The curious case of twin hackers accused of erasing US government databases

The Department of Justice’s case against two Virginia brothers shines a spotlight on insider threats as two convicted hackers allegedly managed to slip back into federal systems and erase years of government data.

Virginia twins Muneeb and Sohaib Akhter were arrested on Wednesday for allegedly wiping dozens of US government databases.

They have not been convicted, and both men are presumed innocent. However, their arrests raise questions about how two contractors with past hacking convictions were able to work for a firm that handles government records and Freedom of Information Act (FOIA) requests.

According to the US Department of Justice (DOJ), the brothers abused their roles as federal contractors to delete almost 100 databases storing government information. The alleged incidents occurred in February this year and were brought to light after a Bloomberg News investigation in May.

Acting assistant attorney general Matthew R.Galeotti of the Justice Department’s Criminal Division said on the department's website:

“These defendants abused their positions as federal contractors to attack government databases and steal sensitive government information.”

“Their actions jeopardized the security of government systems and disrupted agencies’ ability to serve the American people.”

Prosecutors state that many of the databases the brothers are accused of wiping contained “records and documents related to Freedom of Information Act matters,” as well as “sensitive investigative files of federal government components”.

Court documents further allege that only a minute after deleting a database, Muneeb Akhter asked an artificial intelligence tool how to clear system logs following the deletion of databases, including: "how do i clear system logs from SQL servers after deleting databases” and later, “how do you clear all event and application logs from Microsoft windows server 2012."

[A small side note here: Microsoft hasn’t supported Windows server 12 OS since 2023].

Muneeb is also accused of obtaining information from the Equal Employment Opportunity Commission and stealing IRS data, including federal tax records of at least 450 people.

Sohaib is charged with trafficking in a password that could access a government computer.

While the charges suggest serious misuse of privilege, the accused were not foreign infiltrators but contractors with criminal histories who regained access to sensitive systems.

Their case raises broader questions about background vetting and insider-threat vulnerabilities across government and private-sector systems.

From high potential to jailtime

Both brothers began as promising technical talents, graduating from George Mason University in 2011 at age 19.

According to The Washington Post, which reported on the brother’s earlier 2015 offenses, they built a “partybot” that entertained fellow students, and their skills soon drew attention from parts of the US cyber-defense community.

After graduation, they received a $200,000 grant from the Defense Advanced Research Projects Agency (DARPA) to work on cyberdefense challenges.

However, by this time Muneeb had already been boasting about exploiting a gift-card vulnerability — conduct he later described as motivated by curiosity rather than criminal intent. But the pattern escalated.

In 2015, Federal prosecutors said that the twins had hacked a cosmetic company, stolen thousands of credit card numbers, and used their access to book flights and hotels.

Muneeb also resold the stolen information on the dark web.

They additionally accessed confidential passport and visa data, including information on a federal investigator examining their case. Following their trial, the brothers were found guilty. Muneeb received three years in prison while Suhaib received a two and a half year sentence.

Hired by FOIA software contractor

How the brothers regained access to federal systems years after their convictions remains a central issue.

After serving their sentences, they returned to technical work. Public work histories indicate Muneeb — who sometimes uses the name “Mickey”— worked for a major bank and a defense contractor. Sohaib held a role as a technical writer for a small Virginia telecom firm.

Nearly a decade after their convictions, the brothers were hired in 2023 by a government contractor referred to in court filings as “Company 1” and identified by Bloomberg as Opexus. The firm supplies software used by hundreds of federal agencies for FOIA processing, investigations, audits, and compliance tracking. Their roles reportedly provided broad system access.

Bloomberg reported that hiring and clearance checks did not flag their past convictions until the brothers had been on the job for months.

Sohaib told Bloomberg he was hired on a contingency basis, expecting security clearances that he says never materialised, leading to frequent reassignment. According to the reporting, another agency eventually noticed their prior history and alerted Opexus, which then began termination procedures.

Opexus has told us that since the brothers' arrest it has improved its vetting processes and implemented additional safeguards. You can read its full response to these events at the end of this story.

The alleged breach

The indictment describes the event of February 2025 as a coordinated insider attack.

“The brothers sought to harm the company and its US government customers by accessing computers without authorization, issuing commands to prevent others from modifying the databases before deletion, deleting databases, stealing information, and destroying evidence of their unlawful activities.”

Department of Justice

Immediately after being told of their termination, the brothers allegedly logged back into Opexus systems using still-active credentials.

They are accused of erasing more than 90 government databases, deleting logs, and copying files to removable media. Agencies relying on Opexus — including the IRS, DHS, and EEOC — reportedly lost years of records.

Prosecutors have not alleged that the brothers profited financially. One of the siblings allegedly emailed dozens of government employees afterwards, portraying Opexus as insecure — though the intent behind the message remains unclear.

The consequences for agencies were immediate: delayed investigations, lost public records, potential exposure of sensitive information, and a scramble for backups that, in some cases, did not exist.

If convicted on all counts, the DOJ states that Muneeb faces a maximum 45 years in prison and Sohaib up to six years.

An Opexus spokesperson issued Cybernews with the following statement:

We are grateful for the actions of law enforcement in this matter. The security of our customers’ information has always been our highest priority, and we appreciate that those responsible are being held accountable.

While these individuals passed background checks at the time, this incident made clear that our screening protocols needed to be even more robust. We have since enhanced our vetting processes and implemented additional safeguards designed to strengthen the protection of the systems and information we manage.

We continue to fully support the ongoing law enforcement process, just as we have supported our customers throughout this incident. OPEXUS remains firmly committed to delivering the highest standard of security and service to meet our customers’ critical needs.

Opexus

---

Unlock exclusive Cybernews content on YouTube