Bỏ qua đến nội dung chính
Back to home
Tech AI 2 min read

Two young hackers jailed for cyberattack on London transit system

Two British teenagers have been sentenced to over five years in prison for a major cyberattack on Transport for London, causing £29 million in losses.

Tier 1 · sources 82% confidence Auto-priority
Sources techcrunch.com

UK police announced on July 16, 2026, that the jailing of two teenage hackers has severely disrupted the operations of the infamous cybercrime group Scattered Spider. Owen Flowers, 18, and Thalha Jubair, 20, pleaded guilty to hacking Transport for London (TfL) and were sentenced to five years and six months in prison. This case serves as a warning about the massive threat posed by very young hackers motivated by financial gain and notoriety.

Detailed Developments

According to investigation reports, the two hackers carried out the cyberattack on TfL, the agency managing London's public transit, in the summer of 2024. The attack took TfL's infrastructure offline for weeks, disrupting online ticketing and real-time train arrival information systems. Flowers and Jubair were arrested a year later in 2025. The US FBI had previously accused Jubair of involvement in social engineering attacks targeting more than 120 different companies.

Technical & Technology Analysis

Cybercriminal collectives like Scattered Spider and ShinyHunters often employ social engineering tactics targeting employees rather than exploiting complex software vulnerabilities. According to investigators, the two hackers gained such deep access to TfL's systems that they held the administrative keys to the kingdom and could have shut down London's transit system entirely. The attack resulted in estimated losses of approximately £29 million (around $47 million).

Expert Opinions & Insights

According to Paul Foster, head of the UK National Crime Agency's National Cyber Crime Unit, Scattered Spider has been the most significant cybercrime threat to the UK in recent years. He noted that through this investigation, authorities have severely disrupted that threat and brought key offenders to justice. Security experts also point out that while group members often rotate or rebrand, this sentencing represents a significant blow to the collective's operations.

Impact & Future

Scattered Spider was previously linked to several high-profile cyberattacks against major corporations including casino giant MGM, WestJet airline, and identity management firm Okta. The sentencing in London highlights a shifting global cyber threat landscape, where extremely young but technically capable hackers pose significant risks to critical infrastructure. This demands that public and private organizations strengthen internal security protocols and strictly train employees on security awareness.