Fraud Management & Cybercrime , Governance & Risk Management , Incident & Breach Response
Twins Plead Guilty to Hacking Schemes
Charged with Attempted State Department Hack, Card FraudTwin brothers, who were once considered computer prodigies, pleaded guilty in federal court June 26 to a range of identity theft and hacking-related charges, including an attempted State Department hack.
See Also: Gartner Market Guide for DFIR Retainer Services
Muneeb and Sohaib Akhter, 23, admitted that they had used their positions as government contractors to help carry out hack attacks, according to the U.S. Attorney's Office for the Eastern District of Virginia.
A 12-count indictment filed in April charged the brothers with wire fraud, unauthorized computer access and conspiring to access a government computer without authorization. Muneeb Akhter also faced additional charges involving unauthorized computer authorization, making a false statement and obstructing justice.
"The Akhter brothers and co-conspirators used the stolen information to purchase goods and services, including flights, hotel reservations, and attendance at professional conferences," the U.S. Attorney's Office alleges. "Muneeb Akhter also provided stolen information to an individual he met on the 'dark net,' who sold the information to other dark net users and gave Akhter a share of the profits." Prosecutors said he was charged with attempting to impede the government's investigation by encouraging an accomplice - named in charging documents only as "UCC-1," for "unindicted co-conspirator number one - to leave the country and reside with the brothers' father in Saudi Arabia, so as to escape federal investigators.
Muneeb Akhter faces up to 50 years in prison, while Sohaib Akhter faces a sentence of up to 30 years. Both men will be sentenced Sept. 25.
Change of Fortune
Their arrest represents a marked change of fortune for the twins, who in 2011 - at the age of 19 - were the youngest graduates of George Mason University that year, and who later went on to win a $200,000 research grant from the Defense Advanced Research Project Agency, The Washington Post reports.
Muneeb Akhter, according to the indictment, began working for defense contractor General Dynamics in June 2014 as an IT security specialist at the Department of Homeland Security, but was fired in July. He then obtained a position working for defense contractor Booz-Allen Hamilton in October. Also in October, Sohaib Akhter was hired by ActioNet "to perform contract work for the State Department," according to the indictment.
After learning that he was to be transferred out of that position, Sohaib Akhter then allegedly ran about 120 searches for U.S. passport records, using Passport Lockbox, a Bureau of Consular Affairs software application that provides an initial data entry point for U.S. passport applications, performs payment processing, as well as scanning of applications. The program also stores a variety of personally identifiable information on applicants, and federal regulations state that the application can only be accessed for official business.
Sohaib Akhter told UCC-1 that he ran the searches on Passport Lockbox to attempt to understand how the system worked, saying that if he could maintain remote access to the State Department system, he could "create passports and visas and sell them on the 'dark net,'" as well as approve visa applications in exchange for payment, the indictment states.
In addition, Sohaib Akhter attempted to install a wireless networking device - manufactured by Gumstix - to "collect data from State Department computers and transmit it wirelessly to computers controlled by Muneeb Akhter and Sohaib Akhter and co-conspirators," the indictment states. Sohaib Akhter told his brother that he had attempted to install the device behind a wall in a State Department building in Washington, but that he was not successful, according to the indictment. Prosecutors said that he inadvertently broke the device while attempting to place it in the wall.
Card Fraud
Federal investigators, executing a search warrant on Muneeb Akhter's residence, seized computers and cell phones, including a T-Mobile LG mobile phone on which Muneeb Akhter had been recording telephone conversations with his brother as well as UCC-1, according to a related affidavit. Sohaib Akhter told Muneeb Akhter in an audio recording from June 2014 - cited in the affidavit - that he had hacked into the network of e-commerce cosmetics company Shea Terra Organics and was intercepting credit card numbers from individuals who made purchases at the company's website.
Investigators said the stolen card numbers were used to fraudulently purchase an airplane ticket on Expedia, order food, pay for a hotel room, reserve a rental car, as well as purchase a number of goods, including a laptop, Chromebook, tablet, wireless printer and archery gear. The men allegedly also spent $5,350 to register for an IT course offered by an unnamed "information technology certification research and education organization located in Maryland."
Leaving Trail of Clues
Investigators said the brothers, during the crime spree, made a number of mistakes that left clues to their activities and identities, including Muneeb Akhter having boasted to his General Dynamics co-workers that he'd hacked into the websites of Subway, Starbucks and an unspecified airline. In the affidavit, DHS special agent Gershon Ross also reported that during the course of his investigation, he found a picture on Sohaib Akhter's Facebook page of him posing with a boarding pass - with his name visible - that traced back to a flight that was booked using a credit card that had been stolen from a customer of Shea Terra Organics.
Ross said in the affidavit that Muneeb Akhter told him in a June 2014 interview - and in a sworn, written statement - that he had "created a computer code that allowed him to add funds to gift cards produced by companies including K-Mart, Shell Gasoline, Whole Foods, Starbucks and Dunkin Donuts ... without having to expend any actual funds." But according to the indictment, the supposed gift-card hack was fake. "The computer code did not exist and was simply a cover for his fraudulent use of stolen credit card numbers," the indictment states.
The indictment also alleges that Muneeb Akhter provided false statements when completing a Questionnaire for National Security Positions, which is administered by the U.S. Office of Personnel Management, by stating that he had not illegally accessed any IT system within the past seven years. He also failed to list his employment at General Dynamics, as required, or to reveal that he had been fired from that job.