Police in the United Kingdom said Thursday that the imprisonment of two hackers has “severely” hampered the activities of the infamous cybercrime group known as Scattered Spider. Owen Flowers, 18, and Thalha Jubair, 20, pleaded guilty earlier this year to hacking Transport for London (TfL), the government body that oversees the UK capital’s public transport
Police in the United Kingdom said Thursday that the imprisonment of two hackers has “severely” hampered the activities of the infamous cybercrime group known as Scattered Spider.
Owen Flowers, 18, and Thalha Jubair, 20, pleaded guilty earlier this year to hacking Transport for London (TfL), the government body that oversees the UK capital’s public transport system, in 2024. The two were sentenced to five years and six months in prison on Thursday.
The imprisonment of Flowers and Jubair is a reminder that sometimes the most dangerous and effective hackers don’t work for sophisticated government agencies with millions of dollars in budgets. More often, they are very young and intelligent hackers motivated by money and infamy among their peers.
Groups like Scattered Spider, as well as ShinyHunters, another cybercriminal collective, often attack and exploit employees and individuals rather than computer systems, a strategy that is both effective and difficult to counter.
While members of hacker groups tend to come and go, the groups themselves can change names. But British authorities are convinced that the jailing of Flowers and Jubair represents a significant blow to Scattered Spider, an amorphous group that has been linked to dozens of high-profile attacks, such as those against casino giant MGM, airline WestJet and cybersecurity firm Okta. These attacks, in turn, gave the hackers access to several of these companies’ customers.
“Scattered Spider has been the most significant cybercrime threat to the UK in recent years. Through this investigation, we have seriously disrupted that threat and brought key offenders to justice,” said Paul Foster, head of the National Cybercrime Unit at the UK National Crime Agency.
The two hackers were behind the cyberattack on TfL in the summer of 2024, which took the system’s infrastructure offline, including the ticketing system and the real-time online train arrival reporting system. The riots lasted for weeks.
Flowers and Jubair were arrested a year later. At the time, the FBI accused Jubair of being involved in attacks on more than 120 companies using social engineering tactics.
Authorities said the attack on TfL resulted in losses of around £29 million (around $47 million). The two hackers had such deep access to TfL’s systems that they “could have shut down and shut down TfL entirely” and had “the keys to the kingdom” to the company’s systems, according to The Guardian.
When you buy through links in our articles, we may earn a small commission. This does not affect our editorial independence.
Check back often for more exciting news!















