Twin Prodigies Caught in State Department Hack

Twin prodigies in cybersecurity will spend the next few years looking at prison walls instead of computer code.

On Friday, a judge in Alexandria, Va., sentenced Muneeb and Sohaib Akhter, both 23, after they admitted to an ambitious list of hacking schemes, including State Department espionage you typically can’t find without some movie theater popcorn.

“The Akhter brothers’ misuse of their computer skills harmed numerous individuals and companies, and their efforts to gain clandestine access to State Department systems represented a threat to national security,” said Dana J. Boente, U.S. Attorney for the Eastern District of Virginia.

The circumstances of the hacks detailed below, including a scene you’d expect in a summer blockbuster, were documented by prosecutors following the sentencing Friday. The Akhters pled guilty to the charges earlier this summer.

The pair were featured in a profile in the Fairfax Times in 2011 for being just 19 when they graduated from George Mason University’s engineering program. A Washington Post reporter wrote at the time, “I think we’ll be hearing more about these guys.”

Mission: State Department

The Akhter brothers and fellow-hackers had already probed the State Department system for passport and visa information when, in February, Sohaib Akhter used a contract position at the State Department to access sensitive computer systems.

He dug through the personal information of dozens of co-workers, acquaintances, a former employer and a federal law enforcement agent who was investigating the Akhters.

Sohaib Akhter would go on to devise a scheme to maintain perpetual access of the State Department systems. With the help of his brother and other hackers, Sohaib Akhter, attempted to secretly install an “electronic collection device” inside a State Department building.

The device would have allowed the brothers to remotely access State Department data. It didn’t require the kind of rope-hanging maneuvers of Tom Cruise in ”Mission: Impossible,” but the scheme required installing the device at a State Department building.

Getting into the building was the easy part, as a contractor, but Sohaib Akhter abandoned the plan when he broke the device while attempting to install it behind a wall at a State Department facility in Washington, D.C.

Other Hacks

Before the State Department spygames, there were other computer hacks that were less ambitious, but just as lucrative.

In November 2013, Muneeb Akhter was performing private contract work for a Rockville-based data aggregation company when he used the company’s database to help tailor successful contract bids for federal work for his brother.

Last year, Muneeb Akhter hacked into the website of a cosmetics company, stealing thousands of customer credit card numbers and personal information.

The brothers used the info to purchase $25,000 worth of archery equipment, flights, hotel reservations, and more, according to The Washington Post. They would go on to admit to prosecutors that they shared the card info with other “dark-net” users for a profit.

Muneeb Akhter was hired by a defense contractor in October, leading to additional charges when he lied about his hacking activities and employment history during a government background check.

After his arrest in March, Muneeb also worked to keep a co-conspirator from investigators, including buying the person a plane ticket to Malta and encouraging the co-conspirator to avoid investigators upon returning back to the states.

‘Clear Message’ to Hackers

The brothers pled guilty to the charges in June, and were sentenced Friday for committing wire fraud, conspiracy to access a protected computer without authorization, and conspiracy to access a government computer without authorization.

Muneeb Akhter was also sentenced for accessing a protected computer without authorization, making a false statement, and obstructing justice.

Muneeb Akhter was sentenced to 3 years and 3 months in prison, and Sohaib Akhter was sentenced to 2 years in prison. They were both sentenced to 3 years of supervised release.

“Electronic barriers are no less real, or legitimate, than physical ones,” said U.S. Attorney Dana Boente. “This prosecution sends a clear message to anyone else attempting to weaken the cybersecurity of institutions or use computers to commit crimes.”

File art