Muneeb and Sohaib Akhter, twin brothers who deleted 96 US government databases following their dismissal from a federal IT contractor, accidentally recorded their crime spree by neglecting to stop a Microsoft Teams meeting recording initiated during their firing.
- Twins erased nearly 100 US government databases post-termination
- A Teams meeting recording of their firing continued through their deletions
- Self-recorded evidence played a key role in legal proceedings
What happened
Muneeb and Sohaib Akhter were dismissed in February 2025 as employees of Opexus, a federal IT contractor, after the company discovered their prior convictions for cyberfraud. Shortly after being fired via a Microsoft Teams meeting, during which the session was recorded by one of them, the brothers proceeded to delete massive amounts of government data within the next hour.
Unbeknownst to them, the Teams meeting recording continued running long after the HR personnel had left. This recording captured their real-time discussions and plans to erase databases and access system backups, providing prosecutors with verbatim evidence directly from their own conversations during the criminal activity.
Why it matters
This incident demonstrates how digital communication tools can inadvertently create forensic evidence when not properly managed, especially for insider threats. The twins’ failure to end the Teams recording essentially created a self-incriminating audio and video trail that bolsters the government’s prosecution.
It also highlights risks organizations face with employees who have privileged access combined with poor operational security. Even skilled hackers can be undone by basic human errors, which can provide critical opportunities for investigators to identify and mitigate insider cyber risks.
What to watch next
Investigators and companies alike will be keen to analyze how collaboration and recording tools can function as double-edged swords, both empowering employee communication and potentially exposing wrongdoing. Future case studies may explore policies or technical controls to prevent inadvertent evidence loss or preservation.
Regulators and cybersecurity teams might focus on insider threat detection strategies refined to leverage recordings and communication logs, while ensuring privacy safeguards. Additional developments may emerge around corporate governance procedures for managing terminations to limit post-termination access and damage.