Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

The Infamous Scattered Spider Hackers: A Cautionary Tale of Cybercrime and Accountability




Two scattered spider hackers have been sentenced to five and a half years each for their role in the £29 million TfL hack. The duo's actions resulted in significant disruption to TfL's services and highlighted the importance of cybersecurity awareness and accountability. Read more about this shocking case and its implications for individuals and organizations.

  • TfL hackers Owen Flowers (18) and Thalha Jubair (20) were sentenced to five and a half years each for their role in the £29 million TfL hack.
  • The cyberattack left 148 TfL systems inoperable, affecting 27,000 employees and causing significant disruption to services.
  • The duo pleaded guilty to reckless endangerment of human welfare and admitted to being part of Scattered Spider, an extortion crew linked to data extortion, SIM swapping, and social engineering.
  • Experts urge increased awareness and early reporting to law enforcement to prevent similar attacks, as these convictions would not have happened without TfL's cooperation.
  • The case highlights the importance of cybersecurity awareness and accountability, with measures like Cyber Crime Risk Orders being called for to restrict individuals' devices and online services.



  • In a shocking turn of events, two scattered spider hackers, identified as Owen Flowers, 18, and Thalha Jubair, 20, have been sentenced to five and a half years each for their role in the £29 million TfL hack. This daring cyberattack, which left 148 TfL systems inoperable and forced all 27,000 of the transport authority's employees into an office to get their passwords reset in person, has sent shockwaves throughout the cybersecurity community.

    According to reports, Flowers and Jubair pleaded guilty to the charge on June 22, 2026, just days before their trial was set to commence. The pair admitted to being reckless as to whether they caused or created a significant risk of serious damage to human welfare, in accordance with Section 3ZA of the Computer Misuse Act 1990. This legislation is considered the most serious charge under the act and carries a maximum penalty of five years' imprisonment.

    The CPS has stated that Flowers and Jubair are believed to be the first hackers successfully prosecuted under Section 3ZA, with the NCA counting this case as only the second prosecution of its kind. However, the NCA notes that these two readings can sit together, one counting prosecutions brought under the section and the other counting those that ended in conviction, but neither agency explains the gap.

    The duo's actions resulted in significant disruption to TfL's services, with Dial-a-Ride, the digital payments channel, and the issuing of concessionary travel cards all affected. Furthermore, applications for Oyster photocards were closed, and refunds crawled as a result of the attack. The pair also accessed names and email addresses, along with home addresses where it held them, although it is unclear what they intended to do with this information.

    The CPS has revealed that the two hackers believed they would wipe the access on the way out, but their actions had serious consequences for the UK economy, with a successful shutdown of the network potentially costing £56 billion. However, as TfL pulled its own network down to contain the attack, the hypothetical scenario was deemed unnecessary.

    Flowers' arrest occurred just three days after the TfL intrusion ended, and investigators seized laptops, tower computers, hard drives, and USB sticks from his home. One laptop held a screenshot of network connectivity to TfL infrastructure, along with videos Flowers had recorded of Jubair moving through TfL systems during the attack.

    The pair were messaging on Telegram while the hack was underway and sharing an online workspace. Prosecutors proved that Flowers had been connected to the remote server used to launch all three intrusions, with his own devices linked to all three attacks. The information linking Jubair to TfL was obtained overseas, with help from prosecutors in their home country.

    The NCA describes both men as leading members of Scattered Spider, an extortion crew also tracked as Octo Tempest, UNC3944, and 0ktapus. While the CPS is more cautious, stating that the defendants claimed at various points to be members of a group that prosecutors believe carried out hundreds of attacks between 2022 and 2025.

    The FBI has linked the group to data extortion, SIM swapping, and social engineering. Jubair's other case remains open, with a complaint unsealed in New Jersey accusing him of computer fraud, wire fraud, and money laundering conspiracies. The allegations claim that the scheme involved roughly 120 network intrusions and at least 47 US victims between May 2022 and September 2025, with more than $115 million paid in ransoms.

    The NCA believes that the arrests have effectively halted the group's operations, citing Microsoft's assessment that the actions of Flowers and Jubair have materially degraded the group's ability to operate. However, it is acknowledged that other criminals may continue to use the Scattered Spider brand.

    In light of this case, experts are urging individuals to verify identity on password resets, device enrollment, and MFA changes, as these workflows are often exploited by cybercriminals like Flowers and Jubair. Paul Foster, who heads the NCA's National Cyber Crime Unit, is calling for increased awareness and early reporting to law enforcement, stating that these convictions would not have happened if TfL had not cooperated.

    The City of London Police has used the sentencing to lobby for a power it does not have: Cyber Crime Risk Orders. These orders would allow courts to restrict individuals' devices, online services, and technologies in proportion to the risk they pose. Commander Ollie Shaw has described these orders as a "digital prison," although this remains a contentious issue.

    The case of Flowers and Jubair serves as a stark reminder of the importance of cybersecurity awareness and accountability. As the threat landscape continues to evolve, it is essential that individuals and organizations take proactive measures to protect themselves from cyber threats.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/The-Infamous-Scattered-Spider-Hackers-A-Cautionary-Tale-of-Cybercrime-and-Accountability-ehn.shtml

  • https://thehackernews.com/2026/07/two-scattered-spider-hackers-get-55.html


  • Published: Thu Jul 16 13:35:19 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us