A Virginia man, Sohaib Akhter, faces decades in prison after a jury convicted him of being involved in a scheme to delete approximately 96 databases containing US government data.
The events of the case transpired around two weeks before the twin brothers allegedly involved were fired from their jobs at a software supplier to the US government. Sohaib and Muneeb Akhter, both 34, allegedly worked together on February 1, 2025, to access the account of an unnamed individual who submitted a complaint through the Equal Employment Opportunity Commission’s public portal.
According to the Justice Department, Muneeb asked Sohaib for the individual’s plaintext password. Prosecutors say Sohaib provided the credential, which Muneeb then used to gain unauthorized access to the account.
Court documents do not say why the brothers wanted access to the account, but the pair were both fired on February 18, 2025, after the company, which provided software to at least 45 government agencies, learned that Sohaib had a prior felony conviction.
The superseding indictment [PDF] goes on to describe the timeline of events leading up to the database manipulation.
Within five minutes of being fired via remote meeting, the twins sought to inflict damage on their employer. At approximately 16:55, Sohaib tried to access the software supplier’s network but couldn’t because his VPN connection was severed and his Windows account was deactivated while he was sitting in the firing meeting.
However, Muneeb allegedly still had access and told his brother the same. A minute later, at approximately 16:56, officials say Muneeb issued commands preventing other users from reading or writing to the database, before issuing a command to delete it.
Over the following 56 minutes, Muneeb allegedly deleted approximately 96 databases, the indictment states, which contained data related to Freedom of Information Act matters and sensitive investigative files belonging to federal departments and agencies.
One of the 96 was also described as “a DHS production database containing US government information,” hosted in the Eastern District of Virginia.
After the deletions, Muneeb allegedly set about covering his tracks. According to the indictment, Muneeb queried an AI tool: “How do I clear system logs from SQL servers after deleting databases,” and later: “How do you clear all event and application logs from Microsoft Windows Server 2012.”
The twins then discussed how to proceed. Sohaib allegedly stated aloud: “They’re gonna probably raid this place,” to which Muneeb replied, “I’ll clean this shit up.”
Sohaib added: “We also gotta clean stuff up from the other house, man.”
Per the timeline of events heard in court, Muneeb then set about copying EEOC files to a USB stick, around 1,805 of them per court documents, all while using a laptop issued by his former employer. Muneeb allegedly also stole IRS documents stored on virtual machines, including tax information and personally identifiable information belonging to at least 450 individuals.
Over the following week, Muneeb unsuccessfully attempted to gain access to a DHS-owned laptop, and the twins sought the help of another unnamed individual to wipe their company-issued devices by reinstalling Windows.
Finally, the court heard that Muneeb drove to Texas, transporting his personal laptop, mobile device, and a Personal Identity Verification card issued by a US government agency.
They were both arrested on December 3, 2025. Muneeb Akhter has not yet been convicted.
Further firearms charges
Sohaib was in double trouble for not only computer fraud and password trafficking, but for possessing seven firearms, which police found in March 2025, roughly a month after his brother allegedly deleted the databases.
After a search warrant was authorized, police found roughly 378 .30 caliber rounds of ammunition, as well as a selection of firearms, including M1 and M1A rifles, a Glenfield Model 60, a Ruger .22 automatic pistol, and a Colt Police .38 Special revolver, among others.
Officials said Sohaib took steps to sell the guns after the search warrant was executed, which involved threatening and intimidating his domestic partner to sign transaction documents since he, a convicted felon who served prison time in 2015 for over a year, was not legally allowed to own any firearms.
Sohaib, then 23, was sentenced to two years in prison and three years of supervised release after pleading guilty to accessing sensitive data, including that belonging to co-workers, acquaintances, and a former employer, held on State Department systems while he was working as a contractor.
The court heard at the time that he also devised a scheme, along with Muneeb and others, to maintain perpetual access to these systems by installing “an electronic collection device inside a State Department building.”
This plan failed, however, as he broke the device while trying to install it behind a wall at a State Department facility in Washington, DC.
Muneeb got 39 months in prison and three years of supervised release as a result of his role in the scheme.
Sohaib’s sentencing is scheduled for September 9.
Muneeb’s additional charges
Muneeb, who is yet to be convicted, allegedly downloaded approximately 5,400 username and password combinations from the EEOC’s servers, storing them on multiple devices and in the cloud.
In hundreds of cases, according to the indictment, Muneeb successfully accessed the corresponding email accounts without authorization, and created Python scripts to determine which combinations were valid when testing against the servers of an unidentified US hotel chain.
During this time, Muneeb allegedly tested the stolen username-password combinations against various companies, including other hotel chains, airlines, and financial services companies.
In multiple cases where Muneeb successfully logged into these accounts, court documents state that he changed the email address associated with the account to one he controlled, keeping the victim’s name in the address.
The typical format was [victim name]@wardensys.com or [victim name]@wardensystems.com. The domain belongs to a small, Virginia-based company called Warden Systems, which describes itself as an embedded systems and cybersecurity research company.
The company’s Crunchbase profile lists Sohaib as vice president, and an X account bearing the name Muneeb Akhter lists itself as CEO at Warden Systems. Its website is no longer reachable, and it stopped posting to social media around 2014, a year before the pair were convicted of earlier felonies.
Neither Sohaib nor Muneeb is explicitly connected to “Warden Systems” in court documents, although Muneeb is said to control both the wardensys.com and wardensystems.com domains.
In at least one case involving the alleged stolen username-password combinations, prosecutors say Muneeb used one victim’s air miles balance to successfully book a flight.
Muneeb faces a maximum prison sentence of 45 years, if convicted. ®
