Key Takeaways:
- 2 young men pleaded guilty to the massive Transport for London cyberattack in 2024.
- Owen Flowers and Thalha Jubair had histories of juvenile hacking offenses before the breach.
- The case prompted UK officials to demand new powers to restrict high-risk repeat cyber offenders.
Two young men who admitted carrying out the 2024 Transport for London cyberattack had been known to police for years, prompting renewed scrutiny of efforts to prevent repeat cybercrime among young offenders.
The cyberattack disrupted Transport for London (TfL) services for months, exposed the personal data of millions of passengers, and forced all 28,000 employees to reset their passwords in person. Owen Flowers, 18, of Walsall, and Thalha Jubair, 20, of East London, pleaded guilty Monday to their roles in the attack and are scheduled to be sentenced July 16.
Authorities Tried to Stop Offenders Before the Attack
Investigators found both men had previous contacts with law enforcement before the Transport for London cyberattack.
Flowers first came to police attention in October 2023 after carrying out low-level cyber offenses shortly after turning 16. Officers from the West Midlands Regional Cyber Crime Unit visited him, issued a cease-and-desist warning, and considered referring him to the national Cyber Choices program, which aims to steer young people away from cybercrime.
Police decided Flowers was not suitable for the program because he was already under investigation and unwilling to cooperate. Within months, prosecutors said, he became involved with the cybercrime group Scattered Spider and participated in increasingly serious attacks that culminated in the TfL breach.
Jubair also had an extensive criminal history. In 2023, while still a juvenile, he received a Youth Rehabilitation Order for cyber offenses linked to the Lapsus$ hacking group, which targeted several major companies. Court records show he has 22 previous convictions and began offending at age 14.
Hack Caused Widespread Disruption and International Cases
Authorities arrested Flowers on Sept. 16, 2024, weeks after the Transport for London cyberattack began on Aug. 31. During searches of his home, investigators seized multiple electronic devices and reportedly discovered cryptocurrency holdings worth millions of pounds.
The National Crime Agency (NCA) said investigators also uncovered evidence linking Flowers to cyberattacks against two U.S. healthcare organizations, SSM Health and Sutter Health. He later pleaded guilty to offenses connected to those incidents and remains wanted by U.S. authorities.
Jubair is also wanted in the United States in connection with cybercrimes that allegedly stole and extorted about $87 million from victims.
Both defendants were identified as members of Scattered Spider, a loosely organized group linked to multiple high-profile cyberattacks, including incidents involving major British retailers.
Officials Seek Stronger Powers to Prevent Repeat Cybercrime
NCA Deputy Director Paul Foster said the case demonstrates the need for stronger legal tools to intervene before experienced cyber offenders commit additional crimes.
He said proposed Cyber Crime Risk Orders would allow police and courts to impose restrictions on individuals considered at high risk of committing serious cyber offenses. “They would enable earlier law enforcement interventions against high-risk cybercrime offenders,” Foster said.
Cybersecurity expert Peter Sommer said the Transport for London cyberattack highlights how some repeat offenders continue committing crimes despite police scrutiny. “They don’t seem to understand the consequences, and there are real victims here,” Sommer said, noting that cyberattacks can financially devastate individuals and disrupt organizations.
During court proceedings, judges heard that both Flowers and Jubair have been diagnosed with autism. The court also heard Jubair has depression and a severe mood disorder.
The case has renewed debate over whether existing intervention programs and legal measures are sufficient to prevent young cyber offenders from escalating to large-scale attacks.
Visit more of our news! CyberPro Magazine
