Advertisement
UK

Teen hackers who crippled TfL had long history of offending, BBC learns

Teens who crippled TfL were known to police years before attack, raising questions over interventions.

UK

Teen hackers who crippled TfL had long history of offending, BBC learns

Police had been watching Owen Flowers since he was 16, visiting him with a cease and desist order in October 2023 after catching him in low-level cyber-crime. But the teenager, from Walsall, simply refused to engage. Months later, he joined a sprawling network of young English-speaking hackers and helped bring Transport for London to its knees.

Flowers, now 18, and his accomplice Thalha Jubair, 20, from east London, pleaded guilty on Monday to carrying out the 2024 cyber-attack on TfL. The breach disrupted services for months, exposed the personal data of millions of passengers, and forced all 28,000 TfL employees to reset their passwords in person.

Teens who crippled TfL were known to police years before attack, raising questions over interventions.

Both were members of Scattered Spider, a loosely organised cyber-crime collective linked to attacks on retailers including Marks and Spencer and the Co-op. But the BBC has learned that Flowers’ path to the TfL hack was marked by missed intervention points.

Advertisement

When West Midlands Regional Cyber Crime Unit officers visited him in October 2023, they could have referred him to the national Cyber Choices programme, which steers young people away from offending. But because Flowers was already under investigation and reluctant to cooperate, police deemed him unsuitable. Just months later, living with his grandmother, he escalated to a series of increasingly serious offences with Scattered Spider, culminating in the TfL attack.

The case has prompted questions about the effectiveness of early interventions. Experts told the BBC that perpetrators often do not grasp the real-world consequences of their actions. National Crime Agency deputy director Paul Foster, head of its National Cyber Crime Unit, said the case “highlights the challenges posed by a small number of highly capable offenders” and called for stronger legal powers.

Foster pointed to proposed Cyber Crime Risk Orders (CCROs), designed to let police and courts place restrictions on high-risk individuals before they commit further serious breaches. Announced by the UK government as part of planned reforms to the Computer Misuse Act, CCROs would “enable earlier law enforcement interventions against high-risk cyber-crime offenders,” Foster said.

Advertisement

Flowers was eventually arrested in September 2024 in connection with the TfL attack. He and Jubair pleaded guilty on the first day of their trial. The full scale of the disruption and cost to TfL is still emerging.

Advertisement
Advertisement