From the U.S. Department of Justice:
Two Virginia men were arrested today for their roles in a conspiracy to destroy government databases hosted by a federal government contractor, among other crimes.
According to court documents, brothers Muneeb and Sohaib Akhter, both 34, of Alexandria, Virginia, were indicted on Nov. 13 for conspiring to delete databases used to store U.S. government information. Both men were federal contractors. Following the termination of their employment, the brothers allegedly sought to harm the company and its U.S. government customers by accessing computers without authorization, issuing commands to prevent others from modifying the databases before deletion, deleting databases, stealing information, and destroying evidence of their unlawful activities.
The indictment alleges that on or about Feb. 18, Muneeb Akhter deleted approximately 96 databases storing U.S. government information. Many of these databases contained records and documents related to Freedom of Information Act matters administered by federal government departments and agencies, as well as sensitive investigative files of federal government components.
Court documents further allege that approximately one minute after deleting a DHS database, Muneeb Akhter asked an artificial intelligence tool how to clear system logs following the deletion of databases.
According to the indictment, the brothers also discussed cleaning out their house in anticipation of a law enforcement search. The company laptops used by both men were wiped before being returned to the federal contractor.
Muneeb Akhter also allegedly obtained information from the U.S. Equal Employment Opportunity Commission without authorization after he was fired from the contractor. He is further alleged to have stolen copies of IRS information stored on a virtual machine, including federal tax information and other identifying information of at least 450 individuals.
The indictment also charges Sohaib Akhter with trafficking in a password that could access a computer used by and for the government of the United States.
Muneeb Akhter is charged with conspiracy to commit computer fraud and to destroy records, two counts of computer fraud, theft of U.S. government records, and two counts of aggravated identity theft. Sohaib Akhter is charged with conspiracy to commit computer fraud and to destroy records and computer fraud (password trafficking). If convicted, Muneeb Akhter faces a mandatory minimum penalty of two years in prison for each aggravated identity theft count and a maximum penalty of 45 years in prison on the remaining charges. If convicted, Sohaib Akhter faces a maximum penalty of six years in prison.
The FDIC Office of Inspector General (OIG), DHS OIG, and Homeland Security Investigations are investigating the case.
An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
How Did These Convicted Felons Get Hired by Opexus?
As DataBreaches previously reported, this breach is somewhat stunning for the simple fact that these two previously convicted felons were ever hired by a federal government contractor. That contractor, Opexus, declined to comment as to whether the brothers had undergone any heightened background check. The federal government also declined to comment.
But it gets even worse. Leopold reported:
On Feb. 18, about a year into their Opexus tenure, the brothers were summoned into a virtual meeting with the company’s human resources officials, and terminated. But that was only the beginning.
During their meeting with human resources, Muneeb Akhter still had access to data stored on Opexus servers. He accessed an IRS database from his company issued laptop and blocked others from connecting to it, according to the independent report, which was prepared by Mandiant, a cybersecurity firm owned by Google that was hired to investigate the breach. He also accessed a GSA database and deleted it, the report says.
While still on the virtual meeting with HR, he proceeded to delete 33 other databases, including one that contained documents that held FOIA requests submitted to numerous government agencies, according to the cybersecurity report. A copy of Mandiant’s report was reviewed by Bloomberg News.
More than an hour after being fired, Muneeb Akhter inserted a USB drive into his laptop and removed 1,805 files of data related to a “custom project” for a government agency, the cybersecurity report said.
Does the government still have a contract with Opexus? Well, yes, it appears it does. Some state and local agencies also have contracts with Opexus.