tripwire/fortra posted an interesting article about a Ex employee who launched a cyber attack against his previous employer. The tactics are pretty classic stuff however, the idea of a once trusted person doing this is pretty scary assuming they could gain visibly to what security exits as well as how to beat it. The original article can be found HERE. Here is that post …
Once again companies are being warned to be wary of past employees who may turn rogue.
28-year-old Andrew Mahn, of Derry, New Hampshire, has pleaded guilty to charges that he illegally hacked the network of his former company, telecoms firm Motorola, after he successfully tricked current staff into handing over their login credentials
Mahn, who had previously worked for Motorola as a RF Network Field Service Technician, was working at the Massachusetts Port Authority (Massport) in August 2020 when he began to send phishing emails to a total of 31 current Motorola employees.
The email told recipients that there was a “task awaiting approval” on what purported to be Motorola’s payroll website. However, anyone who followed the instructions to click on the link and enter their username and password were actually sharing their login credentials with Mahn.
At least one Motorola employee was also targeted by Mahn with SMS text messages, which pretended to be from the company’s multi-factor authentication (MFA) service. The messages told the recipient that they would have to verify their MFA code at some point in the future, and were duly later sent requests for their MFA code or asked to approve a login through a push notification.
With his unauthorised access to Motorola’s network, Mahn was able to modify his victim’s account so that future MFA codes would be sent directly to phone numbers controlled by himself.
Mahn is also said to have stolen code and a software tool from Motorola’s network, after breaking into the corporation’s Bitbucket repository, which allowed him to unlock radio equipment features. Motorola normally charged $175 per radio for these features to be unlocked.
Mahn was arrested and charged with offences related to the hack, but while on conditional release he applied for a passport using a false name, a false date of birth, but a genuine photograph of himself.
A few weeks after making the passport application, Mahn attempted to expedite the process claiming in a letter to Senator Maggie Hassan that he “just found out I need to book international travel shortly for family reasons in the coming weeks to Germany.”
The assumption is that Mahn was attempting to abscond overseas before his trial.
Mahn is scheduled to be sentenced in March 2024. The charge of wire fraud provides a sentence of up to 20 years in prison, 3 years of supervised release, and a fine of $250,000. The charge of passport fraud could mean up to 10 years in prison, 3 years of supervised release, and a fine of $250,000.