Two young men have each been sentenced to five years in prison for launching a cyber attack on Transport for London (TfL) which cost tens of millions of pounds in losses and inconvenienced thousands of customers.
Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, West Midlands, were identified by the NCA and City of London Police (CoLP) following the infiltration of TfL’s network between 31 August and 3 September 2024, says the National Crime Agency.
They both pleaded guilty to the attack last month in what was only the second criminal prosecution of its kind in the UK under the Computer Misuse Act (CMA).
Section 3ZA of the CMA is the most serious section as it applies where the unauthorised act causes or creates a significant risk of serious damage, and the person intends or is reckless as to that damage.
Jubair and Flowers, who were arrested at their home addresses on 16 September last year by the NCA and CoLP, were both leading members of the online criminal collective known as Scattered Spider.
While swift action by TfL limited the impact, a number of services relied on by the public were disrupted. These included the Dial-a-Ride booking service, which provides transport to vulnerable Londoners, the provision of concessionary travel cards, the digital payments channel and a delay to the extension of contactless ticketing.
All 27,000 of TfL’s employees were forced to attend a TfL office for a password reset and a total of 148 systems became inoperable, including critical ones that required significant manual workarounds and delays. The organisation, which reported the incident to CoLP’s Report Fraud service, suffered a reported £29 million in loss and recovery costs.
However, had the attack succeeded in shutting down the transport network the estimated cost to the UK economy could have been up to £56 billion.
Data from TfL’s Oyster refunds system was accessed and the incident also affected TfL’s customer refund system, leaving some out of pocket for much longer than usual. It also closed down the application system for Oyster photocards for children and young people.
Flowers was initially arrested for the TfL attack on 6 September 2024, at which point he was found to be in the process of hacking the systems of US healthcare companies SSM Health Care Corporation and Sutter Health, which had been infiltrated and damaged.
Investigators found a number of devices at his home including laptops, computer towers, hard drives and USB sticks.
One laptop contained a screen shot showing network connectivity to TfL infrastructure.
The laptop also contained a number of videos that Flowers had recorded, showing Jubair accessing TfL systems during the attack. The pair were messaging each other over Telegram at the same time and also communicated via an online tool where multiple participants can work remotely in a common workspace.
Following his initial arrest, Flowers was arrested again for a bail breach relating to non-compliance with conditions concerning his device usage.
Jubair was also charged for failing to disclose the pin or passwords for devices seized from him.
Both individuals changed their pleas to guilty on the day they were due to stand trial at Woolwich Crown Court. At the same court yesterday Flowers and Jubair were each sentenced to five years and six months imprisonment.
Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said:
“This is the largest cyber crime prosecution ever brought before the UK courts and the culmination of nearly two years of painstaking work by the NCA, CPS and our policing partners.
“Scattered Spider has been the most significant cybercrime threat to the UK in recent years. Through this investigation, we have severely disrupted that threat and brought key offenders to justice.
“The attack on Transport for London caused significant financial harm and disruption to a vital part of the UK’s critical infrastructure. These convictions would likely not have been possible had Transport for London not engaged with law enforcement early, so I would urge any other organisation to please do the same in such circumstances.
“We will continue working with partners in the UK and overseas to identify offenders and bring them to justice.”
(Picture: Yay Images)



















