Facebook
Britain's News Portal
Around The Clock
BREAKING
Loading latest headlines…

TfL Hackers Known to Police for Years Before Cyber-Attack

The two individuals convicted over the 2024 cyber-attack on Transport for London had a history of cyber-offending and were known to law enforcement agencies prior to the incident. This raises questions about the effectiveness of current interventions for young cyber-criminals.

  • Owen Flowers, 18, and Thalha Jubair, 20, pleaded guilty to the TfL cyber-attack.
  • Both individuals had prior histories of cyber-offending and were known to police.
  • Flowers received a cease and desist order months before the TfL attack, while Jubair had a Youth Rehabilitation Order for previous cyber-crimes.
  • The attack disrupted TfL services for months and affected millions of people's data.
  • The National Crime Agency (NCA) is advocating for stronger legal powers, such as Cyber Crime Risk Orders (CCROs), to intervene earlier with high-risk offenders.

TfL hackers Owen Flowers and Thalha Jubair had been under police scrutiny for years before they brought London's transport network to its knees in 2024. Their guilty pleas have raised concerns about the effectiveness of current interventions aimed at young people involved in cyber-crime.

Flowers, 18 from Walsall, and Jubair, 20 from east London, had both been known to authorities for their involvement in low-level cyber-offending. Flowers was first identified by police after engaging in cyber-crime in October 2023, aged just 16. Prevent officers from the West Midlands' Regional Cyber Crime Unit visited him, issuing a cease and desist order, but he declined to participate in the national Cyber Choices programme due to an ongoing investigation.

Undeterred, Flowers went on to join Scattered Spider, a loose collective of English-speaking cyber-criminals linked to numerous high-profile breaches. The group's attacks include those targeting major retailers like Marks and Spencer and the Co-op. Investigators later seized devices from Flowers, discovering millions of pounds in cryptocurrency. He has also pleaded guilty to offences related to hacking US healthcare organisations and is wanted in the US for his alleged involvement.

Jubair's cyber-offending history dates back to 2023 when he was handed a Youth Rehabilitation Order for Lapsus$-linked crimes that targeted prominent companies like Nvidia and BT/EE. The 20-year-old has accumulated 22 previous convictions, beginning at the age of 14. Like Flowers, he is also wanted in the US for alleged involvement in cyber-attacks.

The case highlights the challenge posed by a small group of highly skilled offenders, as noted by National Crime Agency (NCA) deputy director Paul Foster. He has called for stronger legal powers, specifically referencing Cyber Crime Risk Orders (CCROs), which would enable police and courts to restrict individuals deemed high-risk before they commit further serious breaches.

Experts suggest this case also underscores a potential disconnect between cyber-criminals' actions and their real-world consequences. The lengthy investigation into Flowers and Jubair's activities raises questions about the extent to which authorities can intervene effectively in preventing such crimes.

Why this matters: The repeated offending by these individuals, despite prior police contact, highlights potential gaps in the UK's ability to deter and rehabilitate young cyber-criminals, impacting public services and personal data security. It also underscores the evolving threat posed by sophisticated cyber-attacks.

What this means for you: What this means for you: The TfL cyber-attack directly affected millions of commuters through service disruption and compromised personal data. The ongoing debate about deterring young cyber-criminals and strengthening police powers could impact the security of your data and the reliability of essential public services.

Related Articles

Get the news that matters.

Join thousands of readers getting the best of British news straight to their inbox.