U.K police said on Thursday that the jailing of two teenage hackers has “severely” hampered the activities of the infamous cybercrime group known as Scattered Spider.
Owen Flowers, 18, and Thalha Jubair, 20, pleaded guilty earlier this year to hacking Transport of London (TfL), the government body overseeing the U.K. capital’s public transit system in 2024. The two were sentenced to five years and six months in prison on Thursday.
The jailing of Flowers and Jubair is a reminder that, sometimes, the most dangerous and effective hackers don’t work for sophisticated government agencies with millions of dollars of budget. More often, they are rather very young and smart hackers motivated by money and infamy among their peers.
Groups such as Scattered Spider, as well as ShinyHunters, another cybercriminal collective, often target and exploit employees and individuals rather than computer systems, a strategy that’s both effective and hard to counter.
While hacking groups’ members tend to come and go, the groups themselves can rebrand. But British authorities are convinced the jailing of Flowers and Jubair represents a significant blow to Scattered Spider, an amorphous group that’s been linked to dozens of high-profile attacks, such as those against casino giant MGM, airline WestJet, and cybersecurity firm Okta. These attacks in turn gave the hackers access to several of these companies customers.
“Scattered Spider has been the most significant cybercrime threat to the U.K. in recent years. Through this investigation, we have severely disrupted that threat and brought key offenders to justice,” said Paul Foster, the head of the U.K. National Crime Agency’s National Cyber Crime Unit.
Two young men have been sentenced for launching a cyber attack on Transport for London (TfL) which cost tens of millions of pounds in losses and inconvenienced thousands of customers.
Thalha Jubair and Owen Flowers were identified by the NCA and @CityPolice following the attack… pic.twitter.com/ZJdmdZhXRJ — National Crime Agency (NCA) (@NCA_UK) July 16, 2026
The two hackers were behind the cyberattack against TfL in summer 2024, which took the system’s infrastructure offline, including the ticketing system, and the online real-time train arrival information system. The disruptions lasted for weeks.
... continue reading