
Two young hackers have been sentenced to prison after being convicted for carrying out a damaging cyberattack on Transport for London (TfL), which they notoriously live-streamed as the attack unfolded. Owen Flowers and Thalha Jubair were found guilty of their roles in the attack, which inflicted large financial and operational costs on the organisation responsible for running London's buses, Tube and other public transport services.
The cyberattack on TfL caused significant disruption to the organisation's systems and resulted in substantial costs in remediation, security upgrades and operational disruption. The attackers gained unauthorised access to TfL's internal networks and, in an act of bravado that ultimately helped authorities identify them, streamed portions of the attack live online.
TfL, which handles millions of passenger journeys across London every day, was forced to take emergency measures to contain the breach and protect customer data. The incident was one of the most high-profile cyberattacks on UK public infrastructure in recent years.
Flowers and Jubair, who were teenagers at the time of the attack, were identified and arrested following the investigation. Prosecutors presented evidence including the live-stream footage, digital forensics and communications between the pair as they planned and executed the attack.
The court heard that the attack was sophisticated for perpetrators of their age, involving social engineering techniques to gain initial access to TfL systems before escalating privileges within the network. The decision to live-stream the attack showed a startling disregard for the legal consequences of their actions.
Law enforcement officials said the sentences sent a clear message that cyberattacks on critical infrastructure would be pursued and punished severely, regardless of the age of the perpetrators. The case has been used by police and cybersecurity experts to highlight the dangers of young people becoming involved in criminal hacking activities, often beginning in online gaming and hacker communities before escalating to more serious offences.
TfL said it had invested substantially in improving its cybersecurity posture following the incident and had worked closely with the National Cyber Security Centre (NCSC) to strengthen its defences.
We use cookies to improve your experience. Privacy Policy