Companies are once again being warned to be wary of former employees who could turn rogue.
Andrew Mahn, 28, of Derry, New Hampshire, pleaded guilty to illegally hacking into the network of his former company, telecommunications company Motorola, after he successfully tricked current employees into handing over their login credentials.
Mahn previously worked for Motorola as a radio frequency network field service technician, and while working at the Massachusetts Port Authority (Massport) in August 2020, he began sending phishing emails to a total of 31 current Motorola employees.
The email told recipients there was a “task awaiting approval” on what was purported to be Motorola’s payroll website. However, anyone who follows the instructions and clicks on the link and enters a username and password is actually sharing their login credentials with Mahn.
Mahn also sent text messages purporting to be from the company’s multi-factor authentication (MFA) service to at least one Motorola employee. These messages tell the recipient that they must verify their MFA code at some point in the future, and at a later time, send a request for their MFA code or require approval of the sign-in via a push notification.
By gaining unauthorized access to Motorola’s network, Mahn was able to modify the victim’s account so that future MFA codes would be sent directly to a phone number he controlled.
Mahn also allegedly stole code and software tools from Motorola’s network after breaking into the company’s Bitbucket repository, which allowed him to unlock the functionality of radio equipment. Motorola typically charges $175 per radio to unlock these features.
Mahn was arrested and charged with hacking-related offences, but while on conditional release he applied for a passport using a false name, a false date of birth but a real photo of himself.
Weeks after applying for his passport, Mahn attempted to expedite the process, claiming in a letter to Senator Maggie Hassan that he “just found out that for family reasons I need to book a flight to Germany within the next few weeks.” International travel.”
It is speculated that Maan tried to abscond overseas before his trial.
Mahn is expected to be sentenced in March 2024. The wire fraud charge carries a maximum penalty of 20 years in prison, three years of supervised release and a $250,000 fine. Passport fraud charges could mean up to 10 years in prison, three years of supervised release and a $250,000 fine.
Editor’s note: The opinions expressed in this guest author article are those of the contributor and do not necessarily reflect the views of Tripwire.