Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

‘Selfish Bravado’ Behind TfL Cyber-Attack, Judge Says as Pair Jailed

July 16, 2026

Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot

July 16, 2026

Phishing Campaign Hides Lua Loader as TrueType Font File

July 16, 2026
Facebook X (Twitter) Instagram
Thursday, July 16
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»‘Selfish Bravado’ Behind TfL Cyber-Attack, Judge Says as Pair Jailed
News

‘Selfish Bravado’ Behind TfL Cyber-Attack, Judge Says as Pair Jailed

Team-CWDBy Team-CWDJuly 16, 2026No Comments5 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Read more about the 2024 cyber-attack targeting Transport for London (TfL):

Two young men have been sentenced to five years and six months in prison each for the cyber-attack against Transport for London (TfL) after the judge found their actions were motivated in part by “selfish bravado” rather than purely financial gain.

Owen Flowers, 18, and Thalha Jubair, 20, were charged with committing unauthorised acts against TfL under the UK’s Computer Misuse Act (CMA). On June 22, 2026, they pleaded guilty to carrying out the attack in what was only the second criminal prosecution of its kind in the UK under the CMA.

The sentence was pronounced by Judge Justice Turner at Woolwich Crown Court, London, on July 16. It considers the guilty pleas for both defendants, as well as mitigating factors – such as their youth and diagnosed neurodiversity – and aggravating factors, notably the fact their “high expertise” meant they likely understood the impact of their actions.

Flowers and Jubair are believed to be part of a gang known as Scattered Spider. The group has been linked to major cyber-attacks over the past few years, including the Marks & Spencer and Co-op incidents in 2025. 

Alongside other cybercriminal orgnaizations like Lapsus$ and ShinyHunters, Scattered Spider emanated from a loose collective known as The Com.

“To access victims, groups linked to The Com “mainly use phishing, voice phishing (vishing) and SIM swapping. They have also deployed ransomware strains and demonstrate a diverse range of tactics,” said the UK’s National Crime Agency (NCA).

TfL Cyber-Attack Caused Significant Financial and Operational Impact

According to the NCA, the cyber-attack cost TfL £29m ($38m) in loss and recovery costs, with TfL claiming an additional £10m ($13.5m) in lost income.

While the incident did not directly impact the TfL transport system, it had a ripple effect on many of the company’s internal and customer-facing systems.

For instance, the perpetrators gained access to data from TfL’s Oyster refund system, leading to the company to close down applications for Oyster photocards for children and young people.

Additionally, the booking system for the Dial-a-Ride buses used by people with disabilities was shut down because of the breach and data on live tube times for mobile apps like TfL Go and CityMapper was taken offline.

Some TfL staff members were sent to work from home for the whole of September 2024 and over 27,000 employees were also required to reset their passwords in person.

In total, the hack is estimated to have affected between seven and 10 million people across the UK.

Had the attack succeeded in shutting down the transport network the estimated cost to the UK economy could have been up to £56bn ($75bn), according to the NCA.

Social Engineering and 2FA Reset

Flowers was 17 and Jubair was 18 when they gained access to TfL systems on 31 August, 2024. They maintained access to the system until September 3, 2024.

A senior NCA officer confirmed the two young men used TfL employees’ partial user credentials obtained from “well-known online criminal marketplaces and forums,” as well as other social engineering techniques to gain access to the system and request a two-factor authentication (2FA) reset.

“It took multiple attempts to successfully reset that 2FA, so they were persistent – as we know they are – and then they then worked to escalate privileges within TfL systems,” the senior NCA officer added.

Flowers and Jubair were in close contact throughout the whole operation, with Telegram messages between the pair mentioning they gained access to TfL’s database of people with Oyster cards.

The pair also streamed some of the “progress of their activity” to a live audience, said Justice Turner during the sentencing.

Flowers had a history with law enforcement prior to the TfL case. In October 2023, West Midlands Police issued him a cease and desist notice. At that time, he was offered the opportunity to undergo training and receive guidance concerning computer misuse laws, but he declined to take part.

Following his arrest and charges relating to the TfL hacking incident in 2024, Flowers was granted bail, though subject to stringent conditions. He failed to comply with these conditions on two separate occasions – once in October 2024 and again in May 2025. Additionally, he received a formal warning in March 2025.

Jubair’s contact with police also predates the TfL case, stretching back several years. Notably, in 2023, when he was still a minor, he was handed a Youth Rehabilitation Order for offences connected to Lapsus$. Reporting restrictions at the time meant his identity remained protected due to his age.

Jubair’s criminal record is extensive, comprising 22 prior convictions, with his offending beginning at just 14 years old. Beyond his UK case, he is also sought by US authorities in relation to cybercrimes allegedly involving the theft and extortion of millions of dollars from victims.

UK’s Largest Cybercrime Prosecution

Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said, “This is the largest cybercrime prosecution ever brought before the UK courts and the culmination of nearly two years of painstaking work by the NCA, Crown Prosecution Service (CPS) and our policing partners.”

“Scattered Spider has been the most significant cybercrime threat to the UK in recent years. Through this investigation, we have severely disrupted that threat and brought key offenders to justice,” he added.

According to the NCA, the threat from serious and organized cybercrime to the UK remains very high in 2026.

“The intent of cybercriminals impacting the UK remains consistent; while there has been a small number of attacks from UK-based individuals whose motivation includes notoriety, the vast majority of attacks are conducted by criminals based in other jurisdictions, for financial gain,” said an NCA spokesperson.

Image credit: Mounir Taha / Shutterstock.com



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleSix New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot
Team-CWD
  • Website

Related Posts

News

Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot

July 16, 2026
News

Phishing Campaign Hides Lua Loader as TrueType Font File

July 16, 2026
News

Laser Attack Resets Tangem Wallet Passwords on Cards That Can’t Be Patched

July 16, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

How the always-on generation can level up their cybersecurity game

September 11, 2025

How to tell if a voice call is AI or not

February 23, 2026

In memoriam: David Harley

November 12, 2025

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.