Advertisement
UK

Teens who hacked TfL were known to police years before cyber-attack

Two teens convicted of TfL cyber-attack were known to police years earlier, raising questions about intervention effectiveness.

UK

Teens who hacked TfL were known to police years before cyber-attack

Two young men convicted over the cyber-attack that crippled Transport for London in 2024 had long histories of cyber-offending and were both known to law enforcement bodies, the BBC has learnt.

Owen Flowers, 18, from Walsall, and Thalha Jubair, 20, from east London, pleaded guilty on Monday to carrying out the attack. The breach disrupted TfL services for months, affected the personal data of millions of people and left all 28,000 TfL employees needing to reset their passwords in person.

Two teens convicted of TfL cyber-attack were known to police years earlier, raising questions about intervention effectiveness.

The BBC has discovered the authorities made frequent attempts to curb Flowers and Jubair's offending – raising questions over the effectiveness of such interventions with young cyber-criminals. Experts have told the BBC the case also indicates that perpetrators of cyber-attacks often do not appear to understand the real world consequences of their actions.

Advertisement

Flowers initially came to the attention of police shortly after he turned 16. In October 2023 he was caught carrying out low-level cyber-crime and visited by West Midlands Regional Cyber Crime Unit officers. Police say that during the visit Flowers did not engage with officers and was given a cease and desist order to deter him from further offending. Police had the option to invite him to enrol in the national Cyber Choices programme, which works to steer young people away from cyber-crime. However Flowers was already being investigated for an offence and was reluctant to engage with officers, so they deemed him not suitable.

Just months later, the teenager – who was living with his grandmother – went on to commit a series of increasingly serious cyber-offences with Scattered Spider, the loosely organised gang of young English-speaking cyber-criminals linked to attacks on Marks and Spencer and the Co-op. Their offences culminated in the TfL attack.

NCA deputy director Paul Foster, head of its National Cyber Crime Unit, said the case highlighted the challenges posed by a small number of highly capable offenders. He called for stronger legal powers – such as the proposed Cyber Crime Risk Orders (CCROs) – to deal with cases like this. CCROs, announced by the UK government as part of planned reforms to the Computer Misuse Act, are designed to let police and courts place restrictions on people considered high risk before they carry out further serious breaches. They would "enable earlier law enforcement interventions against high-risk cyber-crime offenders," Foster said.

Advertisement

Flowers was eventually arrested in September 2024 in connection with the TfL attack.

Advertisement
Advertisement