Twins who hacked State Dept hired to work for gov again, now charged with deleting databases

Steven

Twins who hacked State Dept hired to work for gov again, now charged with deleting databases

Summary

Federal contractors and twin brothers Muneeb and Sohaib Akhter have been indicted for allegedly deleting 96 US government databases minutes after being fired from a government contractor. Prosecutors say the siblings used lingering access to write-protect and delete databases holding FOIA records and sensitive agency files, and even consulted an AI to help clear logs and cover their tracks. Both have prior convictions for hacking-related offences involving the State Department and private companies.

Key Points

  • Muneeb and Sohaib Akhter, 34, were indicted on 13 November for conspiring to delete US government databases.
  • The brothers allegedly deleted 96 databases — including a Homeland Security production database and FOIA-related files — after being terminated on 18 February.
  • Muneeb is accused of remaining connected and issuing commands to prevent access and then deleting databases; Sohaib tried to reconnect but was blocked.
  • The indictment alleges they used an AI tool for technical guidance on clearing SQL and Windows logs to hide evidence.
  • Both previously pleaded guilty in 2015 to hacking-related charges involving the State Department and a cosmetics firm.
  • Charges include computer fraud, destruction of records, theft of US government records, password trafficking, and aggravated identity theft, with potential prison terms if convicted.
  • The contractor (identified in filings as Company-1; reported as Opexus) said it has strengthened security after the incident.

Content Summary

The brothers worked as federal contractors for a company that provides software and services to US agencies. The employer fired them at about 16:50 on 18 February. Five minutes later Sohaib allegedly attempted to access the corporate network but was blocked when his VPN and account were disabled. Muneeb, still connected, is accused of issuing commands at around 16:56 to lock out other users, write-protect and then delete databases across multiple agency systems.

Prosecutors say Muneeb deleted 96 databases containing government information, including Freedom of Information Act records and sensitive investigative files. After deleting a Homeland Security production database he allegedly asked an AI, “how do i clear system logs from SQL servers after deleting databases,” and later sought instructions for clearing Windows Server 2012 event and application logs.

Both men face federal charges with differing maximum penalties; Muneeb faces more severe counts including aggravated identity theft with mandatory minimums. They remain in custody pending detention hearings. The indictment recalls their 2015 guilty pleas for hacking the State Department and other offences; past sentences included multi-year prison terms.

Context and Relevance

This case highlights classic insider-threat failures: inadequate vetting, slow or incomplete deprovisioning and over-broad access for contractors handling sensitive data. The alleged use of AI to assist in covering tracks shows how emerging tools can be misused in internal attacks. For public-sector IT and security teams, it’s a reminder to enforce zero-trust principles, rapid access revocation, strong logging and immutable backups for critical records (especially FOIA and investigative data).

The incident also raises policy questions about rehiring or retaining staff with prior convictions for cybercrime, and the risks of contractors with privileged credentials. Agencies and vendors will likely review contractor screening, credential hygiene and incident-response playbooks in response.

Why should I read this?

Because this is the kind of mess that keeps CISOs awake: former hackers rehired, access not cut fast enough, nearly a hundred government databases wiped in minutes — and they even asked an AI how to clean up. Short version: poor controls + powerful tools = chaos. Read this to avoid making the same mistakes in your organisation.

Source

Source: https://www.theregister.com/2025/12/04/twin_brothers_charged_with_deleting_databases/