Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack
Two hackers, Owen Flowers and Thalha Jubair, were sentenced to 5.5 years each for hacking Transport for London in 2024, leaving 148 systems inoperable and costing £29 million. They were part of the Scattered Spider extortion crew.
Intelligence analysis by Llama

Two hackers, Owen Flowers and Thalha Jubair, were sentenced to 5.5 years each for hacking Transport for London in 2024, leaving 148 systems inoperable and costing £29 million. They were part of the Scattered Spider extortion crew. The NCA says its action against the two men effectively halted the group, and cites Microsoft's assessment that the arrests materially degraded the group's …
Two hackers, Owen Flowers and Thalha Jubair, were caught and sentenced to 5.5 years each for hacking Transport for London in 2024. They were part of a group called Scattered Spider that tried to steal money and information from people. The police were able to stop them and make them pay for what they did.
Analysis
A £29 Million TfL Hack: The Scattered Spider Story
The sentencing of Owen Flowers and Thalha Jubair to 5.5 years each for hacking Transport for London in 2024 is a significant blow to the Scattered Spider extortion crew. The attack left 148 TfL systems inoperable and forced all 27,000 of the transport authority's employees into an office to get their passwords reset in person. The NCA says its action against the two men effectively halted the group, and cites Microsoft's assessment that the arrests materially degraded the group's ability to operate.
The case highlights the severity of cybercrime and the importance of taking action against hackers. The two hackers were part of the Scattered Spider extortion crew, which was tracked as Octo Tempest, UNC3944, and 0ktapus. The FBI ties the group to data extortion, SIM swapping, and social engineering. Jubair's other case is still open, with a complaint unsealed in New Jersey accusing him of computer fraud, wire fraud, and money laundering conspiracies.
The NCA's action against the two men is a significant step in the fight against cybercrime. Paul Foster, who heads the NCA's National Cyber Crime Unit, wants one thing from everyone else: call law enforcement early. He says these convictions probably would not have happened if TfL had not. The City of London Police used the sentencing to lobby for a power it does not have.
The case also highlights the importance of verifying identity on password resets, device enrollment, and MFA changes. Google's hardening guidance from the same research puts the fix in one place: verify identity on password resets, device enrollment, and MFA changes, the manual workflows these crews call in and talk their way through.
Key points
- Two hackers, Owen Flowers and Thalha Jubair, were sentenced to 5.5 years each for hacking Transport for London in 2024.
- The attack left 148 TfL systems inoperable and forced all 27,000 of the transport authority's employees into an office to get their passwords reset in person.
- The NCA says its action against the two men effectively halted the group, and cites Microsoft's assessment that the arrests materially degraded the group's ability to operate.
- The case highlights the severity of cybercrime and the importance of taking action against hackers.
- The two hackers were part of the Scattered Spider extortion crew, which was tracked as Octo Tempest, UNC3944, and 0ktapus.
The sentencing of the two hackers is a significant blow to the Scattered Spider extortion crew, and it serves as a warning to others who engage in similar activities. The NCA's action against the two men effectively halted the group, and it is likely that the group will not be able to operate in the same way again.
The case highlights the severity of cybercrime and the importance of taking action against hackers. However, it is also a reminder that cybercrime is a persistent threat, and that there is always a risk of new groups emerging to take the place of those that are caught.


