Article Details

Twins who hacked State Dept hired to work for gov again, now charged with deleting databases. And then they asked an AI to help cover their tracks. Vetting staff who handle sensitive government systems is wise, and so is cutting off their access the moment they're fired. Prosecutors say a federal contractor learned this the hard way when twin brothers previously convicted of hacking-related offenses allegedly used lingering access to delete nearly 100 government databases, including systems tied to Homeland Security and other agencies, within minutes of being terminated. The siblings allegedly hatched the plan during the call in which they were being fired, and asked an AI to help them cover their tracks. Brothers Muneeb and Sohaib Akhter, both 34, of Alexandria, Virginia, were indicted on November 13 for conspiring to delete databases used to store US government information.  They both worked as federal contractors for a company that's identified as "company 1" in the court documents [PDF]. According to an earlier Bloomberg report, it's Opexus, a Washington-based firm that provides software and services to federal agencies and developed the Freedom of Information Act request portal, FOIAXpress.  An Opexus spokesperson emailed The Register the following statement:  The security of our customers' information is our highest priority and we are thankful that these individuals are being held accountable. We will continue to fully support the process as it moves forward, just as we have supported our customers since the incident occurred. We have learned a great deal from this incident and have taken meaningful steps to strengthen the security of the information we handle now and, in the future, and we remain committed to supporting our customers' critical needs with best-in-class security and service. Soon after Opexus fired the brothers, the two "sought to harm Company-1 and its US government customers by accessing computers without authorization, write-protecting databases, deleting databases, stealing information, and destroying evidence of their unlawful activities," the indictment alleges. "When the Defendants did not know the database commands necessary to accomplish their unlawful objectives, they used an artificial intelligence tool to help them." The company fired the men around 1650 on February 18, and five minutes later, Sohaib allegedly tried to break into Opexus' network, but failed because his VPN had been deactivated and his Windows account disabled, the court documents say. Muneeb, however, was still connected to the company network and at about 1656 allegedly accessed a government agency database, issued commands to prevent other users from connecting or making any changes to the database, and then deleted it. In total, the feds claim Muneeb deleted 96 databases storing US government information. Many of these contained records and documents related to Freedom of Information Act matters, as well as sensitive investigative files of federal government departments and agencies.  After allegedly deleting a Homeland Security production database, Muneeb then asked an AI: "how do i clear system logs from SQL servers after deleting databases," according to the court documents. Soon after, Sohaib allegedly said, "they're gonna probably raid this place," to which Muneeb replied, "I'll clean this shit up." The indictment says Sohaib responded, "We also gotta clean stuff up from the other house, man." Muneeb then allegedly asked the AI: "how do you clear all event and application logs from Microsoft windows server 2012." Muneeb is charged with conspiracy to commit computer fraud and to destroy records, two counts of computer fraud, theft of US government records, and two counts of aggravated identity theft.  Sohaib is charged with conspiracy to commit computer fraud and to destroy records and computer fraud (password trafficking).  If convicted, Muneeb faces a mandatory minimum penalty of two years in prison for each aggravated identity theft count and a maximum penalty of 45 years in prison on the remaining charges, while Sohaib faces a maximum penalty of six years in prison. Both men appeared in court on Wednesday, remain in custody, and have detention hearings scheduled for Friday. The brothers pleaded guilty in 2015 to federal charges related to hacking the US State Department and a cosmetics company.  Back in 2015, according to the DOJ, Sohaib was a contractor working at the State Department when he accessed personally identifiable information belonging to his coworkers and others, including agents investigating him. In 2013, Muneeb was a contractor for a data aggregation company and used pilfered data to help his business win lucrative federal contracts. After breaching the cosmetics company and stealing thousands of its customers' credit card and personal information, the brothers used the credit cards to purchase flights, hotel reservations, and attendance at professional conferences. Muneeb also provided the stolen data to another criminal who sold it on the dark web, while giving Muneeb a cut of the profits. For these earlier crimes, Muneeb was sentenced to 39 months in prison and Sohaib was sentenced to 24 months. Opexus did not say why it fired the brothers, but an email published by Bloomberg that Sohaib allegedly sent to other employees during the incident strongly implies that the pair were terminated after their prior crimes came to light. "Opexus/CasePoint hires Uncleared personnel to work with your data; I was one of these uncleared personnel. The databases are insecure, using the same username and password to be accessed by all. They fired me because some of you determined I was unfit to deal with your data," Sohaib allegedly wrote.