Two brothers deleted 96 federal databases after being fired – one googled how to hide the evidence afterward

Daniel Sims

Posts: 2,469   +74
Staff
Facepalm: The case of the Akhter brothers will likely go down as a textbook example of why companies handling sensitive materials should conduct thorough background checks on new hires – and revoke computer access immediately upon termination. One government contractor has learned that oversights in these policies can rapidly lead to serious cybersecurity incidents.

A federal jury recently convicted 34-year-old Sohaib Akhter of conspiracy to commit computer fraud and trafficking in passwords with assistance from his brother, Muneeb, after federal contractor Opexus fired the twins. Notably, this is not the brothers' first federal cybercrime conviction.

When the Washington, D.C.-based company, which serves more than 45 government agencies and hosts data for federal clients, terminated the twins last February, the two began deleting the information within minutes. Within hours, Muneeb had wiped around 96 databases containing Freedom of Information Act data and federal investigation files.

Evidence uncovered during the investigation of the brothers indicates that they were not hacking professionals. After deleting the databases, the two brothers discussed the next steps, and Muneeb asked an AI chatbot how to clear system logs to cover his tracks. While court documents do not reveal how the brothers communicated, it was clearly in a manner that enabled investigators to retrieve transcripts of their conversation.

Embarrassingly, Opexus fired the brothers because it discovered that they had pleaded guilty in 2015 to hacking multiple websites, stealing credit card credentials, and attempting to sell personal information on the darknet. Among other crimes, Sohaib conspired with his brother and others to steal personal information from coworkers while employed at the State Department and covertly install hardware to allow them to monitor government systems continually.

Opexus later admitted that, while it had conducted extensive background checks on the brothers before hiring them a decade later, the company clearly did not dig deep enough. Worse, when the contractor fired the brothers over a video call, it locked Sohaib out of its systems but forgot about Muneeb. Within six minutes, he had already locked other users out of the database and begun deleting it. Within hours, Muneeb had also stolen 1,805 files from the Equal Employment Opportunity Commission, along with federal tax information for more than 450 people.

Before Sohaib's conviction, Muneeb had signed a plea deal, but he recently began sending handwritten letters from prison in an attempt to withdraw it. Describing his lawyer as ineffective, he aims to represent himself.

Permalink to story:

 
Keep them H1B'ers comin', boys! Reap the whirlwind :)
I notice the article was careful not to mention the nationality of these two brothers. Now, no one wants to be perceived as racist these days, do they! It's critical to your mainstream media career to be a globalist. They are Pakistanis. Pakistan is a hotbed of cyber crime.
 
Ars Technica has a lot more details https://arstechnica.com/tech-policy/2026/05/drop-database-what-not-to-do-after-losing-an-it-job/

I’m interested to know how much was quickly recovered from backups. Could be everything but I suspect it’s worse than that.
Thanks for the link. My guess is that at worst a few days of data might have been lost. Gov IT contractors are generally required to keep daily or hourly backups, so it's anyone's how guess how much data was lost.
 
Back