Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Britain's Largest Cybercrime Conviction: The Sentence Imposed on Scattered Spider Duo for Transport for London Attack



The British justice system has handed down sentences to the individuals responsible for what was described as one of the most significant cybercrime incidents in UK history, with Owen Flowers and Thalha Jubair receiving five and a half years in prison each for their roles in the 2024 attack on Transport for London. The case highlights the complexities and challenges associated with investigating and prosecuting cybercrime offenses.

  • Owen Flowers and Thalha Jubair, members of Scattered Spider, have been convicted and sentenced to 5.5 years in prison each for their roles in the 2024 Transport for London (TfL) cyberattack.
  • The attack resulted in significant financial harm and disruption to critical infrastructure, with minimal disruptions to the transport network itself.
  • Flowers, aged 16 at the time of the attack, had a history of lower-level computer offenses before his involvement in TfL; Jubair, 20 years old, had an extensive history of cybercrime dating back to his teenage years.
  • The investigation was led by the National Crime Agency (NCA), with assistance from other UK law enforcement agencies and international partners.
  • Forensic analysis of an Acer laptop owned by Flowers played a significant role in securing the convictions, revealing evidence of remote infrastructure access and cryptocurrency account activity.
  • The sentencing marks the culmination of nearly two years of investigation into the TfL attack, highlighting the importance of addressing gaps in existing laws governing cybercrime.


  • The British justice system has finally closed a chapter that had been pending for nearly two years, handing down sentences to the individuals responsible for what was described as one of the most significant cybercrime incidents in UK history. Owen Flowers and Thalha Jubair, both members of the loosely connected group known as Scattered Spider, have been convicted and sentenced to five and a half years in prison each for their roles in the 2024 attack on Transport for London (TfL).

    The attack, which was carried out by Flowers and Jubair, resulted in significant financial harm and disruption to critical infrastructure. The pair gained access to TfL's network, elevated their privileges, and accessed key internal systems containing sensitive information. While there were minimal disruptions to the transport network itself, several services suffered from account logins, customer portals, and third-party apps reliant on TfL data being unavailable.

    Flowers, who was just 16 years old at the time of the attack, had a history of committing lower-level computer offenses before his involvement in the TfL incident. Despite having received training and advice on Computer Misuse Act (CMA) offenses, he continued to reoffend, culminating in the breach of bail conditions twice.

    On the other hand, Jubair, who was 20 years old at the time of the attack, had a more extensive history of cybercrime dating back to his teenage years. The young man had been arrested multiple times for various offenses before being linked to Scattered Spider's activities. Following his arrest in February 2021, officials discovered that he had accessed TfL's systems as far back as 2022.

    The investigation into the attack was led by the National Crime Agency (NCA), with assistance from other UK law enforcement agencies and international partners. The NCA worked closely with Transport for London to gather evidence and bring Flowers and Jubair to justice, utilizing complex techniques to gather and analyze digital evidence.

    One critical piece of evidence that played a significant role in securing the convictions was an Acer laptop owned by Flowers. Forensic analysis revealed that Flowers had accessed remote infrastructure and virtual machines used to carry out the TfL attack. Furthermore, officers found videos and screenshots produced by Flowers depicting the attack in progress, as well as a cryptocurrency account tied to the pair's activities.

    The sentencing has been hailed as a significant victory for law enforcement efforts in combating cybercrime. Deputy Director Paul Foster of the NCA praised the close collaboration between the agency, Transport for London, and other partners, stating that without this engagement, it is unlikely the convictions would have been secured.

    Flowers and Jubair were both diagnosed with autism, which was acknowledged by Mr Justice Turner during sentencing. The judge noted that while their immaturity should have led to leniency, the sophisticated nature of the attack and the pair's intentions must be taken into account. The sentence served as a reminder of the seriousness of cybercrime offenses.

    The convictions also underscore the importance of addressing gaps in existing laws governing cybercrime. Deputy Director Foster emphasized the need for more effective tools, such as proposed Cyber Crime Risk Orders, to prevent reoffending and protect the public from future attacks. While such measures have yet to be implemented, officials remain optimistic that they will play a crucial role in preventing similar incidents in the future.

    The sentencing marks the culmination of nearly two years of investigation into the TfL attack, one of the most significant cybercrime cases in UK history. The case serves as a stark reminder of the ever-evolving nature of cyber threats and the importance of vigilance and cooperation between law enforcement agencies to combat these challenges.

    Related Information:
  • https://www.ethicalhackingnews.com/articles/Britains-Largest-Cybercrime-Conviction-The-Sentence-Imposed-on-Scattered-Spider-Duo-for-Transport-for-London-Attack-ehn.shtml

  • https://www.theregister.com/cyber-crime/2026/07/16/brit-scattered-spider-duo-handed-tickets-to-prison-over-transport-for-london-attack/5272446


  • Published: Thu Jul 16 09:44:40 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us