‘Keys to the kingdom’: hackers who gained access to heart of London transport network jailed

← Back to the feed

‘Keys to the kingdom’: hackers who gained access to heart of London transport network jailed

The Guardian · 5 hours ago

Two hackers, Thalha Jubair, 20, and Owen Flowers, 19, have each been jailed for five and a half years after a 2024 cyber-attack that gave them extensive access to Transport for London's IT systems, costing TfL an estimated £39m. The pair, described in court as having obtained "the keys to the kingdom", exploited a domain admin account to gain the highest level of privileged access, putting them in a position to shut down TfL's systems entirely before the operator pulled the plug to contain the breach. The case highlights the vulnerability of critical infrastructure to determined young hackers operating from ordinary homes, and TfL's chief, Andy Lord, called it the worst incident of his career.

The four-day attack, between 31 August and 3 September 2024, stole data belonging to millions of commuters, disrupted payment systems and forced 27,000 TfL staff to reset their passwords, though the main tube and bus networks kept running. Jubair, from Bow in east London, and Flowers, from Walsall, coordinated via Telegram and were part of the hacking collective Scattered Spider, having amassed millions of dollars in cryptocurrency. Flowers was also sentenced for hacking two US healthcare providers, and both men pleaded guilty in June ahead of Thursday's sentencing.

  • Two teenage hackers jailed 5.5 years each over TfL cyber-attack
  • 2024 breach cost TfL £39m and exposed millions of commuters' data
  • Pair linked to Scattered Spider hacking collective, made millions in crypto

Art Business Culture Cybersecurity Technology

Read the full article at the source →