Fired, He Deleted 96 Government Databases in Minutes and Asked AI How to Clear Logs

When an employee is terminated, the most urgent IT task is to immediately disable every system account; however, a U.S. government contractor neglected this step, leaving a former engineer’s credentials active.

The story centers on 34‑year‑old twins Muneeb and Sohaib Akhter, who were convicted of telecom fraud in 2015. After serving their sentences, they were hired in 2023 by a Washington, D.C. tech firm that provides software to 45 federal customers. Both joined the same company, but when they were fired, only Sohaib’s account was promptly revoked.

At 4:56 PM, five minutes after the dismissal meeting, Muneeb successfully logged into the internal network. He first issued a command to prevent other users from connecting or modifying the target database, then executed a DROP DATABASE dhsproddb statement, instantly erasing a production database owned by the Department of Homeland Security. Over the next hour he repeated the process, deleting a total of 96 databases that stored U.S. government information.

Beyond database destruction, Muneeb had amassed 5,400 passwords using custom Python scripts such as marriott_checker.py. He queried the EEOC complaint portal, extracted 1,805 EEOC files, and stole tax data for at least 450 individuals, later copying the data to a USB drive.

Seeking to cover his tracks, Muneeb turned to AI tools and asked two precise questions: “How do I clear system logs from SQL servers after deleting databases?” and “How do you clear all event and application logs from Microsoft Windows Server 2012?” These queries reveal a deliberate intent to erase forensic evidence.

The twins maintained a real‑time chat throughout the sabotage, discussing further actions such as deleting backups, possibly extorting the company, and even considering destroying the file system. After the deletions, they reinstalled the operating system on the company laptops to eliminate remaining traces.

Investigators later identified the employer as Opexus. The company admitted that its background checks were insufficient and that its termination procedures were flawed, resulting in the twins retaining privileged access. Federal agents executed a search warrant three weeks later, discovering firearms and ammunition in the twins’ possession. Sohaib was arrested shortly after, while Muneeb initially pleaded guilty and later faced a jury trial, ultimately being convicted of computer fraud, illegal password trafficking, and unlawful firearm possession.

The incident underscores a fundamental security principle: always disable user accounts before completing an employee termination. Reversing this order can enable insiders to cause catastrophic data loss, as demonstrated by the rapid deletion of 96 government databases within a single hour.