alt Hacker NewsTwin brothers wipe 96 government databases minutes after being fired
Comments
> On March 12, 2025, a search warrant was executed at Sohaib’s home in Alexandria. Agents grabbed plenty of tech gear but also turned up seven firearms and 370 rounds of .30 caliber ammunition. Given his former crimes, Sohaib should have had none of this.
For god's sake, don't commit crimes while you're committing crimes.
I'm just amused how these people were even hired to begin with ? They don't seem to be Americans? How were they even allowed to work on sensitive systems? Why was this even allowed? So many questions.
At 4:58 pm, he wiped out a Department of Homeland Security database using the command “DROP DATABASE dhsproddb.”
At 4:59 pm, he asked an AI tool, “How do i clear system logs from SQL servers after deleting databases?” He later asked, “How do you clear all event and application logs from Microsoft windows server 2012?”
In the space of a single hour, Muneeb deleted around 96 databases with US government information.> At 4:58 pm, he wiped out a Department of Homeland Security database using the command “DROP DATABASE dhsproddb.”
This article is hilarious. The two bickering brothers remind me of the guys in the Oceans movies played by Casey Affleck and Scott Caan. It’s amazing they got this close to sensitive data.
About 25 years ago we had layoff at a company I worked for. One of the DBA's got fired along with others. Back in the day they didn't revoke access and you had your work computer available until the end of the day. Most, who were fired, just packed and went on their way.
The fired DBA however, stayed behind and finished backing up the databases he was assigned to backup.
Once the job was done, he packed and left.
True story!
I don’t know where to start with this other than to point out that there is no way in hell these two clowns had the security clearance necessary to access a prod DB at DHS. I can only assume they stole creds from another employee who had that level of clearance. Also, tax records are not stored in a DHS domain .
I think this story has been sanitized to mask some details which is ok I guess but I ain’t buying the back story.
> it does follow from the simple fact that a fired employee with access to company systems is a security risk.
No, employees that can wipe 96 databases are a security risk, even when they're employed. But of course it's easier to go the inhumane route of cutting everything off at employment end rather than fix it properly
How did they get access to 5k passwords? Are they being sent/stored in cleartext? This is the most baffling part of the article for me.
The second part I'm unclear about is how you could pass SOC2 when you aren't terminating account access simultaneously with the employment termination.
I have no problem with my credentials being revoked everywhere before I know about a layoff. I don't really care how I learn about it, just please don't make me come in to the office.
I wonder if their stellar academic record is due to the same shenanigans? Given that they were caught manipulating logs and deleting evidence to cover their tracks in 2025, that they did the same to their academic records is technically plausible.
In 2011, university systems like George Mason’s were significantly more vulnerable to the exact type of SQL injection and credential theft they were using in their early criminal years.
He may be a bad person but he has a very pretty handwriting.
In my company there were layoffs recently. People had access to production database due to support requests, as we're a young company, so no least-privilege rules were applied yet. Nobody did anything bad. People knew what was going to happen, but no retaliation happened. First, I guess, to not have any problem with law, to pursue the next job without burdens. Things are traceable. Second, why? Why should I destroy my colleagues' work?
Look the us government (and I'm sure many others) is so inept at basic software construction I can only view this as a good thing. I presume thousands previous penetrations were simply not so trivially detected.
> Muneeb and Sohaib Akhter, now both 34, had been in trouble before. Back in 2015, the brothers pled guilty in Virginia to a scheme involving wire fraud and computers. Muneeb was sentenced to three years in prison, while Sohaib got two.
After their stints in jail, the brothers worked their way back into the tech world. In 2023, Muneeb got a job with a Washington, DC, firm that sold software and services to 45 federal clients; Sohaib got a job at the same company a year later.
What in the actual fuck. I'm all for giving people second chances. But maybe some ringfencing?
Nice handwritings, though.
Sidenote I love that the DHS prod DB is called “dhsproddb”.
prosecute the company too.
storing passwords in plaintext should be persecuted & having unlimited access to customer databases.
A true professional always makes sure to leave their workspace completely spotless before going home
> Muneeb Akhter asked Sohaib Akhter for the plaintext password of an individual who submitted a complaint to the Equal Employment Opportunity Commission’s Public Portal, which was maintained by the Akhters’ employer. Sohaib Akhter conducted a database query on the EEOC database and then provided the password to Muneeb Akhter.
WTF?
> “Delete their filesystem as well?” he said.
> “Smart idea,” said Muneeb.
Seems obvious they weren't destroying databases just out of malice (i.e. retribution for being fired), but in order to cover up something/s..
This whole story is just line after line of utter incompetence.
The "after they were fired" sounds catchy, but isn't even the biggest failure.
This organization shouldn't be permitted anywhere near government, or any non-public, data/information.
Claude: drops production zone with the database and backups
Meatbags: hold my beer...
Dumb and dumber. Criminals just can't stop doing crimes (the password stuff, the gun stuff, etc, etc).
It’s crazy that people are desperate for jobs and these clowns get hired.
> On Feb. 1, 2025, Muneeb Akhter asked Sohaib Akhter for the plaintext password of an individual who submitted a complaint to the Equal Employment Opportunity Commission’s Public Portal, which was maintained by the Akhters’ employer. Sohaib Akhter conducted a database query on the EEOC database and then provided the password to Muneeb Akhter. That password was subsequently used to access that individual’s email account without authorization.
It should be a federal crime with prison time to make a DB for a federal agency and not hash and salt passwords or other auth credentials.
How on earth did someone previously convicted of what sounds like hacking get job access to so many prod government databases? Wild that it took them so long to get caught.
The handwriting was very solid.
Some good handwriting
so, apparently, the passwords were stored in cleartext.
<In the US, fired and laid-off workers often have their digital credentials deactivated before they learn about the loss of their jobs; indeed, the inability to log in to a corporate system may be the first an employee knows of the situation.
They still can install traps that detonates if they are fired. A simple cron job is enough to break havok.
Hire ethical people.
These are the cases why I understand HR kicks people out immediately during a layoff. But then the employee cries inhumanity and desires that they have access for weeks, when they no longer need to. It’s a risk that’s proven unwise. Blame the layoff, not the access revocation
This is very surprising that they would pass a background check. I've been denied an offer because of a low credit score multiple times.
Dude gets A++ on penmanship, seriously someone should make a font.
> While this was going on, the brothers held a running conversation. (The government is not clear about whether this took place over text, instant message, or in person.)
Explain to me how we can have a transcript of a conversation without knowing whether it was in person or not. I'm baffled by this sentence.
Deleting data like that is a crime investigated by the FBI. In a very sad story, a brilliant former coworker made a mistake of deleting data after leaving employment and ended up in prison. Brilliant guy, momentary mistake. Overzealous employer.
Asked for the plaintext password, and then his brother made a “ database query on the EEOC database and then provided the password”.
I wonder how many government dbs store passwords in plaintext…
Also, these guys sound like sociopaths. I bet some of their peers felt constant discomfort and threat just being near them.
This makes sense but also an employee who is dishonest is also a security risk; fired or not.
It's ridiculous that companies don't seem to care about ethics. They never seem to select candidates based on proven ethics. They don't even ask any such questions.
For example, I've been in at least 2 situations where I had the ability to inflict major damage to companies which had treated me very poorly and I could have legally gotten away completely whilst doing variants of 'the wrong thing' and profiting but I didn't do it because I have principles. Unfortunately it seems that few people do nowadays. Leaders are fooling themselves if they think they can completely factor out ethics and make it all about aligning incentives. Incentive alignment creates its own problems as this alignment requires constant maintenance and it's both expensive and detrimental in the long run. These people will tend to sabotage every aspect of their responsibilities which isn't directly measured... In order to gain leverage. It's not clever. It's crooked. Should not be rewarded.
My experience as a software developer is that managers alway have lots of blind spots and the wrong people will take advantage of all of them, even when it negatively impacts the company.
The penmanship of the guy is extremely neat, like, uncannily so
imagine the delete-fest the current whitehouse is going to do in a few years
all with pardons waiting so they can't be convicted
they might not even wait a few years
[dead]
Oh no, the workers have power!
> [Opexus] said that “the individuals responsible for hiring the twins are no longer employed by Opexus.”
Getting close to the classic Monty Python line: "Those responsible for sacking the people who have just been sacked, have been sacked."
Jokes aside, stuff like this sucks because I suspect many employers will take from it the most extreme, dehumanizing lessons, e.g.: (a) make firings [edit: including lay-offs] as abrupt as possible including terminating all access immediately, (b) never give second chances to anyone with any sort of criminal record (even say decades old marijuana posession or something).
I'd prefer a more balanced version: limit unilateral access to sensitive systems in general (not just of recently-fired employees), when someone is fired immediately shut off particularly sensitive credentials if they do exist (but not their general-purpose login/email account), avoid hiring people convicted of wire fraud as sysadmins, hash your @!#$ing passwords, etc.