Two young British men have pleaded guilty to orchestrating a cyberattack on Transport for London that resulted in £39 million in damages and significant operational disruption. Thalha Jubair, 20, from Tower Hamlets, and Owen Flowers, 18, from Walsall, changed their pleas at Woolwich Crown Court just before their trial was set to begin. The National Crime Agency identified both as members of Scattered Spider, a criminal hacking collective previously linked to attacks on Jaguar Land Rover, Marks and Spencer, and other major organizations.
The attack took place between August 29 and September 6, 2024, forcing TfL to reset passwords for 28,000 employees. Customer-facing services were severely impacted, with the Oyster refund system compromised, refunds delayed, and applications for children's and young people's Oyster photocards suspended. The breach affected one of the UK's most critical transportation networks, which serves millions of passengers daily.
Investigators seized multiple electronic devices from Flowers' residence, including laptops, computers, hard drives, and USB storage devices. Forensic analysis revealed a laptop containing screenshots showing active connectivity to TfL's infrastructure and evidence of accessing online marketplaces for stolen credentials. The NCA also recovered videos recorded by Flowers that showed Jubair accessing TfL systems during the attack. Communications between the two conspirators occurred through Telegram, and they collaborated using a shared online workspace.
Flowers faces additional charges related to attacks on US healthcare providers, having pleaded guilty to conspiring against SSM Health Care Corporation and attempting unauthorized access to Sutter Health systems. Jubair was charged under the Regulation of Investigatory Powers Act for refusing to disclose passwords to his devices, though this charge was left on file. The case highlights what the NCA describes as an increasing threat from English-speaking cybercriminals operating domestically.
Both defendants are scheduled for sentencing on July 15 and 16 at Woolwich Crown Court. Paul Foster, deputy director of the NCA's national cyber crime unit, emphasized that TfL's early engagement with law enforcement was critical to the investigation's success and urged other organizations to report incidents promptly. Transport Commissioner Andy Lord thanked staff and law enforcement partners while reaffirming TfL's commitment to system security and customer data protection.
Source: https://www.independent.co.uk/news/uk/crime/tfl-cyberattack-hack-thalha-jubair-owen-flowers-scattered-spider-b3000754.html