Two young men who pleaded guilty to the cyber-attack that crippled Transport for London (TfL) in 2024 had long histories of cyber-offending and were known to law enforcement years before the breach, the BBC has learned.
Owen Flowers, 18, from Walsall, and Thalha Jubair, 20, from east London, admitted on Monday to their roles in the attack, which disrupted TfL services for months, compromised the personal data of millions of people and forced all 28,000 employees to reset their passwords in person. The pair were members of Scattered Spider, a loosely organised cyber-crime collective linked to attacks on retailers including Marks and Spencer and the Co-op.
“Two teenagers who crippled TfL in a cyber-attack were known to police for years, raising questions about youth crime interventions.”
Flowers first came to police attention shortly after he turned 16. In October 2023, officers from the West Midlands Regional Cyber Crime Unit visited him after he was caught carrying out low-level cyber-crime. During the visit, Flowers did not engage with officers and was given a cease and desist order. Police considered enrolling him in the national Cyber Choices programme, which steers young people away from crime, but he was deemed unsuitable because he was already under investigation and reluctant to cooperate.
Just months later, living with his grandmother, Flowers went on to commit a series of increasingly serious offences with Scattered Spider, culminating in the TfL attack. He was arrested in September 2024 in connection with the breach.
The case has raised questions about the effectiveness of early interventions with young cyber-criminals. Paul Foster, deputy director of the National Crime Agency’s National Cyber Crime Unit, said the case highlighted the challenge posed by a small number of highly capable offenders. He called for stronger legal powers, such as the proposed Cyber Crime Risk Orders (CCROs), which would allow police and courts to place restrictions on high-risk individuals before they commit further serious breaches. “They would enable earlier law enforcement interventions against high-risk cyber-crime offenders,” Foster said.