Fired IT workers' Teams blunder exposes federal database sabotage

The moment two brothers realized their IT careers were over, they made a critical error—one that would later hand prosecutors a damning recording of their own admissions. Muneeb and Sohaib Akhter, 34-year-old twin brothers fired from a federal contractor in 2025, thought they could erase their digital tracks after deleting 96 government databases. Instead, they left a Microsoft Teams call active, capturing every word of their hour-long destruction spree.

The recording didn’t just document their actions; it provided federal investigators with a verbatim transcript of their conversation as they dismantled critical infrastructure. What began as a petty crime spree—including stolen airline miles—escalated into a federal case after their employer, Opexus, discovered their prior cyberfraud convictions. The brothers’ attempt to cover their tracks with AI advice only compounded their legal troubles when the unsaved recording became key evidence.

How a Teams call turned into a criminal confessional

Federal prosecutors revealed that the Akhter twins shared a home in Arlington, Virginia, and frequently communicated in person rather than through secure channels. During their final hour at Opexus, they allegedly coordinated the database deletions via a Teams call that remained active long after they thought they had ended the session. The unknowing recording provided investigators with real-time dialogue, including their reactions to Opexus’ IT alerts and their planning of the sabotage.

The case raises questions about modern workplace communication tools and their unintended forensic value. Unlike traditional text logs or encrypted messages, persistent voice recordings can inadvertently preserve entire conversations, even when users assume privacy. For the Akhter twins, this oversight proved catastrophic—transforming what they likely viewed as a secure chat into a government exhibit.

From petty fraud to felony sabotage

Before their dismissal, the brothers had already established a pattern of cybercrime, including exploiting airline loyalty programs. Their prior convictions for cyberfraud should have been a red flag for Opexus, but the company only uncovered their history after the database deletions. The timing of their termination—immediately following the discovery of their criminal records—suggested a direct causal link between the revelations and their dismissal.

The destruction of 96 federal databases occurred within an hour of their firing, suggesting a coordinated and deliberate act. Prosecutors argued that the brothers acted with intent to disrupt government operations, a charge that carries severe penalties. Their attempt to use AI to "cover their tracks" backfired spectacularly when the Teams recording became the prosecution’s most compelling evidence.

Lessons for IT professionals and cybersecurity teams

The Akhter case serves as a cautionary tale for IT workers handling sensitive systems. Key takeaways include:

• Communication tool audits: Teams, Slack, and similar platforms often retain logs and recordings by default. Users should verify settings and confirm sessions are truly ended.
• Privileged access reviews: Organizations must rigorously audit account permissions, especially for employees with disciplinary histories or criminal records.
• Incident response planning: Rapid detection and containment of unauthorized actions can mitigate damage before escalation.

For federal contractors, the case underscores the importance of pre-employment screenings and continuous monitoring. The combination of prior convictions and unrestricted access to critical databases created a perfect storm of risk.

As technology evolves, so do the pitfalls of digital communication. The Akhter twins’ story is a reminder that even the most mundane tools can become instruments of self-incrimination when used carelessly. For IT professionals, the lesson is clear: assume every conversation could be recorded, and every action could be scrutinized.