filling. Now if you try and sell it there is no real market because the buyer can only use it at the specific dealerships gas network and that dealership could also lock that buyer out if it chose.
Now someone has gained access to the car dealerships database and unlocked a bunch of cars for a fee. Is that good or bad I donno.
I think the important thing to remember is that whatever "artificial software limitation" is imposed on the phone was done so with the knowledge of the person signing the contract when the phone was leased. At least I have to assume it is called out in the contract.
Even in the GP post its not "your" car. You don't "own" the car when you lease-to-own you are renting it under a contract which gives you very specific right to "own" the car at the time of your last payment or when you are able to pay it in full. Ownership is determined by the name on the Title Certificate which would be in the dealership's name until you make the final payment or pay it off beforehand in full.
A group of fraudsters goes into dealerships with stolen identities and attempts to finance $0 down cars so they can export them to West Africa and make a fortune because they are not ever going to pay for the cars. Only some dealers have "kill switches" (look it up) that they use to remotely brick cars they stop receiving payment on. So someone like Khudaverdyan comes along and offers a kill switch disabling service so the cars will still work after the fraudsters have moved them out of the country. I think most people would agree that is wrong.
Phones are locked while people haven't paid off the purchase price, generally across 2 years of installments that are combined with the cell service plan.
Unlocking them is straight-up theft -- it lets you use the phone without having paid for it.
This isn't something akin to pirating movies or cell service. It's straight-up getting hardware -- phones -- without paying for them. It's physical theft pure and simple.
Do the contracts not stipulate that if you cancel your service for any reason, you're on the hook for the remaining price of the phone? Surely if I didn't care about cell service and just wanted a pretty nice wifi camera, they're not going to let me sign up for a plan and then cancel it immediately.
Assuming they're not that dumb, I don't understand the point of locking.
You're generally on the hook for the rest of your contract, not just the phone.
But if you just don't pay, what are they supposed to do? They send it to collections, which has a small recovery rate. It's far more effective to use the phone lock.
And the culprit here hacked into T-Mobile's systems to get around their procedures. I also wouldn't be surprised if he was being paid precisely by a lot of people who signed up for contracts and expensive phones with a stolen credit card and stolen identity.
> And the culprit here hacked into T-Mobile's systems to get around their procedures. I also wouldn't be surprised if he was being paid precisely by a lot of people who signed up for contracts and expensive phones with a stolen credit card and stolen identity.
These people (or the people who buy phones off them) are almost exclusively the major customers of any unlocking service, at least with iPhones. Which for some reason is something the rest of the people in this thread fail to understand.
> The lock on the phone reduces the risk of nonpayment from the borrower
This seems pretty non-obvious to me. Maybe it reduces the incidence of straight-up theft, but if someone runs into financial difficulties and can't continue paying for service, they can get more on the used market with an unlocked phone and use that money to pay off the debt/exit the contract.
Obviously that's not an outcome the carrier wants, but now we're back to locking as a mechanism to keep people stuck to the carrier.
He created economic value for a bunch of fences in Hong Kong and Dubai who buy and receive hundreds of millions of dollars of stolen phones that they can now get more money for because they are unlocked and the ultimate end user in China or Nigeria doesn't have to use a RSIM/Gevey SIM (modded SIM that tricks locked iPhones to use any carrier) to use the phone. This guy is no hero.
these devices could also be stolen, or on longer-term contracts that subsidized the purchase price. Neither of these are artificial restraints on competition, especially considering all carriers play the same game.
There seems to be some misunderstandings in this thread. Anyone who has paid off their device can already get it unlocked from all the major carriers for free. 99% of the unlocks of this guy and similar services perform are for phones obtained by theft or fraud. They are either robbed from T-Mobile stores or they are obtained by "credit muling." Credit muling is where various sketchy people round up homeless or desperate people who need cash to go into cell phone stores and get as many phones as they can on credit with no intention of paying the phone off. The recruiters then take the phones and pay the "mules" a nominal fee like $100-200. This fraud costs carriers billions of dollars each year and makes everyone's cell phones bills higher.
10 years and $28,473,535 seems excessive (as noted by others elizabeth holmes only got 11 for what seems a far larger, more potentially-destructive fraud).
what's the logic behind this sentencing? or is there no logic and its some sort of regulatory capture and t-mobile et al want to make an example ?
Or the wire fraud. That's a federal charge and a felony. At $1M the range is going to be likely around 40-50 months, so $25M + (in this case) several aggravating factors like amount of loss, number of victims, defendant’s intentions and marketing techniques pushing that to 100+ months is not surprising.
How about this thought. Guy comes out of prison in 10 years a nobody. Tells his skewed story how he played Robin Hood to T-Mobile’s Sheriff of Nottingham. Will probably officially live on welfare so he won’t have to pay back a dime of whatever he hid of the rest of the money.
Holmes comes out and everybody will remember her for putting thousands of life’s at risk. I’m naive when it comes to venture capitalist circles but I would like to think her life is ruined. Maybe the courts also take that into account?
And what part of the sentencing is the punishment of the actual criminal and what part is the signal you’re sending to society to not do likewise or else?
I think for every Holmes you could maybe have a few hundred Robin Hoods, I’m sorry I forget the guy’s real name. If I was a nation, I would be scared of both but maybe a little more of the latter in terms of network effects.
Maybe we need more judges here to explain stuff to us like we’re 5 year olds.
12 years ago I aspired to becoming an attorney; now I look back at that time and shake my head at my former naivete.
To be clear, this guy was doing some crime - he was using his skills to unlock stolen phones so that they could be resold, plus he broke into T-mobile's computer systems by various means long after his access was revoked.
But much of the press release is about how the worstest, baddest thing he did was help people get out of their phone contracts (thus acquiring a phone cheaply because so many carriers want to give you the latest greatest phone for $0 down and then collect huge monthly subscriptions). I've never bought a phone this way because it always ends up costing more. But if you want to buy your phone outright, bring in your own device, or prepay for your phone service, the big cell service providers in the US treat you like absolute dirt. So while I don't endorse this guy's actions, I also don't feel any sympathy for his 'victim'.
> But if you want to buy your phone outright, bring in your own device, or prepay for your phone service, the big cell service providers in the US treat you like absolute dirt.
How so? I have walked into ATT and T-Mobile stores and purchased SIM cards very easily. With eSIM, I bet you do not even need to go to a store.
Perhaps it's the area where I live, but my experience with those kinds of services over the years has involved a distinct lack of enthusiasm and lengthy waits to get the simplest things done, with different staff due to turnover. I thought it was clear that I'm making a generalization rather than asserting a universal or very specific truth.
I assume service will be better at official ATT/T-Mobile/Verizon stores.
But they have a lot of franchised “authorized retailer” stores, where I assume the owner is working on commission, and so a simple SIM request might even net them nothing.
Nevertheless, with eSIM, I doubt there will be much reason to go to a store in the future.
I’m at no means an expert but it would be logical for me to somehow put the easiness of how the crime was committed and the magnitude of the ill-gotten gains in relation to calculate the punishment.
In other words, if all it takes is to operate a store, gain familiarity with your vendor, and then swindle your way to $25,000,000, there might be a lot more copycats so you want to set an example.
The kind of unlocking at issue in this case refers to a) unlocking phones that a customer owes a balance for or b) unblocking stolen phones (which are blacklisted by carriers to deter theft).
Why are these the only two options? In Canada, all our phones are carrier-unlocked and still subsidized by the use of multi-year contracts. There are perfectly adequate legal mechanisms of enforcing contracts without needing to lock phones.
Sure, and are subsidized phones more expensive in Canada as a result?
US networks can also choose to advertise unlocked subsidized phones. The fact that they do not at a sufficiently competitive price to locked phones must mean the lock is worth having.
The law is not forcing only two options, the market is. Any lender can lend money for a phone, just like Canadian mobile networks do.
* 2022: New iPhone 13 for $200 plus trade-in. I trade in the above iPhone 8 and will pay $6.67/month for the following 30 months. (Had I chosen the iPhone SE v2 I would not have paid anything.)
I am very, very certain that none of the Robelus has ever offered an iPhone for anything like any of the above, let alone all three.
[1] Canadians who have a US mailing address often choose to get US plans with Canadian roaming service, because doing so is cheaper than getting a plan from Robelus.
I can only assume an entire generational period of essentially zero-percent financing costs has convinced people they can have everything they want now. Financed deals of all kinds are always "locked" for some term. Sometimes this is time and sometimes a literal lock, like a lien on title.
I intentionally phrased it that way to show why there needs to be no legislation about locking phones to a carrier.
The market is offering people the choice of locked and unlocked phones. Everyone can make their own choice. The government already requires the lock to be temporary.
So then banning phone locks is the same as banning people from being able to exchange their freedom to use a different mobile network for a lower purchase price.
It seems like the reasoning is a bit off here. Unlocking phones shouldn't be an issue - it should be the fact that he surreptitiously accessed protected systems that matters.
I never understood the economics of cell phone carrier locking.
So you buy a phone that is meant to be paid off over a 3 year contract. Then you unlock it and sell it. That doesn't invalidate the contract, does it? Is it that easy to walk away from such contracts?
The article does say he made 25 million through this. That must be the reason he got such a severe sentence. That seems like too much time, because murder charges can get much less time. Breaking in to the us capital and hitting police officers bear spray, bricks, office equipment gets some people much less than a year.
I'm not sure what I think a proper sentence is. It's like copying a dvd, software is free over the internet to do it and it's illegal; it's been illegal for decades to use that software, but there were only a very few random cases of prosecution. Who did the criminal steal money from in this case? I should own my hardware and I can run whatever I want on it. It's illegal in some cases because there's a series of laws leading to you can't modify your tractor software if you have a john deere, which in itself is a bad idea.
"Telco bootlicking" feels pretty strong for the seemingly reasonable view that a customer doesn't own a phone they haven't paid for.
There are absolutely worthwhile discussions to be had about the ethics of dealing with abusive or greedy corporations, or about whether rent-to-own contracts are predatory.
But just because the community doesn't immediately jump to say "telcos suck so stealing your phone is a moral imperative" doesn't mean commenters are groveling at the feet of T-Mobile.
this implies that the price of a phone bill is connected to the price of operating the service. The price is set by what they think they can get, not how much it costs to run.
> this implies that the price of a phone bill is connected to the price of operating the service. The price is set by what they think they can get, not how much it costs to run.
I am not denying that telecoms is an oligopoly, I'm just saying this guy is no Robinhood. I think there still is some competition for pricing among cellular providers especially if you consider MVNOs, but even if this fraud had no effect on the cost of cell service, shareholders in any of the major telecom companies, which probably include the majority of adults by virtue of their inclusion on the S&P 500, are out billions of dollars of dividends thanks to the fraud these unlocking services enable.
Right, it's not "making the rest of society's phone bills higher", it hurts the stock gains for shareholders. That's what I meant by "what about muh corporate profits"
I think in the long run if fraud rates were reduced substantially that competitive pressures among the telecoms (given that they all basically have the same coverage) would cause prices to go down. I offered the shareholders thing as another argument because most people are shareholders because of their 401K and given that there's no free lunch someone had to pay for the $25 million this guy made.
This isn’t about DFU mode, exploiting bugs, or clever SIM hacks. These people broke into the telcom systems to actually unlock these devices for good.
«In total, Khudaverdyan and others compromised and stole more than 50 different T-Mobile employees’ credentials from employees across the United States, and they unlocked and unblocked hundreds of thousands of cellphones during the years of the scheme. Khudaverdyan obtained more than $25 million for these criminal activities.»