Federal Contractors Charged with Attempted Data Theft and Destruction

Criminal data theft charges have been filed against twin brothers employed as federal contractors, writes Sergiu Gatlan in BleepingComputer. Muneeb and Sohaib Akhter are accused of conspiring to steal sensitive information following their termination.

The Department of Justice says that the brothers exploited their contractor access to interfere with US government systems and destroy government databases.

The Akhter brothers have a prior criminal history involving unauthorized access to US State Department systems. They were sentenced to several years in prison in June 2015 after pleading guilty to data theft of co-workers’ personal information and breaches of private-sector targets.

After serving prison sentences, both were rehired as contractors. They now face new indictments that include computer fraud and aggravated identity theft. Prosecutors allege that their post-employment actions included wiping databases, preventing modifications to targeted systems, and removing evidence from both electronic devices and personal property.

According to court documents, Muneeb Akhter allegedly deleted approximately 96 databases containing sensitive US government information, including records subject to the Freedom of Information Act and investigative files from multiple federal agencies. Reports indicate that he sought technical guidance from an artificial intelligence tool to erase system logs after deletions.

The brothers also reportedly stole federal tax data, Equal Employment Opportunity Commission information, and other proprietary government records. Both men are charged with multiple counts that carry significant potential prison sentences if convicted.

Muneeb Akhter faces a minimum of two years in prison for each aggravated identity theft count, and up to 45 years on other charges. Sohaib Akhter, charged with conspiracy to commit computer fraud and password trafficking, could face up to six years in prison if convicted.

Legal teams can look to the case as an example of what happens if cybersecurity protocols and access monitoring are lax. Post-employment controls in federal contracting arrangements were clearly lacking as well.