Twin brothers wipe 96 government databases minutes after being fired

Posted by jnord 1 day ago

Twin brothers wipe 96 government databases minutes after being fired(arstechnica.com)

455 points | 361 commentspage 3

throwaway27448 6 hours ago|

Look the us government (and I'm sure many others) is so inept at basic software construction I can only view this as a good thing. I presume thousands previous penetrations were simply not so trivially detected.

nrmitchi 16 hours ago||

This whole story is just line after line of utter incompetence.

The "after they were fired" sounds catchy, but isn't even the biggest failure.

This organization shouldn't be permitted anywhere near government, or any non-public, data/information.

nomilk 13 hours ago||

> “Delete their filesystem as well?” he said.

> “Smart idea,” said Muneeb.

Seems obvious they weren't destroying databases just out of malice (i.e. retribution for being fired), but in order to cover up something/s..

iJohnDoe 1 day ago||

It’s crazy that people are desperate for jobs and these clowns get hired.

alphawhisky 22 hours ago||

Well, who else would you hire for the circus?

hunterpayne 18 hours ago||

Perhaps don't hire people who act as foreign adversaries for government work? Is that really such an absurd proposition?

titanomachy 18 hours ago|||

You can’t assume someone is foreign based on their name.

In fact I’d guess they’re not, since they’ve been employed on government projects since a young age.

leptons 17 hours ago||

>who act as foreign adversaries

This does not mean they are from another country.

ChrisMarshallNY 18 hours ago||||

I don't think they were spies. They have ethnic names, but it sounds like they are just good ol' red-blooded Yankee crooks.

GorbachevyChase 16 hours ago|||

I can understand wanting to be perceived as being on “the right team” but that comment is so silly that it undermines credibility. To put it otherwise, could you imagine a scenario where I had a labor, arbitrage opportunity that involved a higher paying job in Shanghai, China and that I had lived there for a few years to do that. Let’s also say that I was found guilty of some similar crime. Would you call me a good old fashioned red-blooded Chinese crook?

It’s OK to acknowledge that economic migrants are a thing, and that they likely have only transactional interest in where they live, such as a Bengali construction worker in Dubai, for example. That’s just part and parcel of labor mobility. For better or worse, shareholders, or middleman representing shareholders, have decided this sort of thing is a really good idea in the US, and now around half the population falls in that bucket. It’s a free country, and freedom means being free to choose short term interests. That also means you’re free to support such policies because they are good for Blue-team redistricting so we can provide free healthcare to all 8 billion people in the world somehow.

But please, nobody becomes a Yankee by the mere fact of standing on the ground. If you want that pejorative title, then you need to earn it.

ChrisMarshallNY 16 hours ago||

It was a silly comment. It was meant to be.

As opposed to...

Our_Benefactors 9 hours ago||

What is this even supposed to mean? “I was joking, and it’s your fault for taking it seriously?”

JuniperMesos 14 hours ago|||

[flagged]

lostlogin 17 hours ago||||

> Perhaps don't hire people who act as foreign adversaries for government work?

Hilarious in the context of this administration.

toast0 16 hours ago||||

Yeah. Here in america, we demand domestic adversaries!

leptons 17 hours ago|||

Uhh... The guy in charge of the whole thing does things a foreign adversary would do. Has for years and he's back for round two. He even tried to overthrow the government once.

Our_Benefactors 9 hours ago||

He wasn’t hired, he was elected.

leptons 7 hours ago||

That's a bit pedantic. There's really not much of a difference there.

He can be fired too, but the current shitheads in charge would never do that.

phendrenad2 13 hours ago||

Maybe they're really, really good at leetcode. You can't pass up talent like that. </sarcasm>

loeg 11 hours ago||

Dumb and dumber. Criminals just can't stop doing crimes (the password stuff, the gun stuff, etc, etc).

kaikai 1 day ago||

How on earth did someone previously convicted of what sounds like hacking get job access to so many prod government databases? Wild that it took them so long to get caught.

AlexB138 18 hours ago||

I had the same questions. Apparently discovery of the prior conviction is what lead to them being fired:

> When the company discovered Sohaib Akhter’s felony conviction, it terminated both brothers’ employment during an online remote meeting on Feb. 18, 2025

from https://www.justice.gov/opa/pr/federal-jury-convicts-virgina... which is a better source on this.

That prompts the question of why background checks are so lax that they were hired before this was discovered.

charonn0 18 hours ago||

The company involved here is apparently based in Washington, DC, which has a "Ban the Box" ordinance that limits employment background checks for most kinds of jobs. And apparently DC's version of the law is particularly strict.

calgarymicro 11 hours ago|||

The prevents them from asking before extending an offer, but it seems they could (and should) have checked after.[0]

> However, an employer may ask about criminal conviction(s) after extending a conditional offer of employment (the employer can never ask about arrests or criminal acusations that aren't pending). An employer who properly asks about a criminal conviction can only withdraw the offer or take adverse action against the applicant for a legitimate business reason that is reasonable under the six factors* listed in the Act.

One of the six factors is "Fitness or ability of the person to perform one or more job duties or responsibilities given the offense"[1], which they probably could have invoked after asking (though they never checked or didn't check thoroughly enough, so I guess it's moot).

[0]https://ohr.dc.gov/page/returning-citizens-and-employment

[1]https://ohr.dc.gov/sites/default/files/dc/sites/ohr/publicat...

giantg2 17 hours ago|||

Shouldn't this force companies that need to pass a SOC2 out of the district? Doesn't SOC2 require background investigation of personnel with access to sensitive systems?

anonSrEng202309 18 hours ago|||

And I recently couldn't get a job through a federal contractor for a federal position (requiring NO security clearance) because they didn't like something on my credit report.

sieabahlpark 18 hours ago||

[dead]

waterTanuki 1 day ago||

> On Feb. 1, 2025, Muneeb Akhter asked Sohaib Akhter for the plaintext password of an individual who submitted a complaint to the Equal Employment Opportunity Commission’s Public Portal, which was maintained by the Akhters’ employer. Sohaib Akhter conducted a database query on the EEOC database and then provided the password to Muneeb Akhter. That password was subsequently used to access that individual’s email account without authorization.

It should be a federal crime with prison time to make a DB for a federal agency and not hash and salt passwords or other auth credentials.

wildzzz 17 hours ago||

It's probably some sort of crusty old application written before salt and hash was SOP. No agency is going to spend money on hardening something non-critical unless there's an incident or there's free money to do so. And that application was likely written by some contractor who's no longer around or has the source code available so any fixes would require an entire redo. And while you're redoing the whole thing, let's add in a bunch of features and scope creep to balloon the cost and schedule. Oops, the new contractor writing the app is overrun so let's bail and go back to the old version.

mijoharas 1 day ago||

This is what I want to know. Are there any consequences for this contractor? At least fraud or negligence or something?

skrebbel 5 hours ago||

Sidenote I love that the DHS prod DB is called “dhsproddb”.

unixhero 9 hours ago||

The handwriting was very solid.

More comments...