The two hackers, Thalha Jubair, 20, and Owen Flowers, 18, were arrested last year in their homes by London Police and the UK National Crime Agency (NCA) for their alleged participation in a hack of Transport for London (TFL).
Flowers had also been arrested in September 2024 for alleged breaches of the Computer Misuse Act.
The hack, which was disclosed on 2 September 2024, resulted in limited system access and exposed commuter data, stunting transport operations in the city. Both were identified as having been involved in other cyber attacks, according to the NCA. Both were identified as members of the online cyber crime collective, Scattered Spider.
The two reportedly breached TfL’s Oyster refunds system, closing down applications for Oyster photocards for children and young people and compromising data.
An investigation of Flowers’ home after his initial arrest found USB sticks, hard drives, tower computers and laptops, one of which contained a screenshot of network connectivity to TfL infrastructure. It also showed videos revealing that Jubair had accessed TfL systems during the attack, as well as messages between the two on Telegram and on an online remote workspace tool.
While the two were set to stand trial on 22 June at Woolwich Crown Court, they changed their pleas to guilty on day one of proceedings. They are set to be sentenced on 16 July.
“Cyber crime may appear faceless and distant compared to other crime types, but the infiltration of TfL’s systems shows it has real-world consequences and impacts hugely on the public,” said the head of the NCA’s National Cyber Crime Unit deputy director Paul Foster.
“The attack caused millions of pounds in losses to a key part of the UK’s critical national infrastructure, and was a significant inconvenience for customers.
“Today’s result would not have been possible if TfL had not engaged with law enforcement early, so I would urge any other organisation to please do the same in such circumstances.
“The profile of offenders like Flowers and Jubair demonstrates the increasing threat from cyber criminals based in the UK and other English-speaking countries, epitomised by Scattered Spider.”
Nik Adams, Deputy Commissioner of the City of London Police, also outlined the damage caused by the incident.
“The cyber attack on Transport for London had a significant and far-reaching impact, causing major disruption and affecting the day-to-day operations of essential public services. Those who target critical organisations, cause substantial financial harm, and disrupt the daily lives of the public will not do so without consequence,” he said.
“As the national lead force for fraud and economic crime, we have been absolutely clear in our message: we will work around the clock with our partners and stakeholders to ensure the UK remains a hostile environment for cyber criminals.
“From the outset, we have worked tirelessly alongside the National Crime Agency on what has been a lengthy and highly complex investigation. Today’s outcome is the result of that close partnership, and it demonstrates the power of joint working between law enforcement agencies to pursue those who seek to undermine the systems that keep our country running.”
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
