British police said on Thursday that the jailing of two hackers has “severely” hampered the activities of the notorious cyber crime group known as Scattered Spider.
Owen Flowers, 18, and Thalha Jubair, 20, pleaded guilty earlier this year to breaching Transport of London (TfL), the government body that oversees the UK capital’s public transport system, in 2024. The pair were jailed for five years and six months on Thursday.
The jailing of Flowers and Jubair is a reminder that sometimes the most dangerous and effective hackers don’t work for sophisticated government agencies with million-dollar budgets. Most of the time, they are probably very young and smart hackers motivated by money and notoriety among their peers.
Groups like Scattered Spider, as well as ShinyHunters, another cybercriminal group, often target and exploit employees and individuals rather than computer systems, a strategy that is both effective and difficult to counter.
While members of hacking groups tend to come and go, the groups themselves can rebrand. But British authorities are convinced that the jailing of Flowers and Jubair represents a major blow to Scattered Spider, a shadowy group that has been linked to dozens of high-profile attacks, including those against casino giant MGM, airline WestJet and cybersecurity firm Okta. These attacks in turn gave the hackers access to several of these companies’ customers.
“The Scattered Spider has been the UK’s most significant cybercrime threat in recent years. Through this investigation, we have seriously disrupted this threat and brought the key offenders to justice,” said Paul Foster, head of the UK’s National Crime Agency’s National Cybercrime Unit.
The two hackers were behind the cyber attack against TfL in the summer of 2024, which took the system’s infrastructure offline, including its ticketing system and online real-time train arrival information system. The disturbances lasted for weeks.
Flowers and Jubair were arrested a year later. At the time, the FBI accused Jubair of participating in attacks on more than 120 companies using social engineering tactics.
Authorities said the attack against TfL resulted in losses of around 29 million pounds (about $47 million). The two hackers had such deep access to TfL systems that they “could have shut down and shut down TfL completely” and held “the keys to the kingdom” in the company’s systems. according to the Guardian.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
