Fired hacker twins forget to end Teams recording, capture own crimes
Fired hacker twins forget to end Teams recording, capture own crimes
被解雇的黑客双胞胎忘记关闭 Teams 录音,意外记录下自己的犯罪过程
Perhaps you remember Muneeb and Sohaib Akhter, the 34-year-old twin brothers we profiled earlier this week. Although they had the tech chops to commit years of petty crimes (like stealing airline miles), what landed them in truly serious trouble was deleting 96 US government databases in the hour after both were fired last year by the same federal IT contractor, Opexus. (Opexus had just found out that both brothers had previously been in prison for cyberfraud.)
或许你还记得我们本周早些时候报道过的 34 岁双胞胎兄弟 Muneeb 和 Sohaib Akhter。尽管他们拥有实施多年轻微犯罪(如窃取航空里程)的技术能力,但真正让他们陷入严重麻烦的,是去年在被同一家联邦 IT 承包商 Opexus 解雇后的一小时内,删除了 96 个美国政府数据库。(Opexus 当时刚刚发现这对兄弟此前曾因网络诈骗入狱。)
The pair come off less as cybercriminal masterminds than as galumphing galoots—that is to say, a pair of bumbling oafs who thought that asking AI how to cover their tracks was going to keep them out of federal prison. One of the minor mysteries I encountered while writing the piece was that the government had a verbatim transcript of everything the brothers said to each other during their hour-long deletion spree.
这对兄弟看起来与其说是网络犯罪策划者,不如说是笨手笨脚的蠢货——也就是说,他们是一对糊涂蛋,竟然天真地以为问 AI 如何掩盖行踪就能让他们免于联邦监狱之灾。在撰写这篇报道时,我遇到的一个小谜团是:政府竟然掌握了这对兄弟在长达一小时的删除行动中互相交谈的逐字记录。
The two men lived together in Arlington, Virginia, so it made sense that they might be chatting in the same room rather than by text or instant message. But how the heck had the government gotten access to the audio? Supersecret software bugging? Crazy corporate spyware running on their company laptops? FBI agent in the bushes with a microphone? I couldn’t figure it out, and the answer didn’t appear in any of the court documents I read.
这两人住在弗吉尼亚州的阿灵顿,所以他们可能是在同一个房间里聊天,而不是通过短信或即时通讯工具交流,这倒也说得通。但政府到底是怎么拿到这段音频的呢?是超级秘密的软件窃听?运行在公司笔记本电脑上的疯狂企业间谍软件?还是躲在灌木丛中拿着麦克风的 FBI 特工?我百思不得其解,而我阅读的所有法庭文件中都没有出现答案。
But a helpful source today pointed me to the answer. It is contained within a court filing that bears the unpropitious name, “UNITED STATES’ RESPONSE IN OPPOSITION TO DEFENDANT’S MOTION TO REVOKE THE DETENTION ORDER.” This is the kind of title that practically begs you not to read its contents. Yet the file turns out to be fascinating. And it reveals that our galumphing galoots were supersecretly recorded by… themselves. On accident. Because they forgot to stop recording the Teams meeting in which they were fired.
但今天一位热心的消息人士为我指明了答案。它包含在一份法庭文件中,该文件的标题非常晦涩,名为“美国政府反对被告撤销拘留令动议的答复”。这种标题简直让人不想阅读其内容。然而,这份文件却出奇地引人入胜。它揭示了我们这对笨蛋兄弟竟然是被他们自己“秘密”录音了。纯属意外。因为他们忘记停止录制那场解雇他们的 Teams 会议。
You can’t make this stuff up, folks. Here’s how prosecutors put it: On February 18, 2025, two human resources (HR) employees of Company-1 [Opexus] scheduled a Microsoft Teams meeting with Sohaib and Muneeb. Sohaib recorded the meeting starting at 4:48pm Eastern Standard Time. The HR personnel left the meeting approximately 2 minutes and 40 seconds into the recording. Apparently unbeknownst to the defendants, the meeting continued recording the next hour of interactions between the brothers.
伙计们,这种事你编都编不出来。检察官是这样描述的:2025 年 2 月 18 日,公司-1 [Opexus] 的两名人力资源 (HR) 员工与 Sohaib 和 Muneeb 安排了一场 Microsoft Teams 会议。Sohaib 从东部标准时间下午 4:48 开始录制会议。HR 人员在录制开始约 2 分 40 秒后离开了会议。显然,被告并不知道,会议继续录制了随后一小时兄弟俩之间的互动。
And what did the pair discuss? Fortunately, this obscure document gives us a much fuller picture. If you’ve ever wondered what it sounds like to be in the room while cybercriminals do their thing, it sounds something like this:
那么这对兄弟讨论了什么呢?幸运的是,这份晦涩的文件为我们提供了更完整的画面。如果你曾经好奇过在网络罪犯作案时身处现场是什么感觉,听起来大概是这样的:
SOHAIB: “Still connected? Still on the VPN?” SOHAIB: “Delete all their databases?” MUNEEB: “Eh, they can recover them…backups, I’m pretty sure.” SOHAIB: “Daily backups?” MUNEEB: “Yup.” SOHAIB: “What’s the plan [then]? We gonna take care of severance or are we gonna do something about…” “Should we retort to whatever they send us by saying we need $25,000 each? Hm?”
SOHAIB:“还连着吗?还在 VPN 上吗?” SOHAIB:“把他们的数据库全删了?” MUNEEB:“呃,他们能恢复……有备份,我很确定。” SOHAIB:“每日备份?” MUNEEB:“是的。” SOHAIB:“那计划是什么?我们要处理遣散费,还是要做点别的……”“我们要不要回击他们发来的任何东西,说我们每人需要 25,000 美元?嗯?”
MUNEEB: “We are doing petty shit now.” MUNEEB: “I’m going to wipe my computer clean.” SOHAIB: “I can’t access the system but I still have the email address for their customers for eCase and FOIAXpress.” MUNEEB and SOHAIB discuss being compensated by Company-1.
MUNEEB:“我们现在干的都是些小打小闹的事。” MUNEEB:“我要把我的电脑彻底清空。” SOHAIB:“我无法访问系统,但我还有他们 eCase 和 FOIAXpress 客户的电子邮件地址。” MUNEEB 和 SOHAIB 讨论了从公司-1 获得补偿的问题。
MUNEEB: “I’m not gonna threaten them shit, that’s like could be shown as some sort of …” SOHAIB: “It depends on how you write it. Just say, ‘according to our previous agreement, this is the tally of the amount that I’ve been [paid], if you pay it up front, then I have no reason to communicate with customers.’” MUNEEB: “I’m good.” SOHAIB: “Whatcha working on man?” MUNEEB: “Nothing important, man.” SOHAIB: “Why won’t you tell me? I ain’t gonna snitch.” MUNEEB: “Don’t need to. Don’t worry about it.”
MUNEEB:“我不会威胁他们什么的,那可能会被视为某种……” SOHAIB:“这取决于你怎么写。就说,‘根据我们之前的协议,这是我已收到款项的结算单,如果你预先支付,我就没有理由去联系客户了。’” MUNEEB:“我没兴趣。” SOHAIB:“你在忙什么呢,伙计?” MUNEEB:“没什么重要的,伙计。” SOHAIB:“为什么不告诉我?我不会告密的。” MUNEEB:“没必要。别担心这个。”
MUNEEB: “People are logged out for the day, this is the perfect time.” SOHAIB: “How do you still have access? When did you connect to their VPN?” MUNEEB: “10 minutes before their stupid meeting.” SOHAIB: “You might still have access to it until the end of the day. Until at least 6 hours.” MUNEEB: “Don’t worry about it man. Don’t worry about it.” SOHAIB: “I see you are cleaning out their database backups.” MUNEEB: “Don’t worry about it. You don’t do nothing. Don’t try nothin’. They are looking at you, they are not looking at me.”
MUNEEB:“人们已经下线了,现在是绝佳时机。” SOHAIB:“你怎么还有访问权限?你什么时候连上他们的 VPN 的?” MUNEEB:“在他们那场愚蠢的会议开始前 10 分钟。” SOHAIB:“你可能还能访问到今天结束。至少还有 6 个小时。” MUNEEB:“别担心,伙计。别担心。” SOHAIB:“我看到你在清理他们的数据库备份了。” MUNEEB:“别担心。你什么都别做。别尝试任何事。他们盯着你呢,没盯着我。”
SOHAIB: “[G]oing to RDP into their systems and delete all their data.” [inaudible] SOHAIB: “The ramifications for that would be worse though.” MUNEEB: “What are you talking about? I didn’t do nothing. They closed my access when they had that meeting.” SOHAIB: “Alright, if you have good plausible deniability.” SOHAIB and MUNEEB then have additional discussion about deleting backups and changing DNS information.
SOHAIB:“准备通过 RDP 进入他们的系统并删除所有数据。” [听不清] SOHAIB:“但那样做的后果会更严重。” MUNEEB:“你在说什么?我什么都没做。他们开会的时候就把我的权限关了。” SOHAIB:“好吧,如果你有充分的合理推诿理由的话。” 随后,SOHAIB 和 MUNEEB 又讨论了删除备份和更改 DNS 信息的问题。
MUNEEB: “Eh, they can recover from yesterday. [The IT manager] will have some work to do.” MUNEEB and SOHAIB discuss Company-1 customers, including Veteran’s Affairs OIG, Education Department OIG, DHS OIG, and customer data. MUNEEB: “DHS was a big [customer].” SOHAIB: “Just go into each of them and start the delete process. It will take its time… It will eventually delete all their files.”
MUNEEB:“呃,他们可以从昨天的数据恢复。[IT 经理] 有得忙了。” MUNEEB 和 SOHAIB 讨论了公司-1 的客户,包括退伍军人事务部监察长办公室 (OIG)、教育部 OIG、国土安全部 OIG 以及客户数据。 MUNEEB:“国土安全部是个大客户。” SOHAIB:“进入每一个系统,开始删除过程。这需要点时间……最终会删除他们所有的文件。”
MUNEEB: “Sabes, don’t say nothin’, OK, don’t worry about it.” SOHAIB: “I ain’t sayin’ shit.” SOHAIB: “You should have thought about it prior, man.” MUNEEB: “What do you mean? Like had a kill script, what do you mean?” SOHAIB: “Blackmailing them in for some money would’ve been…” MUNEEB: “No, you do not do that. That’s proof of guilt, man.”
MUNEEB:“Sabes(你知道的),什么都别说,好吗,别担心。” SOHAIB:“我什么都不会说。” SOHAIB:“你早该想到这一点的,伙计。” MUNEEB:“你什么意思?像是有个销毁脚本吗,你什么意思?” SOHAIB:“勒索他们要点钱本来会……” MUNEEB:“不,你不能那么做。那是犯罪证据,伙计。”
SOHAIB: “No but the thing was you always have your opinion, I could just communicate with their customers.” MUNEEB: “Communicate with their customers is a different thing!” SOHAIB: “So you’re saying these are two separate things?” MUNEEB: “There ya go. Go say that man, go argue for that, then they’ll think you’re the one behind this shit.” SOHAIB: “… They’re gonna probably raid this place.” MUNEEB: “Eh, I’ll clean this shit up. I don’t got shit.”
SOHAIB:“不,但问题是你总有你的想法,我可以直接联系他们的客户。” MUNEEB:“联系他们的客户是另一码事!” SOHAIB:“所以你是说这是两件分开的事?” MUNEEB:“这就对了。你去说吧,伙计,去争辩吧,到时候他们就会认为你才是幕后黑手。” SOHAIB:“……他们可能会突袭这个地方。” MUNEEB:“呃,我会把这些烂摊子清理干净的。我什么都没留下。”