Two men plead guilty over £39m Transport for London cyber attack

Two individuals have admitted guilt in connection with a significant cyberattack that disrupted Transport for London (TfL) operations for several months and resulted in losses amounting to £39 million. On what was originally scheduled to be the first day of a six-week trial at Woolwich Crown Court, Thalha Jubair, 20, from east London, and Owen Flowers, 18, from Walsall in the West Midlands, changed their pleas to guilty.

The pair accepted charges related to conspiring to commit unauthorized acts against TfL under the Computer Misuse Act. TfL reported that the cyberattack began on 31 August 2024 and caused service interruptions lasting three months, with an estimated impact on around 10 million customers. Both defendants stated they accessed the systems recklessly, without intending to cause harm.

In addition to the offences involving TfL, Flowers also pleaded guilty to attempting to hack into computer networks belonging to California-based Sutter Health and SSM Healthcare Corporation. The cyber breach affected TfL’s online services, including the offline status of several information boards used by customers. The incident also compromised personal data through unauthorized access to the Oyster refund system, affecting refund processing times and halting applications for Oyster photocards for children and young people. TfL notified thousands of customers about the breach to their data.

Investigations carried out by the National Crime Agency (NCA) identified the attack as part of a broader intrusion carried out by the online criminal group known as Scattered Spider. Police arrested Jubair and Flowers at their residences on 16 September 2024 in a joint effort between the NCA and City of London Police. During the search of Flowers’ home, law enforcement seized multiple electronic devices including laptops and USB drives. One of the laptops contained evidence, such as a screenshot displaying connection to TfL’s infrastructure and videos depicting Jubair accessing TfL systems in the course of the attack. Communications between the two were traced to the messaging platform Telegram and an online collaborative tool. Prosecutors also revealed that Flowers accessed a service that sold stolen credentials.

Expressing appreciation for the efforts made, Judge Mr Justice Turner praised the diligent work of everyone involved that helped reach this resolution. Paul Foster, Deputy Director of the NCA, called the investigation “lengthy, highly complex and painstaking,” emphasizing the tangible effects of cybercrime on society. He stated, “The infiltration of TfL’s systems shows it has real-world consequences and impacts hugely on the public.” Foster further highlighted the financial and operational damage caused, noting the cyberattack “caused millions of pounds in losses to a key part of the UK’s critical national infrastructure, and was a significant inconvenience for customers.”

The sentencing hearing for Jubair and Flowers is scheduled for 15 July. London’s Transport Commissioner, Andy Lord, welcomed their guilty pleas and reaffirmed the organisation’s commitment to safeguarding its systems and customer information, saying, “The security of our systems and customer data is extremely important to us, and we continually monitor our systems to ensure only those authorised can gain access and continue to take the necessary actions to protect TfL.

Read the full article from The BBC here: Read More