A young Fairfax County computer whiz is the target of a federal probe after he boasted to a co-worker that he'd figured out how to add value to prepaid gift cards without paying for it.
Muneeb Akhter was just 19 when he and his twin brother graduated from George Mason University and were featured in a Washington Post story. He earned a Master's in computer engineering and conducted cyber security research for DARPA, the Defense Advanced Research Projects Agency.
"My mission is just to see where the loopholes are, where to expose them and probably develop solutions to counter them," Akhter explained just a day after federal agents raided the Springfield-area home where he lives with his grandmother.
Akhter's mission has now landed him deep trouble.
A search warrant affidavit filed by a Department of Homeland Security special agent shows Akhter is now being investigated for computer fraud.
The agent writes in his affidavit:
A sworn signed statement was obtained from the subject, Muneeb Akhter. In the signed sworn statement, subject admitted to creating computer codes on his personal notebook computer to gain unlawful access to multiple e-commerce sites, including Shell Gas, Whole Foods, K-Mark, Starbucks and Dunkin Donuts. Akhter has used his codes to trick the e-commerce systems into adding funds to gifts cards he has possession of without actually expending any money to do so. He admitted to using his program to add funds to other individuals' gift cards without the need to actually expend funds.
Akhter said he landed a cyber security job last month and began work in late June. He said he couldn't resist boasting to a colleague about code he'd created that enabled him to take an ordinary $25 pre-paid gift card and add value to it.
"I told my co-worker I used to own my own company and we were doing attacks against smart cards, gift cards and those things," Akhter said. "I had a few gift cards with me and I showed him the gift cards and said 'I know how to reload them for free.'"
Akhter said he was able to load a Sears card with at least $500, a K-Mart card with $495, a Whole Foods card with $300 and a Starbucks card with $100. Akhter said he never actually used the monetary value he added to the card.
After he bragged about his capabilities, Akhter said his co-worker immediately told a manager and a Homeland Security agent questioned him. Akhter said his badge and parking pass were revoked, but the agent initially told him he was being considered for a higher position.
"We're interested in your skill set. We need you for this high level position but I need to know exactly what you did," Akhter remembered the agent saying.
Akhter said July 17, Homeland Security and Secret Service agents came to his home and again asked him about the code he'd developed. He didn't realize he was under investigation until July 24 when agents knocked on the door of his home and presented a Fairfax County search warrant.
He said an 11-person team scoured his house, seizing computers, phones and other electronics.
Akhter said he's not alarmed by what could be ahead.
"I've heard stories of a lot of other hackers who have had similar experiences so I don't think it's a big deal," Akhter said. "They should be more worried about what the tool can do if a malicious actor took it."
Now, Akhter waits to see what investigators determine. He has hired an attorney, A. Charles Dean, who declined comment on the case.
Akhter calls his gift-card experiment "cyber research." He said he'd planned to use his own company -- Warden Systems -- to approach retailers with a proposed fix.
"I'm a researcher," Akhter said. "I've been researching the field for a long time and a lot of my work shows it... I'm not a malicious guy," Akhter said.
Akhter has not been charged with any crime.