The call took place at the end of the day, wrapping up at 4:50 pm. Five minutes later, Sohaib was already trying to access his (now former) employer’s network—but found that his VPN access and Windows account were terminated.

Muneeb’s account had been overlooked, however, and he immediately embarked on a campaign of destruction.

At 4:56 pm, Muneeb accessed a US government database that his company maintained. He “issued commands to prevent other users from connecting or making changes to the database, and then issued a command to delete the database,” the government said.

At 4:58 pm, he wiped out a Department of Homeland Security database using the command “DROP DATABASE dhsproddb.”

At 4:59 pm, he asked an AI tool, “How do i clear system logs from SQL servers after deleting databases?” He later asked, “How do you clear all event and application logs from Microsoft windows server 2012?”

In the space of a single hour, Muneeb deleted around 96 databases with US government information. He downloaded 1,805 files belonging to the EEOC and stashed them on a USB drive, then grabbed federal tax information for at least 450 people.