Up Headlines

Startup News

UK Jails Two Hackers in Major Blow to Scattered Spider

3 min read
UK Jails Two Hackers in Major Blow to Scattered Spider

British authorities say the prison sentences handed to two young hackers have dealt a major setback to the notorious cybercrime group known as Scattered Spider, one of the most active hacking collectives in recent years.

On Thursday, U.K. police announced that the convictions of Owen Flowers, 18, and Thalha Jubair, 20, have “severely” disrupted the group’s operations. Earlier this year, both admitted their roles in the 2024 cyberattack on Transport for London (TfL), the government agency responsible for managing public transportation across the U.K. capital.

The pair were sentenced to five years and six months in prison for their involvement in the high-profile attack.

Young Hackers Behind a Major Cyber Threat

The case highlights a growing reality in cybersecurity: some of the world’s most disruptive hackers are not backed by governments or large organizations. Instead, they are often young individuals driven by financial rewards, online reputation, and recognition within cybercriminal communities.

Security experts have long warned that groups like Scattered Spider rely heavily on social engineering rather than advanced technical exploits. Instead of attacking computer systems directly, they manipulate employees and individuals into providing access, making these attacks especially difficult for organizations to defend against.

Another well-known cybercrime group, ShinyHunters, has also used similar tactics, focusing on people rather than technology to gain unauthorized access to corporate networks.

Authorities Call It a Significant Victory

Although cybercriminal groups frequently change members and sometimes even operate under different names, British investigators believe these arrests have significantly weakened Scattered Spider’s ability to carry out future attacks.

The hacking collective has been connected to several major cyber incidents affecting high-profile organizations around the world. Previous victims include casino giant MGM, airline WestJet, and cybersecurity company Okta. In several cases, the attackers were able to gain access to customer information after breaching company systems.

Commenting on the convictions, Paul Foster, head of the U.K. National Crime Agency’s National Cyber Crime Unit, described the outcome as a major achievement for law enforcement.

“Scattered Spider has been the most significant cybercrime threat to the U.K. in recent years. Through this investigation, we have severely disrupted that threat and brought key offenders to justice,” Foster said.

The TfL Cyberattack Caused Weeks of Disruption

The attack on Transport for London took place during the summer of 2024 and had a widespread impact on the city’s transportation infrastructure.

Hackers disrupted several essential services, including TfL’s ticketing systems and its online real-time train arrival information platform. The outage affected commuters across London, with system disruptions continuing for several weeks before services were fully restored.

Investigators later discovered that the attackers had gained exceptionally deep access to the organization’s internal systems.

FBI Linked One Hacker to Over 120 Attacks

Flowers and Jubair were arrested roughly a year after the TfL breach.

At the time of the arrests, the FBI alleged that Jubair had participated in cyberattacks targeting more than 120 companies through social engineering techniques. These attacks allegedly relied on deceiving employees into providing credentials or system access rather than exploiting software vulnerabilities.

The investigation reinforced concerns among cybersecurity professionals that human error remains one of the biggest security risks for organizations worldwide.

Millions in Financial Damage

According to authorities, the cyberattack against TfL resulted in financial losses of approximately £29 million, equivalent to around $47 million.

Reports also revealed just how much control the hackers had gained over the transport agency’s systems. According to The Guardian, investigators said the pair possessed such extensive access that they could have completely shut down TfL’s operations. Officials reportedly described the hackers as having “the keys to the kingdom,” reflecting the level of control they had inside the organization’s network.

While cybercrime groups often evolve and reorganize after arrests, British authorities believe the imprisonment of Flowers and Jubair marks an important step in weakening one of the world’s most notorious hacking operations. The case also serves as another reminder that organizations must strengthen employee awareness and social engineering defenses, as cybercriminals increasingly target people instead of technology.

Also read : India Unveils Billion-Dollar Plan to Boost Smartphone Manufacturing

Copyright © Up Headlines. All rights reserved. | Supported by eOffice4U.