Twins who hacked State Dept hired to work for gov again, now charged with deleting databases
Summary
Federal contractors Muneeb and Sohaib Akhter, both 34 and previously convicted in 2015 for hacking the US State Department and stealing customer data from a private company, have been indicted for allegedly deleting 96 US government databases minutes after being fired. The brothers worked for a contractor identified in court papers as ‘Company-1’ (reported as Opexus), which supports FOIA and other government systems.
Prosecutors say the pair hatched the plan during the termination call. When they lacked the exact commands, they reportedly asked an AI tool how to clear SQL server logs and Windows event/application logs after deleting databases. Sohaib’s VPN was disabled and his account locked soon after the firing, but Muneeb remained connected and is accused of write-protecting and then deleting multiple databases, including a Homeland Security production database and many FOIA-related records.
Key Points
- The Akhter twins were indicted for conspiring to delete 96 US government databases shortly after being fired from a federal contractor role.
- Targets included FOIA portals and sensitive investigative files, and at least one Homeland Security production database.
- Court documents say the brothers used an AI tool to get commands for clearing SQL logs and Windows server logs after deletions.
- The contractor involved has acknowledged the incident and said it has strengthened security measures since.
- Both brothers have prior convictions from 2015 for hacking the State Department and a cosmetics firm; they previously served prison sentences.
- Muneeb faces counts including aggravated identity theft and could face lengthy prison time; Sohaib faces charges including password trafficking and shorter maximum penalties.
- The case highlights rapid damage that retained privileged access can enable and the new wrinkle of AI-assisted cover-up attempts.
Context and relevance
This incident underscores persistent insider-threat risks in government contracting: rehiring or failing to fully vet people with prior offences, slow or incomplete deprovisioning, and shared or weak credentials can permit catastrophic harm within minutes. It also demonstrates a growing trend where offenders may use AI tools to craft technically precise instructions for sabotage or evidence removal.
For security teams and procurement officers, the story is a timely reminder to enforce immediate access revocation, least-privilege policies, robust logging and immutable backups, and stronger vetting for roles handling sensitive systems. The combination of privileged access, poor offboarding and AI assistance makes this case particularly instructive.
Why should I read this?
Short version: this is exactly the sort of ‘it-can-happen-fast’ nightmare you want to learn from without living through it. If you work in IT, security or government procurement, it’s a fast lesson in vetting, deprovisioning and why ‘one set of credentials for everyone’ is a terrible idea — and yes, criminals are now asking AI how to clean up after them.
Author style
Punchy — this isn’t just another breach. It’s a high-impact insider sabotage case involving known offenders, a government FOIA system and AI-assisted cover-up. Read the details so you can harden your organisation against the same mistakes.