Teen hackers who live streamed cyber-attack on TfL jailed

Teenage Cybercriminals Face Prison After Live-Streaming Transport for London Attack

Teen hackers who live streamed cyber – Two young men who orchestrated a devastating cyber-attack on Transport for London during their teenage years have each received sentences of five years and six months behind bars. The pair, identified as Owen Flowers from Walsall and Thalha Jubair from east London, entered guilty pleas in June regarding their involvement in the 2024 breach that brought significant disruption to London’s transport network.

Both defendants were characterized by the court as socially isolated individuals deeply engrossed in computing. They executed their operation as members of a loosely organized cybercrime group called Scattered Spider, which has gained notoriety for targeting major organizations across multiple countries.

The Live-Streamed Breach

The attack, which unfolded over a sixteen-hour period, was broadcast live to viewers online. Woolwich Crown Court was informed that the criminals deliberately chose to stream their activities, showcasing their confidence and technical prowess. The breach began at 1700 hours on August 31, with Flowers being seventeen and Jubair eighteen at the time of the intrusion.

Telegram communications between the two revealed their excitement as they secured entry into TfL’s database containing information about Oyster card holders. The teenagers subsequently combed through the records seeking personal information about well-known London figures, and made attempts to access financial account details as well.

“Scattered Spider is creating webs on the London Underground,” Flowers would later joke — referring to the loosely coordinated group of young English-speaking hackers.

Widespread Impact on London

The consequences of the attack rippled across the entire organization. Online services experienced disruptions lasting several months, while the personal information of millions of individuals was compromised. All twenty-seven thousand TfL employees were required to manually reset their passwords, creating substantial operational challenges.

See also  Manchester born and bred, but moving to Israel

Fourteen separate technology systems were rendered non-functional, severely affecting services such as Dial-a-ride, which serves disabled and vulnerable residents throughout the capital. TfL officials noted that the situation could have escalated further had their information technology team not acted decisively to log out all staff members and ultimately disconnect the organization’s systems from the internet entirely.

The financial toll on the transport authority was substantial. TfL estimates the incident cost twenty-nine million pounds, a figure revised downward from an initial thirty-nine million pound assessment.

How the Hackers Gained Access

Both Flowers and Jubair, who have autism, exploited a vulnerability in TfL’s security protocols by deceiving a telephone help desk employee. Through social engineering, they convinced the worker to reset the password for an employee account they were impersonating, thereby gaining entry to the system.

The National Crime Agency alerted TfL to the unauthorized access, prompting the organization to begin removing the intruders. However, the criminals had already extracted data belonging to millions of people before being fully expelled from the network.

According to BBC reporting, the compromised database continues to circulate among criminal networks and holds information for up to ten million TfL customers. The initial data theft commenced on a Saturday evening, a strategic choice designed to minimize the likelihood of detection by staff members.

Background and Motives

Woolwich Crown Court heard that both defendants were solitary individuals with limited offline social connections, spending the majority of their time online without supervision. Flowers, in particular, was described as rarely leaving his home and dedicating most of his days to computer activities in his bedroom.

See also  Watch: What we know about newly discovered monkey species

Flowers had previously received a cease and desist order in October 2023 for minor cyber offenses, shortly after his sixteenth birthday. He was eventually apprehended in September 2024 in connection with the TfL incident. Arrest footage captured Flowers laughing as officers took him into custody.

During the raid, investigators discovered Flowers actively hacking two American healthcare organizations. Messages he had sent revealed he was joking about the potential for his attacks to “kill a 90-year-old on life support.” He subsequently pleaded guilty to charges related to those incidents alongside the London transport breach.

Police confiscated cryptocurrency assets valued at approximately one million pounds. Despite Flowers and Jubair accumulating millions in stolen or ransomed digital currency, authorities believe their primary motivation was achieving online fame rather than monetary profit.

Jubair, a single child who received his first laptop at age ten from parents who relocated to London from Bangladesh, had been known to law enforcement for several years. He began learning programming early and started interacting with criminals online by thirteen. His first arrest occurred in February 2021 when he was fourteen, and he received a Youth Rehabilitation Order in 2023 while still classified as a juvenile.

The National Crime Agency has identified the growing presence of young hackers in the United Kingdom as one of the most significant threats to the nation’s digital security infrastructure. Scattered Spider has been connected to numerous additional cyber-attacks targeting major retailers including Marks and Spencer and the Co-op, with arrests of young men and boys linked to the group occurring across the UK, United States, and Finland over the past two years.

See also  Met chief defends knife attack officers after Greens criticism