🕐 --:--
-- --
عاجل
⚡ عاجل: كريستيانو رونالدو يُتوّج كأفضل لاعب كرة قدم في العالم ⚡ أخبار عاجلة تتابعونها لحظة بلحظة على خبر ⚡ تابعوا آخر المستجدات والأحداث من حول العالم
⌘K
AI مباشر | -- مشاهد مباشر
996,279 مقال 401 مصدر نشط 228 قناة مباشرة 4,305 خبر اليوم
آخر تحديث: منذ 5 ثواني

Teen hackers targeted celebrities when they crippled Transport for London network in £39m cyber attack

تكنولوجيا
Daily Mail
2026/07/15 - 12:42 502 مشاهدة
تحليل ذكي | AI Editorial Analysis

By ROBERT FOLKER, NEWS REPORTER Published: 13:42, 15 July 2026 | Updated: 13:50, 15 July 2026 Two teenage hackers targeted UK celebrities in a £39m cyberattack that paralysed London's transport networ...

Thalha Jubair, 19, and Owen Flowers, 18, hacked into the Transport for London servers between August 29 and September 3, 2024, causing chaos for Oyster card users.

Their scheme targeted key features of the TfL Go app and the TfL website, essentially locking users out of making payments onto their Oyster cards.

هذا الخبر من Daily Mail. خبر يقدم أدوات ذكاء اصطناعي للتلخيص والترجمة والاستماع.

By ROBERT FOLKER, NEWS REPORTER Published: 13:42, 15 July 2026 | Updated: 13:50, 15 July 2026 Two teenage hackers targeted UK celebrities in a £39m cyberattack that paralysed London's transport network. Thalha Jubair, 19, and Owen Flowers, 18, hacked into the Transport for London servers between August 29 and September 3, 2024, causing chaos for Oyster card users. Their scheme targeted key features of the TfL Go app and the TfL website, essentially locking users out of making payments onto their Oyster cards. It also meant customers could not see live Tube arrival information or their journey history on either of these sites. The attacks are believed to have cost TfL tens of millions and caused disruptions to millions of travellers. Prosecutor Mark Fenhalls, KC, described the TfL hack as an 'unprecedented attack on critical national infrastructure'. He told the court that the hackers 'searched for and browsed various famous celebrities' during the attack and 'viewed their details stored within the system'. However, they were unable to fully access credit card details. The prosecutor did not name the celebrities the hackers targeted. Thalha Jubair, pictured, was part of a hacking group called Scattered Spider and, along with Owen Flowers, has admitted a £39m cyberattack that paralysed the TfL network Pictured: Flowers. Alongside Jubair, they managed to cause chaos for Oyster card users across the capital Both hackers are members of the shadowy online criminal collective known as Scattered Spider.  Jubair, of Bow, east London, and Flowers admitted conspiracy to commit unauthorised acts in relation to a computer, causing or creating a significant risk of serious damage to human welfare, which carries a maximum of 14 years in jail. Flowers, who lived with his grandmother in Walsall, also admitted hacking two US healthcare companies, SSM Health Care Corporation and Sutter Health.   Mr Fenhalls said: 'The TfL attack was remarkably sophisticated and on a grand scale. 'The consequences of what they did were extremely serious: both in the disruption to the services offered to the public; and the remedial work that occupied thousands of hours of work by many, many people, and ultimately cost the public purse £29m.' The hackers used remote servers to hide their identities, created virtual machines within TfL's network to destroy evidence of their intrusion, and set up multiple secure 'backdoors' or tunnels to maintain direct access to the transport authority's core systems. They also used 'social engineering' to bypass security - tricking the TfL service desk into resetting authentication credentials. The hackers cloned the domain controller - the system's gatekeeper- allowing them to harvest user passwords and sensitive data without triggering alarms. Flowers and Jubair worked together continuously for a 16-hour stretch during the hack. The damage to TfL's infrastructure required six months of intensive remedial work to resolve.   TfL feared the effect of the hack could be catastrophic, and they 'pulled the plug' on their whole system. Mr Fenhalls said: 'It is possible that access could have been sufficient to enable the actor to cause catastrophic damage to many technology systems, which would have led to significant and extended transport service degradation and disruption. 'Such widespread disruption would have had a serious impact on the travelling public (including for those accessing education, healthcare and other essential services) and London's economy.' The court heard that 148 technology systems became inoperable during the hack. The pair could have installed software which would wipe out TfL's computer system unless a ransom was paid. 'You can only imagine the amount of senior management time and disaster management time that went into dealing with the problem,' Mr Fenhalls said. 'The fact of closing down the system and causing 27,000 people to restore passwords in person was extremely significant'. The cyberattack, which was launched by members of the Scattered Spider group, gained access to TfL's computer systems, disrupted online services and took customers' personal data Flowers was arrested at his home in Walsall just after 6pm on September 6, 2024. Investigators found him in his bedroom, actively connected to and hacking the networks of two US healthcare providers - SSM Health and Sutter Health on his laptop. During the attack on SSM, the teenager sent a message to an associate which said: 'Smmhealth we might be able to extort with db but locking is risky might kill some 90yr old on life support'.  The National Crime Agency recovered videos on Flowers computer he had recorded of a livestream broadcast by Jubair as they hacked TfL.    The recordings also captured real-time communications between the two on the encrypted messaging app Telegram, where they co-ordinated their roles. Forensic analysis further linked Jubair to a 2022 credential leak. Investigators discovered that credentials belonging to a TfL employee, which were stolen via 'RedLine Stealer' malware in 2022, were among those used to facilitate the 2024 breach. Mr Fenhalls said during the hack, the users gained access to the 'Oyster Professional User System (OPUS)' Jubair posted 'OMG', 'FINALLY', 'HOLY', 'F*****G', 'S**T', as they gained access to TfL customer accounts. Mr Fenhalls added: 'The potential consequential loss of £56bn to the UK economy had they encrypted or destroyed 'OneLondon' - a central TfL system to which they did gain administrative rights.' The court heard that the hackers had got the 'Keys to the Kingdom' and used the credentials of TfL's Chief Information Security officer. At one stage during the attack, Jubair bragged on a forum for hackers stating, 'SCATTERED SPIDER IS CREATING WEBS ON THE UNDERGRUND (sic)', to which FLOWERS responds 'LOL [laugh out loud]...this was me'. Mr Fenhalls said that much of what is known of the attack was because the pair filmed themselves in the hack efforts and the videos were recovered. The videos 'provide much of the insight into how the two men (and others) worked together and conducted the hack on TfL,' Mr Fenhalls said. Paul Keleher, KC, for Jubair, said his client was 'like a 21st century Oliver Twist'. 'The Artful Dodger recruited young people to use their nimble fingers to steal from people and he took the proceeds. Mr Keleher continued: 'If you can find a child like Jubair you can use his nimble skills for hacking for profit.' He said Jubair had 'graduated' and become the Artful Dodger himself, recruiting young hackers. Mr Keleher said his client has a diagnosis of Autism Spectrum Disorder and was able to 'hide behind online personalities'. He said Jubair got his first smartphone at the age of four, by the age of 6 or 7 got his first laptop, and by 9 or 10 was writing 'scripts', ie computer programs, By 13, he was introduced online to hacking by older hackers 'who recognised his potential'.   He said Jubair has a 'loving family' but from a very early age was isolated and bullied at school because of his condition, and that 'led to his isolated life online, seeking validation using his technological skills'. 'These people he associated with online he perceived to be his friends because he hasn't got any others.' Mr Keleher said there were two suicide attempts including a failed attempt to hang himself in Epping Forest and another in which he planned to fly to Japan to kill himself.  The pair were remanded in custody ahead of sentence tomorrow. Jubair and Flowers both have histories of cyber-related activity. Court sketches of Flowers, left, and Jubair, right. Their scheme targeted key features of the TfL Go app and the TfL website Flowers was 16 when he was visited at home by the Cyber Choices preventive policing team in October 2023. Officers served him a cease-and-desist notice regarding his involvement in a US-based 'swatting' hoax-where false emergency calls are made to draw an armed police response.  Flowers declined to engage with the diversion program at the time. He held $7.1m, including crypto, in accounts he controlled, despite having no source of income. Jubair has convictions involving 22 offences, 13 counts of fraud, two of unauthorised access to a computer, one count of obtaining access to a computer and one count of blackmail. He was subject to a youth rehabilitation order at the time of the TfL offences, which came from his hacking of BT and EE, as well as computer chip company Nvidia, for which he was convicted at 17. Jubair also had a Bangladeshi passport, which he had not declared to the police and which they found hidden down the back of the sofa. He was arrested for a cyber attack on Europol and Latitude financial services on July 16, 2025. Jubair is also wanted for seven counts of fraud in the US, carrying a maximum of 95 years in jail. During a hearing at Westminster Magistrates' Court last September, prosecutor Alistair Richardson said when he was released from custody in March 2025, '$10m was moved from his wallets, and $200m worth of crypto was moved through accounts belonging to Mr Jubair.' Jubair is also said to have targeted members of the US judiciary with threats of blackmail. Both defendants have been diagnosed with autism, and Jubair also suffers from depression and a severe mood disorder. Jubair stood trial with Arion Kurtaj, 20, in 2023 as members of the so-called Lapsus$ group. Cyber 'genius' Kurtaj hacked the gaming firm behind Grand Theft Auto, causing millions of pounds worth of damage, and was detained in a psychiatric hospital indefinitely. Kurtaj, then 18, stole code and video footage from Rockstar's development of their latest instalment of GTA6 as part of the multi-million-pound blackmail campaign. Kurtaj also blackmailed telecoms firm BT/EE, demanding a $4 million ransom. Along with Jubair, they hacked computer chip maker NVIDIA, Uber and the online bank Revolut, between July 2021 and February 2022. Jubair, who has ASD (autism spectrum disorder) and was only 14 when the offences began, was sentenced to a youth rehabilitation order for 18 months with three months supervision in December 2023. He had been convicted by the jury of carrying out an unauthorised act relating to hacking, fraud and blackmail in relation to Nvidia. Jubair was also convicted of stalking two young women at a youth court and hacking into a City of London Police server. He is wanted in the US for charges which attract a maximum 95-year prison sentence. Jubair is charged with computer fraud conspiracy, two counts of computer fraud, wire fraud conspiracy, two counts of wire fraud, and money laundering conspiracy. The charges filed in New Jersey last September claim he took part in relation to at least 120 attacks on computer networks and extortion involving 47 U.S. companies and organisations between May 2022 and September 2025. The Justice Department alleges victims paid at least $115million (£87million) in ransom payments. Jubair is said to have used aliases including 'EarthtoStar,' 'Brad,' 'Austin,' and '@autistic,'. In the US, he is alleged to have conspired with others to use social engineering techniques to gain unauthorised access into the computer networks of US companies, steal and encrypt information. He is accused of demanding ransom payments from victims in exchange for regaining control and preventing the dissemination of the exfiltrated data. Jubair is also charged with conspiring with others to launder the funds obtained through this scheme. In October 2024 and January 2025, Jubair allegedly participated in a scheme to gain unauthorised access to the networks of a US-based critical infrastructure company and the US Courts. Portions of the ransom payments from at least five victims were sent to wallets on a server controlled by Jubair. In July 2024, while law enforcement was seizing that server - including successfully seizing cryptocurrency worth approximately $36 million at the time of the seizure - Jubair transferred a portion of cryptocurrency that originated from one of the victims, worth approximately $8.4 million at the time, to another wallet.      
المصدر: Daily Mail | Source: Daily Mail

ملاحظة تحريرية | Editorial Note: نُشر هذا المقال في الأصل بواسطة Daily Mail. خبر (Khabr) هي منصة إعلامية أردنية مرخّصة تعمل بالذكاء الاصطناعي. نضيف قيمة تحريرية من خلال: تحليل ذكي للأخبار، ملخصات تلقائية، رواية صوتية بالذكاء الاصطناعي، ترجمة متعددة اللغات، وتدقيق الحقائق. هدفنا جعل الأخبار أكثر وضوحاً وسهولةً للقارئ العربي.

This article was originally published by Daily Mail. Khabr is a licensed Jordanian AI-powered news platform (Registration #82086). We add editorial value through: AI-powered news analysis, automated summaries, AI audio narration, multi-language translation (Arabic, English, French, Turkish), and AI fact-checking. Our mission is to make news more accessible and understandable for Arabic-speaking audiences worldwide.

مشاركة:

المزيد عن تكنولوجيا | More on Technology

هذا الخبر ضمن تغطية خبر لقسم تكنولوجيا. نقدّم لك تحليلات ذكية وملخصات يومية لأهم الأخبار من مصادر موثوقة متعددة. المصدر: Daily Mail. يوجد 6 مقالات مرتبطة بهذا الموضوع.

This article is part of Khabr's coverage of Technology. We provide AI-powered analysis, summaries, and multi-source aggregation to keep you informed. Source: Daily Mail. Tags: cyber attack, hackers, Transport for London.

مقالات ذات صلة

AI
يا هلا! اسألني أي شي 🎤
🔍
FREE Free 1GB Internet + Free International Calls

$1 trial — eSIM in 190+ countries — No roaming charges

Download Free