News

Teens who hacked TfL were known to police years before cyber-attack

Table of Contents
  1. Teens who hacked TfL were known to police years before cyber-attack
  2. Theft and Ties to a Notorious Hackers’ Collective

Teens who hacked TfL were known to police years before cyber-attack

Teens who hacked TfL were known – Two teenagers implicated in a 2024 cyber-attack that disrupted Transport for London (TfL) operations had been under police surveillance for years prior to their crimes, according to a BBC investigation. Owen Flowers, 18, from Walsall, and Thalha Jubair, 20, from east London, were found guilty of launching a ransomware campaign that crippled TfL’s systems for months, exposing the sensitive data of millions of passengers and requiring all 28,000 employees to manually reset their passwords. The case has sparked renewed debate about the role of youth in cybercrime and the effectiveness of early intervention strategies.

Theft and Ties to a Notorious Hackers’ Collective

The BBC’s findings revealed that Flowers and Jubair were not first-time offenders. Flowers, who had been living with his grandmother, was initially flagged by the West Midlands Regional Cyber Crime Unit in October 2023 for a series of minor cyber incidents. During a routine check, authorities issued him a cease-and-desist order, but he showed little willingness to cooperate. This lack of engagement led to his exclusion from the Cyber Choices programme, a national initiative aimed at guiding young hackers toward productive paths. Jubair, meanwhile, had a more extensive criminal history, with 22 convictions dating back to his teenage years, including a 2023 Youth Rehabilitation Order for offenses tied to the Lapsus$ hacking group. This group, known for targeting major corporations such as Nvidia and BT/EE, was central to Jubair’s early cyber activities.

Both individuals are now wanted in the United States for alleged cybercrimes involving over $87 million in stolen and extorted funds. Their actions, which included a coordinated ransomware attack on TfL, have highlighted the growing threat posed by young hackers who operate with minimal oversight. The National Crime Agency (NCA) has pointed to the case as evidence that even seemingly minor cyber incidents can escalate into large-scale disruptions, underscoring the need for more proactive measures.

Scattered Spider: A Gang of Digital Activists

Flowers and Jubair were part of the Scattered Spider, a loosely organized group of English-speaking hackers who have been linked to multiple high-profile breaches. This collective has targeted organizations ranging from supermarkets to telecommunications firms, often exploiting vulnerabilities in their digital infrastructure. The NCA has emphasized that the TfL case is just one example of the group’s capabilities and that their activities demonstrate a pattern of calculated attacks. Deputy Director Paul Foster of the National Cyber Crime Unit remarked that such cases highlight the importance of early identification and intervention, particularly for individuals who may be developing expertise in cybercrime before they reach their teenage years.

Flowers, who was arrested on 16 September 2024, days after the TfL breach began on 31 August, was found in possession of cryptocurrency worth millions of pounds. His home was raided, and investigators uncovered multiple devices used to execute the attack, including laptops, hard drives, and USB sticks. Jubair’s involvement in the Lapsus$ group suggests a more established network, with evidence pointing to his participation in cyber operations that spanned years. The case has raised questions about the adequacy of current monitoring systems and the need for enhanced legal frameworks to address emerging threats.

As the trial of Flowers and Jubair approaches, experts have weighed in on the broader implications of their actions. A witness who testified in Jubair’s earlier case with the Lapsus$ group noted that young hackers often underestimate the real-world consequences of their work. “You have people who have already demonstrated a pattern of serious offenses,” the expert said, reinforcing the argument that stricter deterrents are essential to prevent future attacks. The NCA’s proposed Cyber Crime Risk Orders (CCROs) aim to address this issue by allowing authorities to impose restrictions on individuals deemed high-risk before they commit major crimes.

The TfL breach serves as a cautionary tale for cybersecurity professionals and policymakers. With the global cost of cybercrime projected to reach $10.5 trillion annually by 2025, incidents involving young hackers are becoming increasingly common. The case also illustrates the challenges of tracing digital footprints and holding offenders accountable, especially when they operate from remote locations or across international borders. As the legal process unfolds, the public will be watching closely to see how the UK’s approach to cybercrime evolves in response to such incidents.

Leave a Comment