Fired Hacker Twins Forget to Stop Teams Recording, Document Their Own Crime
Twin hacker brothers recorded their plan to delete U.S. government databases on Microsoft Teams after being fired, inadvertently documenting their crime.
Forgetting to Stop Recording During Teams Meeting
Twin hackers Muneeb Akhter and Sohaib Akhter, 34, who worked for U.S. federal IT contractor Opexus, have been indicted for deleting 96 U.S. government databases after being fired. The key evidence in this case came from a Microsoft Teams meeting where they were informed of their termination. Unbeknownst to them, the recording continued, capturing their conversation about the planned crime.
Hiding Criminal Records Before Employment, Fired After Discovery
The Akhter brothers had previously served time for cybercrimes but concealed their criminal history upon joining Opexus. When the company uncovered their past, it informed them of their termination on February 18, 2025. The termination meeting began at 4:48 PM EST on Microsoft Teams, during which Sohaib initiated the recording. However, after the HR representative left the meeting approximately two minutes and 40 seconds later, the brothers forgot to stop the recording.
Detailed Criminal Planning Captured on Teams
The recording continued for an hour, documenting the brothers’ conversation about accessing their former employer’s system via VPN to delete databases. For instance, Sohaib asked, “Are we still connected? Is the VPN still active?” to which Muneeb replied, “There’s a backup, so they can restore it.” Sohaib then asked, “Should we delete all the databases?” and the two were heard discussing the specifics of their plan.
Key Evidence for Prosecutors
The Teams recording became crucial evidence for prosecutors, proving the brothers’ deliberate intent to commit the crime. Despite knowing backups existed, they seemingly calculated that recovery would take time. The incident has highlighted the importance of corporate security measures and employee monitoring practices.
Implications for Corporate Security
In light of this case, companies are urged to immediately revoke system access for employees upon termination and reassess remote meeting recording policies. Strengthening internal threat prevention, especially in remote working environments, has become an urgent priority.
Frequently Asked Questions
- Why were the hacker twins fired?
- They concealed their past cybercrime convictions when joining Opexus. When the company discovered their criminal history, they were terminated.
- How did the Teams recording become evidence of the crime?
- The twins started recording the termination meeting but forgot to stop it, inadvertently capturing their conversation about deleting databases, which prosecutors used as evidence.
- What can companies learn from this incident?
- Companies should ensure thorough background checks, immediately revoke access upon termination, and establish clear policies for recording remote meetings.
Comments