Fired IT Twins Forgot to Stop Teams Recording, Caught Themselves
Key Takeaways
- The Akhter twins deleted 96 US government databases within an hour of being fired from federal IT contractor Opexus
- Prosecutors obtained a verbatim transcript because the brothers forgot to stop the Teams recording from their termination meeting
- The recording captured them discussing whether backups existed and consulting AI on how to cover their tracks
When federal prosecutors charged twin brothers Muneeb and Sohaib Akhter with deleting 96 US government databases, one detail puzzled observers: the government had a word-for-word transcript of everything the twins said during their hour-long deletion spree.
The brothers lived together in Arlington, Virginia. They were chatting in the same room, not texting. So how did investigators capture the audio? Secret surveillance software? FBI agents with microphones? Corporate spyware?
The answer is simpler and more absurd. The twins recorded themselves. By accident. Because they forgot to stop the Microsoft Teams meeting from their termination call.
The Termination That Kept Recording
On February 18, 2025, two HR employees from Opexus, a federal IT contractor, scheduled a Teams meeting with both brothers. Opexus had just discovered that Muneeb and Sohaib had both previously served prison time for cyberfraud. The company was firing them.
Sohaib started recording the meeting at 4:48 PM Eastern. The HR personnel left the call about two minutes and 40 seconds later. But the recording kept running.
According to court documents, the twins apparently did not realize the meeting was still capturing audio. For the next hour, as they systematically deleted government databases, Teams recorded everything.
What the Recording Captured
The government's court filing includes snippets of the brothers' conversation. The exchanges sound less like criminal masterminds and more like people who did not think through what they were doing.
“Still connected? Still on the VPN?”
— Sohaib Akhter, captured on Teams recording
The recording shows Sohaib asking if they should delete all the databases. Muneeb's response: "Eh, they can recover them...backups, I'm pretty sure."
When Sohaib asked about daily backups, Muneeb confirmed with "Yup." The brothers then discussed whether to negotiate severance or proceed with their plan. The transcript cuts off, but the damage was already documented.
AI Could Not Save Them
The brothers reportedly asked AI tools how to cover their tracks. This did not work. Whatever suggestions they received, the fundamental problem remained: they had recorded themselves committing the crimes.
The Akhter twins were not new to cybercrime. Both had previously served prison sentences for cyberfraud. But this incident suggests their technical skills exceeded their operational security awareness by a wide margin.
The Court Filing Nobody Wanted to Read
This information comes from a court document titled "United States' Response in Opposition to Defendant's Motion to Revoke the Detention Order." That name practically begs readers to skip it. But the filing contains the most detailed account of how investigators obtained evidence against the twins.
The case remains ongoing. The brothers face federal charges for the database deletions. The accidental recording forms a central piece of the prosecution's evidence.
Logicity's Take
What This Means for IT Security
The hour-long window between termination and database deletion points to a gap in Opexus's offboarding process. Standard practice is to revoke system access before or simultaneously with termination notification. The twins retained VPN access long enough to cause significant damage.
Federal contractors handling government data face strict security requirements. This incident will likely prompt reviews of access termination procedures across similar organizations.
Frequently Asked Questions
How did investigators get a recording of the twins deleting databases?
Sohaib Akhter recorded the termination meeting via Microsoft Teams and forgot to stop the recording. It captured the next hour of conversation as the brothers deleted government databases.
How many databases did the Akhter twins delete?
The brothers deleted 96 US government databases in the hour after being fired from federal IT contractor Opexus.
Why were the twins fired from Opexus?
Opexus discovered that both brothers had previously served prison time for cyberfraud and terminated their employment.
Did the twins try to cover their tracks?
According to reports, they consulted AI tools for advice on hiding their activities. This did not help, given they had already recorded themselves committing the crimes.
Another recent case of IT infrastructure security vulnerabilities requiring immediate attention
Need Help Implementing This?
Source: Ars Technica
Manaal Khan
Tech & Innovation Writer
Related Articles
Browse all
Robotaxi Companies Are Hiding How Often Humans Take the Wheel
Autonomous vehicle firms like Waymo and Tesla are under scrutiny for refusing to disclose how often remote operators step in to control their self-driving cars. A Senate investigation reveals major gaps in transparency, raising safety and accountability concerns.
Wisconsin Governor Throws a Wrench in Age Verification Plans
Wisconsin Governor Tony Evers has vetoed a bill that would have required residents to verify their age before accessing adult content online, citing concerns over privacy and data security. This move comes as several other states have already implemented similar age check requirements. The veto has significant implications for the future of online age verification.
Apple's App Store Empire Under Siege: The Battle for the Future of Tech
The long-running feud between Apple and Epic Games has reached a boiling point, with Apple preparing to take its case to the Supreme Court. The tech giant is fighting to maintain control over its App Store, while Epic Games is pushing for more freedom for developers. The outcome could have far-reaching implications for the entire tech industry.
Tesla's Remote Parking Feature: The Investigation That Didn't Quite Park Itself
The US auto safety regulators have closed their investigation into Tesla's remote parking feature, but what does this mean for the future of autonomous driving? We dive into the details of the investigation and what it reveals about the technology. The National Highway Traffic Safety Administration found that crashes were rare and minor, but the investigation's closure doesn't necessarily mean the feature is completely safe.
Also Read
5 Smart Home Routines That Save Time, Not Just Show Off
Most smart home setups end up as expensive party tricks. A tech journalist shares five automation routines he actually uses daily, starting with a simple smart plug that makes his morning tea while he handles the chaos of getting kids to school.
Cisco SD-WAN Zero-Day Exploited: CISA Orders Patch by May 17
Cisco disclosed a critical authentication bypass flaw in its Catalyst SD-WAN Controller that attackers have been exploiting in the wild. The vulnerability allows attackers to gain administrative privileges and manipulate network configurations. CISA has added it to the Known Exploited Vulnerabilities catalog with a three-day patch deadline.
5 New Shows to Stream This Weekend on Netflix, Paramount+
This weekend brings a Heat-inspired crime thriller to Netflix, the second season of Rivals on Hulu, and new content from Taylor Sheridan's Yellowstone universe. Here's what's worth your streaming time from May 15-17.