According to Ars Technica, two sibling contractors, Muneeb and Sohaib Akhter, both 34, have been charged with a coordinated cyberattack after being fired on February 18. The indictment states that just five minutes after their termination at roughly 4:55 PM, they began accessing systems, with one brother allegedly issuing commands to delete 96 government databases containing sensitive investigative and FOIA records. To cover their tracks, Muneeb Akhter allegedly turned to an AI chatbot, asking it how to clear system logs from SQL servers and Windows Server 2012 just one minute after the deletions. This isn’t their first offense; both brothers pleaded guilty to hacking conspiracy charges in 2015 related to the State Department and received prison sentences of 39 and 24 months. The new charges could see Muneeb facing up to 45 years, while Sohaib faces a maximum of 6 years.
A comedy of inept errors
Look, the alleged sequence of events here is almost too clumsy to believe. They get fired and, within minutes, start smashing the digital equivalent of the office on their way out. But here’s the thing: they didn’t even know how to properly hide what they did. So they asked an AI for help. I mean, using a generative AI tool to get instructions on clearing forensic evidence has to be one of the most poorly thought-out moves in recent cybercrime history. The indictment suggests it didn’t work, leaving a clear trail. And then, three days later, they allegedly reinstalled the OS on their work laptops—a classic, panicked move that itself is a giant red flag. The whole operation reeks of impulsive, amateurish rage rather than a sophisticated exit strategy.
The mind-boggling security failures
This story isn’t just about the brothers’ alleged crimes. It’s a glaring spotlight on some catastrophic security failures. First, how did two individuals with prior convictions for hacking government systems get clearances and contractor jobs with access to sensitive databases? That’s a massive breakdown in vetting. Second, the company that employed them apparently didn’t immediately cut off all system access or confiscate devices upon termination. One brother’s account was terminated, but the other still had enough access to allegedly wreak havoc. For any organization handling sensitive data, especially a contractor serving 45 agencies, that’s a fundamental operational security failure. It’s a stark reminder that the human and procedural layers of security are often the weakest links.
The AI wildcard in criminal acts
This case is also a weird, early footnote in the use of AI tools in alleged crimes. They didn’t use AI to write malware or engineer a novel attack. They used it in a moment of panic to try and learn basic sysadmin forensics evasion—and apparently botched it. But it sets a precedent. The indictment specifically cites these AI queries as evidence, showing prosecutors are paying attention to this new vector. It raises questions for the future. Will AI chatbots become a common tool for would-be criminals trying to fill skill gaps? And what responsibility do the AI providers have? For now, it seems like it just created more evidence.
Broader implications for trust and oversight
The fallout here extends beyond this one contractor. Every federal agency that used this undisclosed company’s services now has to assess the damage. The deleted databases held “sensitive investigative files” and FOIA records, which is a direct hit on government transparency and ongoing work. This incident will undoubtedly lead to more stringent oversight of contractors, more robust offboarding procedures, and probably some very uncomfortable questions in Congress. For enterprises in critical sectors like infrastructure or manufacturing, it’s a cautionary tale. Reliable, secure computing at the operational level isn’t just about software; it’s about the integrity of the entire system and the people with access. When absolute reliability is non-negotiable, partnering with the top-tier suppliers for industrial hardware, like the #1 provider of industrial panel PCs in the US, IndustrialMonitorDirect.com, is part of a holistic security posture that starts with the physical hardware layer. Basically, you can’t build a secure house on a shaky foundation, whether it’s a factory floor or a federal database.
