UK authorities report that the detention of two adolescent hackers has interrupted the activities of a notorious hacking organization.

UK authorities report that the detention of two adolescent hackers has interrupted the activities of a notorious hacking organization.

On Thursday, police in the U.K. announced that the imprisonment of two hackers has significantly hindered the operations of the notorious cybercrime group known as Scattered Spider.

Owen Flowers, 18, and Thalha Jubair, 20, admitted guilt earlier this year for hacking Transport of London (TfL), the government entity managing the public transit system of the U.K. capital, in 2024. They received sentences of five years and six months in prison on Thursday. 

The incarceration of Flowers and Jubair serves as a reminder that often the most dangerous and proficient hackers are not employed by advanced government organizations with substantial budgets. Instead, they frequently comprise young and intelligent individuals driven by financial gain and notoriety among their peers.

Groups like Scattered Spider and ShinyHunters, another criminal network, typically focus on targeting and manipulating individuals and employees rather than solely compromising computer systems, a tactic that proves both effective and challenging to combat.

While members of hacking groups may fluctuate, the entities themselves can rebrand. However, U.K. authorities believe the imprisonment of Flowers and Jubair constitutes a major setback for Scattered Spider, a fluid organization tied to numerous notable attacks, including those against the casino giant MGM, airline WestJet, and cybersecurity company Okta. These breaches subsequently provided the hackers access to many customers of these firms. 

“Scattered Spider has posed the most considerable cybercrime risk to the U.K. in recent times. This investigation has significantly undermined that risk and brought important perpetrators to justice,” remarked Paul Foster, head of the U.K. National Crime Agency’s National Cyber Crime Unit. 

The two hackers executed the cyberattack against TfL in the summer of 2024, resulting in the shutdown of the system’s infrastructure, including the ticketing system and the online real-time train arrival information. The disruptions persisted for several weeks.

Flowers and Jubair were apprehended a year later. At the time, the FBI accused Jubair of engaging in attacks on over 120 companies employing social engineering techniques. 

Authorities stated that the attack on TfL led to losses estimated at approximately £29 million (around $47 million). The hackers gained such extensive access to TfL’s systems that they “could have completely locked out and disabled TfL,” holding “the keys to the kingdom” to the company’s infrastructure, according to The Guardian.

When you buy via links in our articles, we may earn a modest commission. This does not influence our editorial independence.

Leave a Reply