Two men have been sentenced to prison terms of five years and six months each for their involvement in a cyberattack on London’s transport network, according to the UK's National Crime Agency. The perpetrators, Thalha Jubair and Owen Flowers, carried out the attack between August 31 and September 3, 2024, during which they disrupted operations of Transport for London (TfL). Both were members of the known hacker group “Scattered Spider.” The attack caused damages estimated at around 34 million euros to TfL. However, preliminary assessments suggest that had the attackers succeeded in crippling the transportation system, the economic impact could have reached approximately 66 billion euros for the British economy. During the incident, TfL faced significant operational disruptions. In the aftermath, all 27,000 TfL employees were required to reset their passwords in person at offices, and 148 systems went offline. Some of these systems needed manual intervention to restore functionality, highlighting the scale of the disruption. Jubair and Flowers pleaded guilty to the charges on June 22, prior to their trial at Woolwich Crown Court. This case marks the second prosecution under the UK’s Computer Misuse Act, underscoring the increasing focus on cybercrime enforcement. Owen Flowers was arrested on September 6, 2024, while attempting to breach the networks of U.S.-based healthcare providers SSM Health Care Corporation and Sutter Health. His confiscated laptop contained screenshots of TfL’s network infrastructure and videos documenting the cyberattack, including footage of Jubair accessing TfL systems. Paul Foster, deputy director of the national cybercrime unit, expressed confidence that the arrests significantly weakened the threat posed by Scattered Spider. He noted that the group has been one of the most dangerous cybercriminal entities targeting the UK over recent years. “Through these investigations, we have substantially reduced this threat and brought key offenders to justice,” he stated. The arrest of Flowers occurred just days after the cyberattack on TfL, raising questions about how the hackers managed to coordinate their activities across multiple targets. Investigators believe the group operated with a high degree of coordination, leveraging sophisticated techniques to infiltrate critical infrastructure. The confiscation of Flowers' laptop provided crucial evidence linking him directly to the attack on TfL. Authorities continue to monitor the situation, particularly regarding the potential long-term implications of the breach. While TfL has taken steps to secure its systems, the incident highlights vulnerabilities in critical infrastructure against advanced persistent threats. The sentencing of Jubair and Flowers represents a major milestone in the UK’s efforts to combat organized cybercrime, though experts warn that such groups remain a persistent challenge. The case also underscores the growing intersection between international cybercrime and domestic security concerns. With the suspects operating across borders, law enforcement agencies face complex challenges in tracking and prosecuting transnational cybercriminal networks. As the legal proceedings conclude, the focus will shift toward strengthening cybersecurity measures and preventing future attacks on essential services.
★
Gardons l’information honnête.
ObjectiveNews est financé par ses lecteurs et sans publicité : nous vous montrons le biais au lieu de le cacher. Soutenez un journalisme indépendant pour 5 €/mois.
Devenir soutien