A forgotten recording captured everything they planned to do
When two brothers were dismissed from a government contractor after the discovery of prior fraud convictions, they did not simply leave — they turned their remaining access into an instrument of retribution. Muneeb and Sohaib Akhter methodically deleted 96 government databases and extracted sensitive data from systems serving more than 45 federal agencies, exploiting the gap between their termination and the revocation of their credentials. Their undoing came not from forensic brilliance but from a forgotten Microsoft Teams recording that captured their plans in their own voices. The case stands as a modern parable about the invisible door that organizations leave open when they separate people from their roles without simultaneously separating them from their access.
- Two brothers, fired after their criminal histories surfaced, used still-active credentials to begin a methodical campaign of digital destruction against the very systems they had been trusted to support.
- Within what amounted to minutes of determined effort, 96 government databases were deleted, sensitive credentials were stolen, and systems relied upon by dozens of federal agencies were compromised.
- The brothers deployed artificial intelligence tools in an attempt to erase their digital footprints, signaling how modern saboteurs are now weaponizing emerging technology to evade accountability.
- A Microsoft Teams meeting, left recording after the termination conversation ended, captured the brothers openly discussing which databases to delete, how to destroy backups, and whether to flee — becoming the prosecution's most decisive evidence.
- Both brothers were convicted, but the case has sent a wider alarm through institutions nationwide about the catastrophic potential of disgruntled insiders who leave with knowledge, motive, and access still intact.
Muneeb e Sohaib Akhter eram irmãos gémeos com conhecimentos técnicos aprofundados e um emprego num contratante do governo norte-americano — até que a empresa descobriu que ambos tinham condenações criminais anteriores relacionadas com fraude informática. A demissão foi imediata, mas o acesso aos sistemas não foi revogado com a mesma rapidez. Nessa janela de vulnerabilidade, os dois decidiram agir por vingança.
Usando as credenciais que ainda possuíam, os irmãos eliminaram aproximadamente 96 bases de dados governamentais, comprometeram sistemas utilizados por mais de 45 agências federais e extraíram informações sensíveis. Para apagar os rastos, recorreram inclusivamente a ferramentas de inteligência artificial — uma tentativa que acabou por ser inútil.
O que os traiu foi um detalhe banal: durante a reunião em que foram informados do despedimento, uma gravação do Microsoft Teams ficou ativa sem que ninguém se apercebesse. No áudio captado depois do fim da conversa oficial, os irmãos discutiram abertamente quais as bases de dados a eliminar, como destruir as cópias de segurança, de que forma limpar as evidências e até a possibilidade de fuga. Mencionaram também os antecedentes criminais que tinham precipitado a sua saída.
Essa gravação esquecida tornou-se a peça central da acusação, transformando uma investigação forense potencialmente complexa numa prova direta e irrefutável. Ambos foram condenados. O caso ficou como um aviso claro: o maior risco para muitas organizações não vem de fora, mas de quem já está dentro — e que parte sem que as portas sejam verdadeiramente fechadas.
Two brothers with technical expertise and a grudge walked away from their jobs at a government contractor with something the company didn't immediately realize they still possessed: active access to systems serving more than 45 federal agencies. Muneeb Akhter and Sohaib Akhter had just been fired after the company discovered they had prior criminal convictions related to computer fraud. What followed was one of the most consequential cases of insider sabotage in recent memory.
According to the U.S. Department of Justice, the twins used their lingering credentials to methodically dismantle what they could reach. They deleted approximately 96 government databases. They compromised systems relied on by various federal entities. They extracted credentials and sensitive information. They attempted to destroy evidence of their actions. In a particularly modern twist, they deployed artificial intelligence tools trying to find ways to cover their digital tracks—a futile effort, as it turned out.
The motive was straightforward: revenge. The company had terminated them after uncovering their fraud convictions, and the brothers apparently decided that if they were going down, they would take as much with them as possible. What they didn't account for was a single, forgotten detail that would unravel their entire operation.
When the company called them in to deliver the termination news, a Microsoft Teams meeting was initiated. The recording continued running after the conversation ended. In that captured audio, investigators would later hear the brothers discussing their plans with remarkable candor. They talked about which databases to delete. They discussed destroying backups. They outlined how to clean up evidence. They even mentioned the possibility of fleeing. And they referenced their criminal history, apparently aware that this discovery was what had triggered their dismissal in the first place.
The forgotten recording became the prosecution's most damning piece of evidence. It transformed what might have been a complex forensic investigation into something far more straightforward: the defendants, captured in their own words, laying out exactly what they intended to do and then doing it.
The case has become a cautionary tale for organizations across the country. It illustrates a vulnerability that exists in nearly every institution: the insider with technical knowledge, legitimate system access, and a reason to cause harm. Unlike external attackers who must find their way in, these individuals are already inside. They know the architecture. They understand the vulnerabilities. And if their access isn't revoked the moment employment ends, they have a window—sometimes a very large window—to inflict damage that can take months or years to fully assess and repair. In this case, that window allowed two people to compromise systems supporting dozens of federal agencies in what amounted to minutes of determined effort.
Notable Quotes
The case illustrates how insider threats with technical knowledge, legitimate access, and motivation for revenge can inflict massive damage in minutes— U.S. Department of Justice findings
The Hearth Conversation Another angle on the story
Why did the company not immediately revoke their access when they were fired?
That's the question everyone asks after the fact. The brothers were still logged in, still able to move through systems. It suggests the company's offboarding process wasn't synchronized with termination—a gap that exists in more organizations than you'd think.
And the Teams recording—was that intentional, or pure accident?
Pure accident. Someone started the meeting, delivered the termination, and didn't realize the recording was still active. It's the kind of small operational failure that usually goes unnoticed. This time it became the entire case.
What were they actually trying to accomplish with the AI tools?
They were trying to obscure their activity logs, to make it harder to trace what they'd done and when. But once the forensic work began, the AI obfuscation was almost irrelevant. The Teams recording had already given investigators everything they needed.
Did they think they could actually get away with this?
They must have believed they had some chance, or they wouldn't have done it. But they were operating on incomplete information—they didn't know about the recording. That's what separates this from a more calculated crime.
What happens to the federal agencies now?
They have to rebuild. Ninety-six databases don't restore themselves. The real cost isn't just the data loss—it's the time, the resources, the uncertainty about what was compromised and what wasn't.