Two Virginia contractors with prior hacking convictions face new federal charges for allegedly deleting 96 government databases just minutes after termination. Muneeb Akhter and Sohaib Akhter, both 34 from Alexandria, accessed sensitive agency records through their employer’s systems in Washington, DC. The Department of Justice unsealed an indictment detailing their coordinated attempt to steal and destroy critical data belonging to multiple federal agencies.
The brothers worked for an undisclosed contractor serving 45 U.S. agencies with software and IT services. Despite their 2015 convictions for State Department intrusions, they secured clearances granting access to investigative files and Freedom of Information Act records. Prosecutors describe the February 18 incident as a desperate act of sabotage immediately following their 4:55 pm dismissal.
Five-Minute Rampage Targets Federal Databases
The alleged attack unfolded with alarming speed after termination:
– At 5:00 pm, one brother accessed employer servers despite partial account deactivation.
– He issued commands blocking other users from database connections or modifications.
– 96 databases containing sensitive investigative materials were systematically deleted.
– Commands targeted Homeland Security systems and related federal records.
Despite swift execution, the brothers lacked technical expertise for proper cover-up. Muneeb Akhter turned to an AI chatbot one minute post-deletion, querying “how do I clear system logs from SQL servers after deleting databases.” Subsequent prompts sought Windows Server 2012 event log erasure instructions, revealing their amateur status.
AI Cover-Up Attempt Backfires Spectacularly
Prosecutors obtained detailed evidence contradicting the brothers’ concealment efforts:
– Failed log clearing left comprehensive audit trails exposing the deletions.
– Intercepted communications revealed post-incident discussions about evidence removal.
– Three days later, employer-issued laptops underwent OS reinstallation attempts.
– Indictment specifies exact databases and records targeted, confirming incomplete destruction.
The AI reliance highlights critical gaps in their systems knowledge. Queries targeted outdated Windows Server 2012, unsupported since 2023, suggesting desperation over preparation. Federal investigators recovered sufficient traces to build multiple felony charges.
Prior Convictions Raise Security Concerns
This marks the brothers’ second major federal hacking prosecution. In 2015, they pleaded guilty to State Department conspiracy, stealing passport, visa, and coworker data. Muneeb Akhter received 39 months imprisonment; Sohaib served 24 months, followed by three years supervised release.
Previous crimes included planting surveillance devices in State facilities and rigging online contests through employer server manipulation. Post-release, Muneeb hacked a data aggregator employing him, stealing contract information for personal gain. These patterns question vetting processes granting subsequent clearances.
Federal Charges Carry Severe Penalties
Muneeb Akhter faces conspiracy to commit computer fraud, record destruction, two computer fraud counts, government records theft, and two aggravated identity theft charges. Conviction mandates minimum two years per identity theft count, with 45-year maximum exposure on remaining felonies.
Sohaib Akhter faces conspiracy and computer fraud charges for password trafficking, carrying six-year maximum penalties. The multi-count indictment reflects extensive damage assessment across affected agencies. Both remain detained pending trial.
Operational Security Failures Exposed
The incident reveals multiple contractor vulnerabilities:
– Prior felons obtained clearances accessing sensitive federal systems.
– Account deactivation delays enabled five-minute data destruction window.
– Laptops remained accessible for OS wipes days post-termination.
– Outdated server infrastructure queried suggests neglected maintenance.
Employer practices face scrutiny for basic termination protocols. Immediate access revocation, device confiscation, and activity monitoring represent standard industry safeguards absent here. The case underscores risks of contractor dependency for critical government functions.
Implications for Government Contractor Oversight
This high-profile breach prompts reevaluation of background check rigor and continuous monitoring requirements. Agencies serving dozens of federal clients must demonstrate robust insider threat mitigation. The brothers’ recidivism challenges assumptions of rehabilitation sufficiency for cleared positions.
Federal IT security policies likely face strengthening around contractor termination procedures. AI tool usage in criminal activity establishes new forensic indicators for investigators. The case serves as cautionary tale for organizations balancing talent needs against security imperatives.
Law enforcement emphasis on recoverable digital footprints demonstrates sophistication countering amateur criminals. Comprehensive server logging preserved evidence despite deletion attempts, validating layered defense strategies effectiveness.
