Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording

Two hackers, Muneeb and Sohaib Akhter, were arrested and pleaded guilty after their Microsoft Teams meeting was recorded and used as evidence in court, revealing their plan to destroy government databases following their termination from a federal contractor.

The Akhter brothers, both aged 34, were fired from their jobs at the federal contractor Opexus after their criminal records came to light. During their termination meeting, which lasted only minutes, they discussed retaliatory actions, including deleting sensitive government data. The meeting was recorded because they failed to close the session, and the transcript was later discovered in court documents. Over several hours, they executed a campaign to destroy 96 government databases, according to prosecutors. Muneeb has attempted to recant his plea through handwritten notes, but the court has not yet acted on this claim.

Authorities identified the brothers through the transcript, which included exchanges such as Sohaib asking, “Still connected? Still on the VPN?” and Muneeb responding, “We are doing petty shit now.” The case underscores the importance of digital security and caution during cyberattacks, especially when involving internal communications.

Why It Matters

This incident highlights how digital footprints, even in seemingly brief meetings, can be critical in cybercrime investigations. It serves as a cautionary tale for both malicious actors and organizations about the importance of digital hygiene and the risks of leaving traces that can be used as evidence. The case also demonstrates how internal communications can inadvertently expose criminal plans, emphasizing the need for security awareness in corporate environments.

Background

The brothers’ actions follow a pattern of cybercriminal behavior involving insider threats and retaliation after employment termination. Their case is notable because it involved a recorded Teams meeting, which is not always the case in cyberattacks. The incident adds to ongoing discussions about cybersecurity, employee monitoring, and the potential for internal communications to serve as evidence in criminal proceedings. The brothers’ criminal history included hacking and wire fraud, which contextualizes their motives and previous activities.

“The recorded Teams meeting was a critical piece of evidence that directly linked the brothers to the planned destruction of government data.”

— Prosecutor

“My client regrets the actions taken and has expressed remorse in handwritten notes.”

— Defense attorney (Muneeb Akhter)

What Remains Unclear

It is not yet clear whether the brothers had additional accomplices or if there are further undisclosed plans. Muneeb’s attempt to recant his plea has not been formally accepted, and the full extent of their cyber activities remains under investigation.

What’s Next

The court will review the brothers’ pleas and any motions to recant. Further investigations may reveal additional evidence or accomplices. Authorities may also examine whether the brothers planned other cyberattacks or had prior involvement in similar incidents.

Key Questions

How did the authorities discover the cyberattack?

The transcript of the Microsoft Teams meeting was discovered during court proceedings related to their employment termination, which directly linked the brothers to the planned database destruction.

What charges are the brothers facing?

They have pleaded guilty to charges related to destroying government databases, with potential sentencing depending on court proceedings and any recantation attempts.

Could this incident have been prevented?

Yes, better digital security practices, such as ensuring meetings are properly closed and monitoring internal communications, could have reduced the risk of such evidence being recorded or used against perpetrators.

What are the implications for organizations regarding internal communications?

This case underscores the importance of secure communication practices and awareness about digital footprints, especially during sensitive or disciplinary meetings.