Fired Twin Brothers Delete 96 US Federal Government Databases

The Evolution of the Insider Threat: Why ‘Nuclear’ Retaliation is the New Security Nightmare

The recent case of the Akhter twins—who managed to wipe 96 government databases mere minutes after their termination—is a wake-up call for every CTO and CISO globally. It highlights a terrifying reality: the most dangerous threat to an organization isn’t always a sophisticated hacker in a distant country, but the person sitting in the cubicle next to you.

As we move further into the era of hyper-connectivity and cloud-based infrastructure, the “disgruntled employee” trope has evolved. We are seeing a shift from simple data theft to “nuclear” retaliation—the intentional destruction of critical infrastructure to inflict maximum damage.

The Fatal Flaw: The ‘Forgotten Account’ Syndrome

In the Akhter case, a single oversight—forgetting to deactivate one employee’s account while blocking the other—provided the window of opportunity. This is a systemic failure in offboarding processes that plagues thousands of companies.

Future security trends are moving away from manual checklists toward Automated Identity Lifecycle Management. In this model, a termination trigger in the HR system (like Workday or BambooHR) automatically kills all active sessions and revokes access across every integrated platform simultaneously.

Without this synchronization, “ghost accounts” remain active, serving as open doors for former employees who know exactly where the “self-destruct” button is located. For more on securing your perimeter, see our guide on Identity and Access Management (IAM).

The Shift Toward Zero Trust Architecture

For years, corporate security operated on a “castle and moat” strategy: once you were inside the network, you were trusted. The ability of two individuals to delete nearly 100 databases suggests a catastrophic lack of Privileged Access Management (PAM).

The industry is now pivoting toward a Zero Trust Architecture. The core philosophy is simple: “Never trust, always verify.” In a Zero Trust environment, no user has permanent administrative rights. Instead, they use Just-In-Time (JIT) Access.

Under JIT, an engineer only gains the permission to modify a database for a specific window of time and for a specific ticketed task. Once the task is complete, the permission vanishes. Had this been in place, the Akhters would have had no “standing” privileges to execute a mass deletion command after their firing.

The Vetting Paradox: Second Chances vs. National Security

The fact that individuals with prior cybercrime convictions were hired to manage sensitive federal data points to a breakdown in the vetting process. However, this creates a complex ethical and professional paradox: the tech industry often relies on “reformed” hackers because they possess the deepest understanding of how systems are broken.

Going forward, we expect to see Continuous Vetting replace the one-time background check. Instead of a snapshot of a person’s past, companies will use AI-driven monitoring to flag “behavioral indicators” of risk in real-time—such as unusual data access patterns or attempts to bypass security protocols—long before a termination event occurs.

AI-Driven Anomaly Detection: The New First Line of Defense

Manual monitoring cannot keep up with the speed of a script. The Akhters didn’t delete 96 databases one by one; they likely used automation. To counter this, the next generation of security tools is leveraging User and Entity Behavior Analytics (UEBA).

UEBA establishes a “baseline” of normal behavior for every employee. If a user who typically accesses three tables a day suddenly attempts to drop 96 databases in five minutes, the AI doesn’t just alert a human—it automatically freezes the account in milliseconds.

For a deeper dive into how AI is changing the landscape, check out the Cybersecurity & Infrastructure Security Agency (CISA) guidelines on mitigating insider risks.

Frequently Asked Questions