
In a 𝓈𝒽𝓸𝒸𝓀𝒾𝓃𝑔 revelation, two teenagers reportedly posed a staggering £56 billion threat to the UK economy after hacking into Transport for London’s (TfL) computer systems. Thalha Jubair, 20, and Owen Flowers, 18, managed to infiltrate TfL’s networks, sparking fears of catastrophic consequences for the nation’s transport infrastructure.
The duo, linked to a hacking group known as Scattered Spider, gained access by deceiving helpdesk staff into resetting a password. Once inside, they navigated deeper into the system, ultimately achieving what prosecutors described as “the keys to the kingdom,” granting them unprecedented control over TfL’s operations.
During a hearing at Woolwich Crown Court, prosecutor Mark Fenhalls KC detailed the gravity of their actions. He warned that had they encrypted or compromised the central TfL system, the resulting chaos could have led to a potential loss of £56 billion to the UK economy. This disruption would have severely impacted public transport, affecting access to education, healthcare, and other essential services.
The hack took place over a tense four-day period from August 31 to September 3, 2024. Reports indicate that the pair worked tirelessly, with Flowers even livestreaming parts of the operation while Jubair executed the hack. Videos of their exploits were later discovered following Flowers’ arrest on September 6.

Throughout the attack, the two were in constant communication, reportedly discussing plans to “nuke access” to servers as they wrapped up their operation. Fenhalls described their actions as reckless, emphasizing that TfL had to intervene to halt the hack, rather than the teenagers choosing to stop on their own.
The pair employed advanced tactics, utilizing remote servers to mask their identities and creating virtual machines within the TfL system to erase traces of their activities. They reportedly downloaded millions of lines of data and established multiple backdoors for future access.

In court, Jubair’s defense attorney portrayed him as a victim of circumstance, likening him to a modern-day Oliver Twist who had been led astray. However, Justice Turner dismissed this analogy, asserting that Jubair acted as an instigator without any puppet master.
Flowers’ lawyer argued that he was merely an immature youth seeking online recognition. Yet, after his arrest, authorities found his laptop was in the midst of hacking two U.S. healthcare systems, suggesting a broader pattern of cyber misconduct. Although he is wanted in the U.S., extradition proceedings are reportedly not in motion.

After being remanded in September 2025, Flowers allegedly acquired two unauthorized phones while in prison, searching for sensitive logins related to various government entities. Meanwhile, Jubair, hailing from east London, was previously sentenced for multiple hacking offenses, including attacks on telecom companies and police systems.
Both teenagers have pleaded guilty to conspiracy charges linked to unauthorized computer acts. They are set to face sentencing tomorrow. What could this mean for the future of cybersecurity and youth involvement in hacking?


