Twin brothers who once rebuilt their careers after prison are now at the center of one of the most damaging insider attacks tied to US government systems in recent years. Federal prosecutors say the pair deleted 96 databases within minutes of being fired from a Washington, DC, tech company that handled software and services for dozens of federal agencies.
The case also shows why many US companies cut off employee access before layoffs become official. It may feel cold, but security teams know that a fired worker with active credentials can become a major threat.
According to prosecutors, brothers Muneeb and Sohaib Akhter had a long history with computer crime. In 2015, both pleaded guilty in Virginia to fraud and computer-related charges. Muneeb served three years in prison. Sohaib served two. After release, they worked their way back into tech jobs.
Muneeb joined a Washington-area contractor in 2023. The company worked with 45 federal clients. Sohaib joined the same company in 2024.
But investigators say the brothers soon returned to criminal activity.
From Fired to Federal Charges: The 60-Minute Database Deletion
Court records claim that Muneeb collected more than 5,400 usernames and passwords from company systems. He then built Python scripts to test those credentials on outside services. One script, called “marriott_checker.py,” tried the stolen logins against hotel accounts. Other accounts included airline and DocuSign services.
Prosecutors say Muneeb used some of the accounts for personal gain. In several cases, he booked airline travel using reward miles from compromised accounts.
The company appears to have learned about the brothers’ criminal history in February 2025. On February 18, both men were called into a Microsoft Teams meeting and fired.
The meeting ended at 4:50 p.m.
Five minutes later, Sohaib tried to log into the company network. His access had already been disabled. Muneeb’s account, however, still worked.
What followed became the core of the federal case.
At 4:56 p.m., prosecutors say Muneeb accessed a government database maintained by the company. He locked out other users and issued commands to delete the system.
Two minutes later, he allegedly deleted a Department of Homeland Security database using the command “DROP DATABASE dhsproddb.”
At 4:59 p.m., he turned to an AI tool for help. Prosecutors say he asked questions about clearing SQL server logs and wiping Windows Server event logs after database deletions.
Within an hour, investigators say Muneeb deleted about 96 databases tied to US government information systems. He also copied 1,805 files linked to the Equal Employment Opportunity Commission onto a USB drive and downloaded federal tax records belonging to at least 450 people.
A Brother’s Betrayal and the Raid in Alexandria
During the attack, the brothers discussed the damage in real time. “I see you cleaning out their database backups,” Sohaib reportedly told Muneeb.
When the number of deleted systems grew, Sohaib warned him to keep “plausible deniability.”
Muneeb seemed calm about the destruction. He said the company could recover data from backups created the previous day.
The conversation soon shifted to more aggressive ideas.
“Delete their filesystem as well?” Sohaib suggested. “Smart idea,” Muneeb replied.
At one point, Sohaib suggested blackmail. Muneeb rejected the idea, saying it would create proof of guilt. The two also argued about whether they should target the company’s customers.
As the attack continued, Sohaib predicted that federal agents would raid their home.
He was right.
Three weeks later, federal agents searched Sohaib’s home in Alexandria, Virginia. Investigators seized computers, storage devices, seven firearms, and hundreds of rounds of ammunition. Because of his prior felony conviction, prosecutors say Sohaib was banned from possessing weapons.
The brothers were arrested in December 2025.
Muneeb later signed a plea agreement in April 2026. He admitted to key parts of the case. Sohaib went to trial instead.
The Akhter Brothers and the Federal Crackdown on Gov-Tech Fraud
On May 7, 2026, a jury found Sohaib guilty of conspiracy to commit computer fraud, password trafficking, and illegal firearm possession. He is scheduled for sentencing in September.
The case looked finished. Then Muneeb began filing handwritten letters from jail.
In one note to the judge, he said he felt pressured into signing the plea deal and claimed he stood with his brother “in his innocence.” In another filing, he argued that accessing DocuSign accounts did not involve anything “of value.”
He did not dispute the database deletions.
Muneeb also asked to represent himself in court. Legal experts often view that move as risky in federal criminal cases. Still, defendants with technical skills sometimes believe they can outmaneuver prosecutors on their own.
For the Akhter brothers, that confidence has already led to one federal conviction, one guilty plea, and a case that now stands as a sharp warning about insider threats in government tech systems.
