Loading...
Loading...
Two former Opexus contractors, twin brothers Muneeb and Sohaib Akhter, were inadvertently recorded on a Microsoft Teams session after being fired, capturing their admission and execution of deleting 96 U.S. government databases. The hour-long recording and transcript—left running after an HR termination meeting—provided prosecutors with direct evidence of planning, accessing customer mailboxes, and seeking payment to cover tracks. Reports highlight operational security failures by insiders, the forensic value of cloud collaboration and endpoint logs, and questions about how organizations detect and retain such evidence, balancing workplace monitoring, privacy, and investigative techniques in cybersecurity incidents.
This incident shows how cloud collaboration and endpoint logs can preserve forensic evidence of insider threats and operational security failures. Tech professionals must account for accidental evidence capture, retention policies, and monitoring controls when securing environments and responding to incidents.
Dossier last updated: 2026-05-15 01:21:07
The FBI obtained an hour-long transcript of twin brothers Muneeb and Sohaib Akhter deleting 96 U.S. government databases after they were fired from federal contractor Opexus because the brothers accidentally left a Microsoft Teams meeting recording running. Prosecutors' court filing shows HR recorded the termination meeting, then left; unbeknownst to the twins the meeting continued to capture their subsequent discussion about wiping systems, backups, and possible demands for payment, and included explicit statements about deleting databases and wiping computers. The self-recording supplied direct evidence of intent and actions, bolstering the government's case and illustrating how common collaboration tools and user error can create critical forensic evidence in cybercrime investigations.
The most newsworthy fact: prosecutors say twins Muneeb and Sohaib Akhter accidentally recorded their own federal computer-crime spree by leaving a Microsoft Teams meeting recording running after being fired by contractor Opexus. The February 2025 Teams recording—started by Sohaib during a termination call—captured an hour of their discussion as they accessed VPNs, debated deleting and wiping company systems, discussed ransom-like payments and customer data, and ultimately deleted 96 U.S. government databases. The recording provided prosecutors verbatim evidence tying the siblings to the deletions and their planning. The episode highlights how common collaboration tools and mistaken recordings can create critical digital evidence in cybercrime prosecutions.
Federal prosecutors say twin brothers Muneeb and Sohaib Akhter accidentally recorded themselves confessing to deleting 96 U.S. government databases after being fired from contractor Opexus — because they forgot to stop a Microsoft Teams recording started during their termination meeting. Court filings reveal the Teams session continued recording for an hour after HR left, capturing planning talk about wiping systems, accessing customer emails, and demands for payment. The transcript undermines any claim of secrecy and provides direct evidence used by investigators. The case highlights operational security failures, the evidentiary power of collaboration and cloud collaboration tools, and risks employees face when using built-in meeting-record features.
Former federal contractor employees and twin brothers Muneeb and Sohaib Akhter were recorded discussing and executing the deletion of 96 U.S. government databases in the hour after being fired by contractor Opexus. The recording included a verbatim transcript of their conversation during the deletion spree; investigators are probing how audio was captured — possibilities include corporate monitoring, endpoint spyware, or other surveillance tools. The brothers reportedly sought AI advice to cover tracks, and both have prior cyberfraud convictions. The case highlights risks from privileged insiders, the forensic value of endpoint and communications logs, and questions about workplace monitoring and investigative methods in cybersecurity incidents.