Two Britons plead guilty to £39m 2024 cyber-attack on Transport for London | Cybercrime
Two British cybercriminals, Thalha Jubair, 20, and Owen Flowers, 18, pleaded guilty at Woolwich crown court to a 2024 cyber-attack on Transport for London (TfL). According to prosecutors, the attack cost TfL £39 million and affected 10 million customers, as part of an operation by the hacking group known as Scattered Spider.
How did the TfL cyber-attack impact passengers?
The attack disrupted essential transit services, including live tube arrival information on the TfL website and the TfL Go app. According to the National Crime Agency (NCA), the hackers accessed the refunds system, which left some customers waiting longer than usual for their money.
TfL was also unable to process payments via contactless or Oyster apps, and the application system for children’s Oyster photocards was shut down. The organization emailed more than 7 million customers in September 2024 to warn them that some data may have been taken, while the BBC reported that 10 million customers had their data stolen.
Who are the hackers behind the Scattered Spider group?
Thalha Jubair, of Bow, east London, and Owen Flowers, of Walsall, West Midlands, admitted to conspiring to commit unauthorized acts against TfL systems. The NCA believes they are part of Scattered Spider, an online hacking community suspected of multiple attacks in recent years.
Investigators found laptops, USB sticks, and hard drives at Flowers’ home. One laptop contained a screenshot of network connectivity to TfL infrastructure and videos recorded by Flowers showing Jubair accessing the systems. The pair communicated using the Telegram messaging platform and a remote collaboration tool.
Flowers also admitted to hacking SSM Health Care Corporation and attempting to hack Sutter Health in the US around September 6, 2024. Separately, the US Department of Justice has accused Jubair of targeting 47 US organizations, which allegedly resulted in more than $100 million (£75 million) in ransom payments.
Why does this attack signify a growing threat?
Paul Foster, head of the NCA’s national cyber crime unit, stated the incident underlines the rising threat from English-speaking hackers based in the UK and other similar countries. He noted that high-profile hacks were typically carried out by Russian-speaking assailants or those from the former Soviet Union.
Foster added that the damage to TfL proves cybercrime has “real-world consequences” for the public. Prosecutors told Westminster magistrates court that the attack caused a “loss of livelihood” for individuals dependent on TfL licenses.
What happens next for the defendants?
Mr Justice Turner remanded both Jubair and Flowers in custody. A two-day sentencing hearing is scheduled for July 15.
While the pair pleaded guilty to the TfL charges, Flowers denied two additional hacking charges. Those charges were ordered to lie on file and could potentially be addressed in future legal proceedings.
Frequently Asked Questions
How much did the TfL cyber-attack cost?
Prosecutors stated the attack resulted in a £39 million loss for Transport for London.
Which hacking group was responsible for the attack?
The National Crime Agency believes the attack was carried out by an online hacking community known as Scattered Spider.
What specific TfL services were disrupted?
The attack blocked live tube arrivals on the website and app, stopped Oyster and contactless app payments, hindered Oyster card registrations, and shut down the Oyster photocard application system for young people.
Do you think the rise of English-speaking hacking groups makes public infrastructure more vulnerable to cyber-attacks?