While on a termination video call, the twins launched a digital attack against the firm's Ashburn, Virginia servers
A Former DEA agent sentenced to 5 years in prison for using badge to protect drug trafficking friends
U.S. Secret Service veteran agent Thomas Escotto assigned to Vice President JD Vance’s protective detail was sharing sensitive security details and expressing opposition to Immigration and Customs Enforcement (ICE) operations.
Riverside County Sheriff caught with 100 pounds of fentanyl was working for El Chapo’s cartel
Jack Teixeira had the highest-level security clearance granted by the federal government for top secret information. Yet he shared an enormous amount of highly classified government intelligence with a friends in a virtual clubhouse that they had set up on Discord.
Why I suggest a paradigm change: the higher the trust level, the lower the trust
Now, its twin brothers Muneeb and Sohaib Akhter in two separate major federal criminal prosecutions in the Eastern District of Virginia, enabled by Opexus' gross negligence confirms it's always the Inside Threat
Security professionals refer to this as the inside threat: Insiders with a Motive have Means and Opportunity (#MOM) to commit any crime.
Something similar happens when we vote - the difference is that it's next to impossible to convict a government insider.
As long as the Inside Threat is not addressed, there won't be election integrity
The phenomenon of the insider threat highlights how individuals with authorized access can exploit trust for criminal ends. Public records, investigative reports, and federal court dockets substantiate the aforementioned cases, illustrating how insiders across various sectors utilize their specialized positioning:
Recent Insider Threat Cases
• Muneeb and Sohaib Akhter Case: The twin brothers, working as federal contractors for government software supplier Opexus (Company-1), used credential theft and unauthorized access to permanently write-protect and delete approximately 96 federal databases. These included sensitive investigative files and Department of Homeland Security records. A federal jury in the U.S. District Court for the Eastern District of Virginia convicted Sohaib Akhter for his role in the cyber-conspiracy.
• Secret Service Breach: Secret Service agent Tomas Escotto, assigned to Vice President JD Vance's protective detail, was suspended and placed on administrative leave. Undercover footage exposed him leaking sensitive operational protocols, travel timelines, real-time tracking, and political opinions regarding immigration enforcement.
• Riverside County Fentanyl Case: Former Riverside County correctional deputy Jorge Alberto Oceguera Rocha was intercepted by a multi-agency operation while transporting 104 pounds of fentanyl pills. Investigations linked his operations directly to the Sinaloa cartel. He ultimately pleaded guilty in state court to felony drug possession and distribution charges.
Double the Trouble
Official public federal court documents and media reports do not disclose the names of the parents of Muneeb and Sohaib Akhter.
However, Department of Justice records reveal the following verified family details regarding their case:
• Father's Location: Court files from their initial 2015 federal hacking convictions note that the twins' father resided in Saudi Arabia.
• Obstruction Attempt: During that 2015 investigation, Muneeb Akhter was convicted of obstruction of justice after he encouraged an unindicted co-conspirator to flee the United States and stay with their father in Saudi Arabia to evade federal investigators. [1
If you would like to look into further legal details surrounding the brothers, please let me know if I should pull up details regarding their prior 2015 cybercrime convictions, the specific federal agencies affected by the 2025 database deletions, or the details of Sohaib Akhter's May 2026 conviction. [1, 2]
The case files for twin brothers Muneeb and Sohaib Akhter span two separate major federal criminal prosecutions in the Eastern District of Virginia. [1]
The 2015 Cybercrime Convictions [1]
The brothers first came under federal investigation in 2013 for operating a highly sophisticated, multi-layered cyber-offensive operation. They pleaded guilty on June 6, 2015, to multiple counts of conspiracy to commit wire fraud and unauthorized computer access. [1, 2]
• The Schemes: They hacked retail systems to steal thousands of customers' credit cards and personal identities. They used these profiles to buy luxury items, flights, and professional conferences, and resold remaining data on the dark web.
• Insider Access: While working as a federal contractor, Sohaib breached U.S. State Department systems. He pulled data on co-workers, acquaintances, and even the federal agent investigating him. He also tried to physically implant a wireless network sniffer inside a State Department building wall.
• Sentencing: On October 2, 2015, Muneeb was sentenced to 3 years and 3 months in prison. Sohaib was sentenced to 2 years. [1, 2]
The 2025 Database Destruction Case [1]
After serving their sentences, the brothers managed to find work at Opexus (referred to in early filings as Company-1), a Washington, D.C.-based software company managing data and Freedom of Information Act (FOIA) tracking for over 45 federal agencies. [1, 2]
On February 1, 2025, Muneeb asked Sohaib to illegally extract the plaintext password of an individual from the Equal Employment Opportunity Commission (EEOC) portal. Sohaib query-mined the database and handed it over.
On February 18, 2025, during a remote meeting, Opexus management discovered the brothers' prior 2015 felony convictions and terminated their employment on the spot. [1, 2]
While still connected to the termination video call, the twins immediately launched an unauthorized digital attack against the firm's Ashburn, Virginia servers: [1, 2]
• Data Deletion: They write-protected and permanently deleted roughly 96 government databases.
• Impacted Agencies: Wiped data belonged to the Department of Homeland Security (DHS), the Internal Revenue Service (IRS), the EEOC, and several FOIA tracking systems. Certain agencies permanently lost entire blocks of public records requests.
• AI Cover-Up: Seconds after wiping a major DHS database, Muneeb fed prompts into an artificial intelligence tool, asking "How do I clear system logs?" to evade forensics. They also physically wiped company laptops. [1, 2, 3, 4]
Recent Legal Outcomes (May 2026)
Following an investigation by the FDIC Office of Inspector General, both men were indicted on November 13, 2025. [1, 2]
• Sohaib Akhter Trial & Conviction: On May 7, 2026, a federal jury officially convicted Sohaib Akhter of conspiracy to commit computer fraud, password trafficking, and possession of a firearm by a prohibited person (investigators found he illegally owned and tried to sell seven firearms after the cyberattack). His sentencing is scheduled for September 9, 2026, where he faces a maximum of 21 years in prison.
• Muneeb Akhter Charges: Muneeb is charged with conspiracy, computer fraud, theft of government records, and aggravated identity theft. He possessed stolen credentials for 5,400 usernames and an additional index of 1.2 million personal records. He is facing a maximum penalty of 45 years in prison. [1, 2, 3, 4, 5, 6, 7]
Security 101 Fail
The Forbes piece Boiling Cauldron: Cybersecurity Trends, Threats, And Predictions For 2023 by Chuck Brooks is an interesting read, but reads more like subliminal propaganda or as CNN might say, an example of a cynical strategy. Since he removed a LinkedIn post with a link to the article, after I opined, supports my argument.
Independent forensic reviews by cybersecurity firm Mandiant and subsequent federal trial disclosures highlighted the following specific flaws: [1, 2]
1. Chronological Background Check Blindspot
• The Lookback Limitation: Opexus performed standard 7-year background checks when hiring the twins in 2023 and 2024.
• The Flaw: Because the brothers pleaded guilty to their original State Department hacking felonies in 2015, the convictions fell just outside the contractor's standard vetting window. They managed to work for a year with admin-level privileges because Opexus failed to apply extended diligence for high-clearance positions. [1, 2]
2. Failure to Sync Off-Boarding with Off-Lining
• Asynchronous Terminations: During the remote HR firing on Microsoft Teams, Opexus immediately deactivated Sohaib Akhter's network access and VPN. However, they completely overlooked Muneeb Akhter's active directory account.
• The Flaw: Muneeb remained connected to the firm's production environment while sitting on the termination video call. The lack of a unified "kill switch" to freeze all access points before notifying the employees allowed him a 56-minute window to run malicious commands. [1, 2, 3, 4]
3. Inadequate Separation of Duties & Over-Privileged Access [1]
• Excessive Admin Permissions: Despite being standard database/software engineers, the twins possessed global, unilateral database administration capabilities.
• The Flaw: There were no "least-privilege" access policies or multi-party authorization barriers in place. A single user account (Muneeb's) had the clearance to execute the raw DROP DATABASE command across 96 entirely separate, isolated federal agency environments without triggering automatic blockades. [1, 2, 3]
4. Poor Cryptographic Standards
• Plaintext Storage: On February 1, 2025, Muneeb successfully requested a specific EEOC user's password from Sohaib. Sohaib easily mined it out of the system.
• The Flaw: Opexus systems were storing highly sensitive individual victim passwords in plaintext format rather than using secure, salted cryptographic hashing functions. This lack of application-layer security allowed the twins to traffic active credentials. [1, 2]
5. Lack of USB and End-Point Restrictions
• Unrestricted Mass-Egress: Over an hour after being fired, Muneeb Akhter was able to physically plug a personal USB thumb drive into his company-issued laptop.
• The Flaw: Opexus had not implemented fundamental Data Loss Prevention (DLP) protocols. The system failed to block or even alert administrators when Muneeb copied 1,805 sensitive government documents directly onto external media. [1, 2]
6. Delayed Breach Reporting [1]
• Forensic Auditing Gaps: Initial public disclosures by the contractor drastically understated the scope of the incident.
• The Flaw: Opexus's internal logging and auditing tools failed to immediately register the mass file extraction and the full extent of the deletion. The reality of the stolen data was only discovered later when outside investigators audited the network. [1]
SOX need not apply
The argument that the full weight of the federal government must fall on Opexus executives is a central point of tension between public anger over national security vulnerabilities and the strict boundaries of federal criminal law.
While individual citizens and legal advocates argue that the executive leadership's extreme negligence borders on criminal behavior, the U.S. legal system handles this failure through intense civil, regulatory, and congressional pressure rather than jail time.
While individual citizens and legal advocates argue that the executive leadership's extreme negligence borders on criminal behavior, the U.S. legal system handles this failure through intense civil, regulatory, and congressional pressure rather than jail time.
The Legal Separation Between Victim and Perpetrator
Under the U.S. Criminal Code, federal prosecutors cannot indict corporate executives simply for being incompetent or running a company with flawed security protocols. [1, 2]
• The Criminal Standard: To face criminal charges, executives must possess mens rea (guilty intent). This means they must have actively participated in the conspiracy, intentionally sought to destroy the data themselves, or deliberately committed fraud to cover it up from the FBI.
• The Reality: Because Opexus executives were the ones who scheduled the firing squad to remove the twins upon discovering their past, the Department of Justice (DOJ) treats the executives legally as the victims of an insider cyber-attack, while assigning 100% of the criminal culpability to the Akhter brothers. [1, 2]
The Civil Court Counter-Weight: "Gross Negligence"
While executives are insulated from prison, the "full weight" of the law is falling on them through massive federal class-action lawsuits. In cases like Dees v. AINS, LLC d/b/a Opexus, plaintiffs argue that the executives' actions crossed the line from a simple mistake into reckless and gross negligence. [1, 2, 3]
• Lawsuits point out that giving global database deletion access to known, publicly documented federal hackers violates the standard of ordinary care expected of a government contractor.
• These civil filings aim to hold the corporation financially liable for millions of dollars in damages, targeting executive-level insurance policies and company assets. [1, 2, 3]
Congressional Realignment and Government Sanctions
The federal government is using its legislative and administrative weight to punish Opexus leadership outside of a courtroom:
• Senate Inquiries: Senate HELP Committee Chair Bill Cassidy issued a severe formal rebuke against Opexus leadership, demanding executive testimonies explaining why they failed to implement basic off-boarding and security safeguards.
• The Ultimate Corporate Penalty: The 16 federal inspectors general who investigated the twins are reviewing Opexus for contract debarment. In the government contracting world, a formal debarment permanently bans the firm from doing business with the federal government. For a firm like Opexus, which survives on servicing 45+ federal agencies, this administrative penalty serves as a corporate death sentence. [1, 2, 3, 4, 5]
Changing Legal Precedents for Tech Executives
The public demand for executive accountability matches a modern shift in federal oversight. The Federal Trade Commission (FTC) has begun trying to hold corporate executives personally liable for cybersecurity failures. If an audit proves that Opexus executives explicitly lied to federal agencies about their security certifications to secure contracts, the DOJ could pivot to wire fraud charges against the executives. [1, 2, 3]
Unless that evidence of active fraud emerges, the federal government will continue to focus its criminal power on locking up the Akhter brothers, while using financial ruin and contract termination to punish Opexus executives
Under the U.S. Criminal Code, federal prosecutors cannot indict corporate executives simply for being incompetent or running a company with flawed security protocols. [1, 2]
• The Criminal Standard: To face criminal charges, executives must possess mens rea (guilty intent). This means they must have actively participated in the conspiracy, intentionally sought to destroy the data themselves, or deliberately committed fraud to cover it up from the FBI.
• The Reality: Because Opexus executives were the ones who scheduled the firing squad to remove the twins upon discovering their past, the Department of Justice (DOJ) treats the executives legally as the victims of an insider cyber-attack, while assigning 100% of the criminal culpability to the Akhter brothers. [1, 2]
The Civil Court Counter-Weight: "Gross Negligence"
While executives are insulated from prison, the "full weight" of the law is falling on them through massive federal class-action lawsuits. In cases like Dees v. AINS, LLC d/b/a Opexus, plaintiffs argue that the executives' actions crossed the line from a simple mistake into reckless and gross negligence. [1, 2, 3]
• Lawsuits point out that giving global database deletion access to known, publicly documented federal hackers violates the standard of ordinary care expected of a government contractor.
• These civil filings aim to hold the corporation financially liable for millions of dollars in damages, targeting executive-level insurance policies and company assets. [1, 2, 3]
Congressional Realignment and Government Sanctions
The federal government is using its legislative and administrative weight to punish Opexus leadership outside of a courtroom:
• Senate Inquiries: Senate HELP Committee Chair Bill Cassidy issued a severe formal rebuke against Opexus leadership, demanding executive testimonies explaining why they failed to implement basic off-boarding and security safeguards.
• The Ultimate Corporate Penalty: The 16 federal inspectors general who investigated the twins are reviewing Opexus for contract debarment. In the government contracting world, a formal debarment permanently bans the firm from doing business with the federal government. For a firm like Opexus, which survives on servicing 45+ federal agencies, this administrative penalty serves as a corporate death sentence. [1, 2, 3, 4, 5]
Changing Legal Precedents for Tech Executives
The public demand for executive accountability matches a modern shift in federal oversight. The Federal Trade Commission (FTC) has begun trying to hold corporate executives personally liable for cybersecurity failures. If an audit proves that Opexus executives explicitly lied to federal agencies about their security certifications to secure contracts, the DOJ could pivot to wire fraud charges against the executives. [1, 2, 3]
Unless that evidence of active fraud emerges, the federal government will continue to focus its criminal power on locking up the Akhter brothers, while using financial ruin and contract termination to punish Opexus executives
SOX was intended to prevent this level of negligence, except it does not apply to Opexus, because it's a private company.
• The Law: SOX mandates that chief executives (CEOs) and financial officers (CFOs) sign off on the absolute accuracy of their financial internal accounting controls.
• The Opexus Reality: Opexus is a private GovTech firm owned by private equity investors, including Thoma Bravo and Gemspring Capital. Because it does not issue public stock or file periodic disclosures with the Securities and Exchange Commission (SEC), its executives are legally exempt from SOX certification requirements. [1, 2, 3]
• The Opexus Reality: Opexus is a private GovTech firm owned by private equity investors, including Thoma Bravo and Gemspring Capital. Because it does not issue public stock or file periodic disclosures with the Securities and Exchange Commission (SEC), its executives are legally exempt from SOX certification requirements. [1, 2, 3]
SOX Governs Financial Books, Not IT Systems
• The Scope: Even if a company is public, SOX primarily regulates internal controls over financial reporting (ICFR). It forces executives to take personal liability to prevent the cooking of corporate financial ledgers.
• The Opexus Breach: The failure here was a breakdown in data security and personnel vetting (allowing previously convicted hackers to bypass Data Loss Prevention). Federal courts have repeatedly ruled that standard information technology security flaws do not automatically constitute a SOX violation unless they directly cause material, fraudulent misrepresentations in public financial books. [1, 2, 3, 4, 5]
Alternative Executive Accountability Mechanics
Because SOX does not apply to private federal contractors, the federal government uses entirely different mechanisms to hold Opexus executives accountable:
• The New SEC Cyber Rules (If Publicly Tied): While Opexus is private, the SEC has separate, stringent Cybersecurity Disclosure Rules that force public companies to report material data breaches within four days. If a private vendor's breach materially impacts a public corporate client or partner, those parent entities face severe SEC scrutiny for failing to manage third-party software risks.
• False Claims Act (FCA) Liability: If Opexus executives signed FedRAMP or cybersecurity compliance certifications guaranteeing to the government that they performed rigorous background checks and stored passwords securely—while knowing they actually stored them in plaintext—the DOJ can sue the executives and the firm under the False Claims Act. The FCA allows the government to strip the company of all federal revenue and impose triple damages for defrauding the government.
• Contractual Debarment: In government contracting, a company's leadership faces "corporate execution" through debarment. For a company like Opexus that relies entirely on serving over 45 federal agencies, losing its Authority to Operate (ATO) from the government would instantly collapse the private equity-backed business. [1, 2, 3]
The higher the trust level, the lower the trust
The Federal Deposit Insurance Corporation Office of Inspector General (FDIC-OIG) originally caught onto Muneeb and Sohaib Akhter through an expanded security clearance vetting process.
The exact sequence of events that blew their cover and led to their subsequent convictions unfolded across several phases:
1. The Financial Data Trigger
In late 2024 or early 2025, the twins’ software firm, Opexus, began expanding its services or transitioning the brothers into roles that required unfettered access to highly sensitive bank and financial data. Because of the extreme financial security risks, the FDIC required them to undergo a higher-level background check for an advanced security clearance.
2. The Background Check Flag
Unlike the basic 7-year background check originally conducted by Opexus, the FDIC's strict security clearance screening went deeper into historical records.
Bloomberg.com
• FDIC officials discovered the twins' 2015 federal felony hacking convictions.
• Realizing that convicted cybercriminals possessed high-level administrative access to critical government architecture, the FDIC immediately flagged the brothers as major insider threats.
• The FDIC notified the Chief Information Security Officer (CISO) at Opexus, prompting the company to schedule the February 18, 2025, termination meeting.
Small Business Administration
3. The Digital Paper Trail
When the brothers launched their revenge cyberattack during the firing, they attempted to hide their tracks. However, federal investigators from a joint task force led by FDIC-OIG Inspector General Jennifer L. Fain and DHS Inspector General Joseph V. Cuffari built an airtight case using forensic evidence:
• AI Search History: Investigators pulled logs showing Muneeb asked an AI tool "How do I clear system logs?" exactly one minute after wiping a DHS database.
• Active VPN Logs: Network forensic audits definitively traced the DROP DATABASE commands to Muneeb’s active network session.
• Chilling Mass Email: Immediately after the wipe, Sohaib sent a hostile email to 63 federal employees who worked with Opexus, providing an immediate behavioral link to the crime.
4. Audio and Physical Surveillance
Following the initial data destruction, federal agents secured warrants to place the twins under surveillance:
• Bugged Conversations: Law enforcement intercepted audio of the brothers inside their home openly plotting to hide physical evidence. Sohaib was recorded saying, "they're gonna probably raid this place," to which Muneeb replied, "I'll clean this shit up."
• OS Reinstallation: When federal agents executed a physical raid, they found the twins had completely wiped their company-issued laptops by reinstalling the operating systems.
• The Firearm Discovery: During a March 2025 search warrant execution, investigators found Sohaib in illegal possession of seven firearms, which he then tried to sell through his domestic partner to evade the law.
The FDIC’s refusal to bypass deep clearance protocols for financial data access is what ultimately exposed the brothers and stopped the breach from continuing unnoticed
No comments:
Post a Comment