Two Scattered Spider hackers sentenced to five years in UK after Transport for London attack

2 hours ago 24

Two members of the notorious Scattered Spider hacking collective just earned themselves five-and-a-half years each in a UK prison. Thalha Jubair and Owen Flowers were sentenced on July 16 after pleading guilty in June to charges stemming from a major cyberattack on Transport for London, the agency that keeps one of the world’s largest cities moving.

What happened at Transport for London

The attack unfolded over four days, from August 31 to September 3, 2024. Jubair and Flowers gained high-level unauthorized access to TfL’s internal systems, triggering disruptions that affected Oyster cards and contactless payment systems.

The breach exposed personal data belonging to roughly 7 million users. The financial toll was staggering. TfL estimated the attack caused £39 million in direct damages and lost revenue. The transit authority was forced to isolate systems and implement emergency security measures just to stop the bleeding.

Court records revealed the pair livestreamed portions of their attack via Telegram.

The Scattered Spider playbook

Scattered Spider, also tracked under names like UNC3944 and 0ktapus, has built a reputation as one of the more audacious cybercrime collectives operating today. The group’s signature move isn’t some exotic zero-day exploit. It’s social engineering, the art of manipulating humans rather than code.

Their toolkit leans heavily on vishing (voice phishing, where attackers call targets and impersonate IT support or other trusted figures) and SIM swapping. SIM swapping is particularly relevant to the crypto world. In English: an attacker convinces a mobile carrier to transfer a victim’s phone number to a new SIM card, which then lets them intercept two-factor authentication codes and drain crypto wallets.

The UK’s National Crime Agency characterized Scattered Spider members as being primarily driven by bravado rather than monetary motives. That said, the financial damage is very real. The group has been linked to an estimated $8 million in cryptocurrency stolen through SIM swap operations in the US alone. Court records also indicated that both Jubair and Flowers had prior hacking records and had previously engaged in activities that generated substantial crypto assets.

Both defendants were noted in court documents as having been diagnosed with autism, a detail that has surfaced in multiple Scattered Spider-related cases.

A growing wave of enforcement

The sentencing of Jubair and Flowers is part of a broader, coordinated push by law enforcement agencies on both sides of the Atlantic to dismantle Scattered Spider’s network. Other members of the group have faced prior convictions and charges, reflecting ongoing international collaboration. The NCA has been working alongside US federal agencies, which have pursued their own cases against Scattered Spider affiliates involved in crypto theft and corporate espionage.

What this means for crypto investors

SIM swapping remains one of the most effective attack vectors against individual crypto holders. The $8 million in crypto stolen by Scattered Spider members through SIM swaps in the US is a known figure.

The £39 million price tag from the TfL breach demonstrates the true cost of inadequate security at organizations that manage sensitive user data. Social engineering doesn’t require breaking encryption or finding software vulnerabilities. It requires finding one employee willing to answer a convincing phone call.

The practical takeaway for individual investors is straightforward: ditch SMS-based authentication immediately, use hardware security keys or authenticator apps, and assume that your mobile carrier is not equipped to protect you from a determined social engineer.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

Read Entire Article