• 2 min read
UK says jail terms hit Scattered Spider hard
Two hackers behind the 2024 TfL breach were jailed for 5 years and 6 months, in a case UK police say severely disrupted Scattered Spider.

Image: TechCrunch
British authorities say the imprisonment of Owen Flowers, 18, and Thalha Jubair, 20, has “severely” disrupted the cybercrime group Scattered Spider, one of the most prominent hacking threats tied to recent attacks on major companies.
The two pleaded guilty earlier this year to hacking Transport for London (TfL) in 2024 and were sentenced on Thursday to five years and six months in prison. According to U.K. police, the case marks a significant blow against a loose, fast-moving criminal group that has been linked to high-profile incidents involving MGM, WestJet, and Okta.
Scattered Spider and groups such as ShinyHunters have become known for targeting people rather than systems, using social engineering to manipulate employees and gain access. That approach has proved both effective and difficult to defend against, even for large organizations.
“Scattered Spider has been the most significant cybercrime threat to the U.K. in recent years. Through this investigation, we have severely disrupted that threat and brought key offenders to justice.”
The summer 2024 attack on TfL knocked critical infrastructure offline, including the ticketing system and the online real-time train arrival information system. The disruption lasted for weeks. Flowers and Jubair were arrested a year later.
At the time, the FBI accused Jubair of involvement in attacks on more than 120 companies using social engineering tactics. Authorities said the TfL breach caused losses of about £29 million — around $47 million. According to The Guardian, the pair had such deep access to TfL systems that they “could have shut out and shut down TfL completely” and held “the keys to the kingdom.”

Recommended reading
Gemini CLI helped run an 8-device botnet
Security Editor
Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.
via TechCrunch


