Rogue ex-Motorola techie admits cyberattack on former employer, passport fraud
Pro tip: Don't use your new work email to phish your old firm
An ex-Motorola Solutions technician in the US has admitted he tried to fraudulently obtain a passport while awaiting trial for a cyberattack on his former employer.
Andrew Mahn, 28, of Derry, New Hampshire, pleaded guilty in federal court on Tuesday to both passport fraud and wire fraud, the latter relating to that cyber-intrusion. He is due to be sentenced in March next year.
Mahn was indicted [PDF] by a grand jury for passport fraud in February, after being charged in 2021 with breaking into Motorola's computer network and stealing data.
Prosecutors did not name Motorola in their indictments against Mahn: instead their court documents refer to the biz as "Company A," and described it as an international corporation headquartered in Chicago that sells, among other products, two-way radios. Although one could figure out Company A was Motorola from that description alone, the biz revealed itself in a victim statement submitted to the courts [PDF] earlier this month.
Mahn, according to prosecutors [PDF], worked as a radio technician for Moto before getting a new gig at the Massachusetts Port Authority (Massport).
While working at Massport, Mahn sent phishing emails to 31 Motorola employees between August and September, 2020. These emails contained a malicious link leading to a spoofed Motorola payroll portal so Mahn could steal their corporate login credentials.
After harvesting those employees' usernames and passwords, Mahn sent text messages to at least one staffer that appeared to be Okta security verification messages to trick the mark into providing their multi-factor authentication code.
Mahn then used this access to infiltrate Motorola's IT network, and break into the corp's Bitbucket repository and steal source code that allowed him to unlock certain radio equipment features valued at up to $175 per radio, Uncle Sam's lawyers said.
While he mostly tried to cover his tracks by using what prosecutors described as "anonymized" Amazon Web Services IP addresses for the scam, law enforcement were able to trace his actions to a Comcast IP address and his Massport email address.
"The defendant, while using an account tied to his Massport work email address, accessed Company A's public website using this Comcast IP address on at least 13 separate occasions during the cyber intrusion," according to Mahn's plea agreement [PDF].
A second IP address assigned to the same Comcast account was later used to access Mahn's personal Venmo and Gmail accounts, and Mahn also used his personal Google account and driver's license to set up a Coinbase account that paid for hosting phony Motorola corporate login page, we're told.
- Forget the outside hacker, the bigger threat is inside by the coffee machine
- US military battling cyber threats from within and without
- 'Serial cybercriminal and scammer' jailed for 8 years, told to pay back $1.2M
- Former infosec COO pleads guilty to attacking hospitals to drum up business
A grand jury in Illinois returned an indictment charging Mahn with multiple offenses related to the Motorola break-in in October 2021. He was detained and released pending trial.
But instead of patiently waiting for his day in court, Mahn, on November 15, 2022, applied for a passport under a fake name (with the same initials, "AM") and using a fake date of birth — but with his own photograph.
To accompany the application, Mahn submitted false documents, including a phony student ID card from a nonexistent school and a fake New Hampshire identification card. Both, however, used his real picture.
A month later, he wrote to US Senator Maggie Hassan (D-NH) requesting help in expediting his passport application. "I have just found out I need to book international travel shortly for family reasons in the coming weeks to Germany," Mahn wrote. "I am trying to figure out the status of the application and when I can expect it to be processed and shipped.
Alas, there was no real family emergency in Germany. We can only assume Mahn's real intent was to use the bogus passport to flee abroad before his trial.
He now awaits sentencing in the new year. The charge of wire fraud carries a max sentence of 20 years in prison, three years of supervised release, a fine of $250,000, or twice the gross gain or loss, and restitution.
Meanwhile, passport fraud could get Mahn ten years behind bars and a $250,000 fine. ®