Cybercrime and Passport Fraud: Former Motorola Tech Faces Double Trouble

CVE-2023-24059

Former Motorola technical specialist in the United States, 28-year-old Andrew Mahn of Derry, USA, admitted to attempting to fraudulently obtain a passport while awaiting trial for a cyberattack on his former employer. He confessed to his guilt in passport fraud and electronic communication fraud. Earlier, he was charged with a cyberattack on Motorola. His sentence is expected to be pronounced in March 2024.

Mahn was indicted in February for passport fraud and in 2021 for penetrating Motorola’s computer network and stealing data. Court documents refer to his former employer as “Company A,” describing it as an international corporation based in Chicago, specializing in the sale of, among other things, radio equipment.

CVE-2023-24059

According to the prosecution, Mahn worked as a radio technician at Motorola before moving to the Massachusetts Port Authority (Massport). During his tenure at Massport from August to September 2020, he sent phishing emails to 31 Motorola employees. The emails contained a malicious link to a fake Motorola payroll portal, through which Mahn stole corporate login credentials.

After obtaining employees’ usernames and passwords, Mahn sent them text messages mimicking Okta security messages, enabling him to acquire multi-factor authentication codes. Using this information, Mahn infiltrated Motorola’s IT network, hacked the corporation’s Bitbucket repository, and stole source code, which allowed him to unlock features of radio equipment valued at up to $175 per radio.

Though Mahn attempted to conceal his actions using anonymous Amazon Web Services IP addresses, the investigation traced his actions to a Comcast IP address and his work email at Massport. He also used his personal Google account and driver’s license to create a Coinbase account, through which he paid for hosting the fake Motorola login page.

In October 2021, Mahn was charged with several crimes related to hacking Motorola. In November 2022, he attempted to obtain a counterfeit passport under a different name, attaching his photo and false documents to the application. He also approached a U.S. Senator requesting expedited processing of his passport application, claiming an urgent need to travel to Germany due to family circumstances.

Now, Mahn awaits sentencing. For electronic communication fraud, he faces up to 20 years in prison with an additional 3 years of supervision after release, a fine of up to $250,000, and restitution. Passport fraud could lead to 10 years in prison and a $250,000 fine.