East London Times (ELT)East London Times (ELT)East London Times (ELT)
  • Local News
    • Redbridge News
    • Hackney News
    • Newham News
    • Havering News
    • Tower Hamlets News
    • Waltham Forest News
    • Barking and Dagenham News
  • Crime News​
    • Havering Crime News
    • Barking and Dagenham Crime News
    • Tower Hamlets Crime News
    • Newham Crime News
    • Redbridge Crime News
    • Hackney Crime News
    • Waltham Forest Crime News
  • Police News
    • Barking and Dagenham Police News
    • Havering Police News
    • Hackney Police News​
    • Newham Police News
    • Redbridge Police News
    • Tower Hamlets Police News
    • Waltham Forest Police News
  • Fire News
    • Barking and Dagenham Fire News
    • Havering Fire News
    • Hackney Fire News​
    • Newham Fire News
    • Redbridge Fire News
    • Tower Hamlets Fire News
    • Waltham Forest Fire News
  • Sports News
    • West Ham United News
    • Tower Hamlets FC News
    • Newham FC News
    • Sporting Bengal United News
    • Barking FC News
    • Hackney Wick FC News
    • Dagenham & Redbridge News
    • Leyton Orient News
    • Clapton FC News
    • Havering Hockey Club News
East London Times (ELT)East London Times (ELT)
  • Local News
  • Crime News​
  • Police News
  • Fire News
  • Sports News
  • Local News
    • Redbridge News
    • Hackney News
    • Newham News
    • Havering News
    • Tower Hamlets News
    • Waltham Forest News
    • Barking and Dagenham News
  • Crime News​
    • Havering Crime News
    • Barking and Dagenham Crime News
    • Tower Hamlets Crime News
    • Newham Crime News
    • Redbridge Crime News
    • Hackney Crime News
    • Waltham Forest Crime News
  • Police News
    • Barking and Dagenham Police News
    • Havering Police News
    • Hackney Police News​
    • Newham Police News
    • Redbridge Police News
    • Tower Hamlets Police News
    • Waltham Forest Police News
  • Fire News
    • Barking and Dagenham Fire News
    • Havering Fire News
    • Hackney Fire News​
    • Newham Fire News
    • Redbridge Fire News
    • Tower Hamlets Fire News
    • Waltham Forest Fire News
  • Sports News
    • West Ham United News
    • Tower Hamlets FC News
    • Newham FC News
    • Sporting Bengal United News
    • Barking FC News
    • Hackney Wick FC News
    • Dagenham & Redbridge News
    • Leyton Orient News
    • Clapton FC News
    • Havering Hockey Club News
  • Privacy Policy
  • Cookies Policy
  • Report an Error
  • Sitemap
  • Code of Ethics
  • Help & Resources
East London Times (ELT) © 2026 - All Rights Reserved
East London Times (ELT) > Local East London News > Tower Hamlets News > TfL Cyberattack Hackers Plead Guilty: Tower Hamlets 2026
Tower Hamlets News

TfL Cyberattack Hackers Plead Guilty: Tower Hamlets 2026

News Desk
Last updated: July 8, 2026 12:25 pm
News Desk
20 minutes ago
Newsroom Staff -
@EastLondonTimes
Share
TfL Cyberattack Hackers Plead Guilty: Tower Hamlets 2026
Credit: Google Maps/londoncentric.media

Key Points

  • Guilty Pleas: Thalha Jubair, 20, of Tower Hamlets, and Owen Flowers, 18, of Walsall, unexpectedly changed their pleas to guilty at Woolwich Crown Court on the first day of what was scheduled to be a six-week trial.
  • Massive Financial Impact: The August to September 2024 cyberattack cost Transport for London (TfL) an estimated £39 million in systemic recovery, operational adjustments, and financial losses.
  • Public and Operational Chaos: The breach disrupted live Tube arrivals on the TfL Go app, halted applications for youth Oyster photocards, delayed customer refunds, and forced all 28,000 TfL employees to physically attend an office for emergency password resets.
  • International Extortion Links: Both defendants are identified as members of the notorious “Scattered Spider” hacking collective. Jubair faces additional unsealed US Department of Justice charges involving 120 intrusions across 47 US entities, allegedly accumulating over $115 million (£75 million) in ransoms.
  • Unmasking via Takeaway: Investigators traced Jubair to his family flat near Bow Road tube station after he used a cryptocurrency wallet—linked to servers holding extorted US ransom funds—to buy food delivery gift vouchers sent directly to his residence.
  • Extensive Wealth Seized: Despite having no legitimate income, Flowers was found with $7.1 million in accounts, while a previous hearing revealed that $200 million in cryptocurrency had moved through accounts belonging to Jubair.

Woolwich (East London Times) July 8, 2026 — Two British teenagers linked to the notorious international hacking collective Scattered Spider have pleaded guilty at Woolwich Crown Court to executing the devastating 2024 cyberattack against Transport for London, which inflicted £39 million in structural damage and caused widespread operational chaos for over 10 million passengers. Thalha Jubair, 20, from Bow, East London, and Owen Flowers, 18, from Walsall, West Midlands, admitted conspiring to commit unauthorised acts against TfL’s computer systems, causing a risk of serious damage to human welfare, just as their highly anticipated six-week criminal trial was set to commence.

Contents
  • Key Points
  • What Happened During the 2024 Transport for London Cyberattack?
  • How Were Passengers and Staff Affected by the Incident?
  • How Did a Takeaway Food Order Exposure Lead to Thalha Jubair’s Arrest?
  • What Evidence Did Investigators Discover Against the Defendants?
  • How Did the Conspirators Coordinate Their Attacks?
  • What International Extortion Campaigns are the Suspects Linked To?
  • What Other Entities Did Owen Flowers Target?
  • What Has Been the Official Response from Law Enforcement and TfL?
  • Background of the Particular Development
  • Prediction: How This Development Can Affect Critical Infrastructure and the Tech Sector
    • Impact on Corporate Legal Strategies and Risk Assessment
    • Implications for Law Enforcement and Judicial Precedent

What Happened During the 2024 Transport for London Cyberattack?

The digital assault, which occurred between 29 August and 6 September 2024, systematically crippled the critical national infrastructure managing London’s transit system.

As reported by Dan Milmo, Global Technology Editor of The Guardian, the breach brought massive disruption to the capital’s network, which handles up to five million passenger journeys daily on the Underground alone.

The attack completely disabled the transmission of live train arrival times to the TfL Go application and official website.

Furthermore, the transit authority found itself entirely unable to process digital payments via its contactless and Oyster card software, or register new cards to consumer accounts.

How Were Passengers and Staff Affected by the Incident?

The inner workings of the breach hit both customer facing systems and internal corporate structures. According to data published by Infosecurity Magazine, the cyberattack directly compromised TfL’s internal customer refund database, leaving thousands of commuters out of pocket or facing extensive settlement delays.

Crucially, the attack forced a complete shutdown of the application system for children and young people’s Oyster photocards, halting discounted travel processing for months.

Internally, the security compromise forced the transport authority into unprecedented defensive protocols. To isolate the intrusion, IT leadership mandated that all 28,000 TfL personnel physically travel to an official corporate location to execute emergency, in person password resets.

How Did a Takeaway Food Order Exposure Lead to Thalha Jubair’s Arrest?

Despite employing highly sophisticated defensive measures—including amnesiac operating systems engineered to leave no digital footprint and layered virtual private networks (VPNs)—Jubair was unmasked by a routine dinner delivery.

As unsealed prosecution details in US court filings reveal, Jubair utilized a cryptocurrency wallet hosted on a central server that he and his fellow Scattered Spider conspirators actively used to manage millions of dollars in extorted Bitcoin.

To purchase takeaway meals, Jubair used this specific wallet to buy gift vouchers for an unnamed online food delivery service.

The physical deliveries were dispatched directly to the high rise apartment near Bow Road station where Jubair resided with his parents. Ironically, the tower block sits directly adjacent to a Metropolitan Police call handling centre.

This cross referenced cryptographic trail provided the National Crime Agency (NCA), the City of London Police, and the US Federal Bureau of Investigation (FBI) with the definitive physical address required to execute his arrest in September 2024.

What Evidence Did Investigators Discover Against the Defendants?

The joint domestic and international law enforcement operation yielded an overwhelming repository of digital evidence that ultimately forced the eleventh hour guilty pleas.

When officers raided the Walsall residence of Owen Flowers on 6 September 2024, they seized a massive collection of electronics, including laptops, hard drives, standalone computers, and USB storage keys.

As reported by The Independent, the NCA discovered an Acer laptop that contained a direct desktop screenshot verifying live network connectivity to TfL’s private infrastructure during the ongoing breach.

Furthermore, forensic extraction revealed data confirming Flowers had visited dark web marketplaces specializing in the sale of compromised corporate credentials.

Most damagingly, the laptop held video recordings filmed by Flowers himself that visibly captured Jubair actively penetrating and navigating TfL’s secure operating environments.

How Did the Conspirators Coordinate Their Attacks?

Data analysis proved the two teenagers did not operate in isolation. Journalists at The Independent detailed that the pair used the encrypted messaging application Telegram to maintain constant real time operational contact.

They further coordinated their illicit server deployments using a shared online workspace, which enabled multiple actors across different geographic locations to collaborate concurrently on critical network intrusions.

What International Extortion Campaigns are the Suspects Linked To?

The domestic prosecution against TfL represents only a fraction of the digital crimes associated with the young men, who are tied to the broader activities of “Scattered Spider”—an English speaking cluster of cybercriminals known for high pressure social engineering and ransomware operations.

Jubair is currently subject to severe international legal pressure. According to an indictment unsealed in September 2025 by federal prosecutors in New Jersey, the US Department of Justice has charged Jubair with participating in at least 120 network intrusions and multi million dollar extortions involving 47 separate US entities.

These victims cumulatively surrendered more than $115 million (£75 million) in ransom disbursements.

KrebsOnSecurity reported that Jubair co operated an active Telegram hub known as “Star Chat,” which served as an underground center for SIM swapping operations.

These schemes utilized voice and SMS based phishing campaigns to manipulate corporate personnel at major telecom providers, allowing hackers to steal internal credentials and conduct mass single sign on (SSO) phishing sweeps.

What Other Entities Did Owen Flowers Target?

Flowers independently admitted to executing deep network intrusions against prominent US healthcare systems around the time of the TfL incident.

He formally pleaded guilty to conspiring to launch unauthorized actions against the computer servers of the SSM Health Care Corporation and attempting parallel breaches against Sutter Health.

Additionally, investigative reporting from KrebsOnSecurity linked both Flowers and Jubair to high profile ransomware campaigns impacting leading UK businesses, including the food retailer Co-op Group, Harrods, and Marks & Spencer.

Sources also allege that Flowers was the Scattered Spider operative who anonymously gave media interviews following the spectacular September 2023 ransomware attacks that crippled casino giants MGM Resorts International and Caesars Entertainment in Las Vegas.

Explore More Tower Hamlets News

Tower Hamlets Cemetery Park: The East London Memorial Preserving 125 Years of Community History

Tower Hamlets: The Historic Heart of East London Shaped by Migration, Resilience and Change

What Has Been the Official Response from Law Enforcement and TfL?

Following the entry of the guilty pleas, leadership across both law enforcement and the transport sector issued formal statements addressing the scale of the threat.

“Cybercrime may appear faceless and distant compared to other crime types, but the infiltration of TfL’s systems shows it has real-world consequences and impacts hugely on the public,” stated Paul Foster, Deputy Director and Head of the NCA’s National Cyber Crime Unit, as reported by The Independent. “The attack caused millions of pounds in losses to a key part of the UK’s critical national infrastructure and was a significant inconvenience for customers. The profile of offenders like Flowers and Jubair demonstrates the increasing threat from cybercriminals based in the UK and other English speaking countries, epitomised by Scattered Spider.”

Andy Lord, London’s Transport Commissioner, expressed his validation regarding the judicial outcome:

“We welcome the news that two people charged in relation to the cyber incident which impacted our operations in 2024 have now pleaded guilty,” Lord stated via The Independent. “The security of our systems and customer data is extremely important to us, and we continually monitor our systems to ensure only those authorised can gain access… We thank the hard work of our staff and of the National Crime Agency and partners for their investigations.”

Background of the Particular Development

The conviction of Jubair and Flowers exposes a deeply entrenched digital underground where adolescent gaming spaces serve as breeding grounds for advanced cybercrime syndicates.

Court disclosures revealed that both defendants are diagnosed with autism; Jubair additionally suffers from clinical depression and a severe mood disorder.

Jubair’s trajectory into elite cyber warfare is marked by a prolific domestic criminal history. Prior to the TfL attack, the 20 year old had already accumulated 22 prior criminal convictions, including 13 counts of fraud, two counts of unauthorised computer access, and one count of blackmail. Notably, at 17 years old, he was prosecuted for hacking major telecommunications providers BT and EE, alongside the global semiconductor corporation Nvidia.

At the exact time he was disabling London’s transit infrastructure, Jubair was actively serving a youth rehabilitation order.

Legal records indicate both teens began their computing trajectories within online gaming platforms like Roblox before graduating to complex SIM swapping circles and eventually joining the upper echelons of the Scattered Spider syndicate.

Prediction: How This Development Can Affect Critical Infrastructure and the Tech Sector

This landmark conviction will fundamentally alter how critical national infrastructure (CNI) entities, cybersecurity firms, and enterprise organizations structure their defensive and human resource frameworks.

Public transport networks, utility providers, and healthcare trusts will face immense regulatory and financial pressure to transition away from traditional multi factor authentication (MFA).

Because Scattered Spider specializes in social engineering, “MFA fatigue” attacks, and SIM swapping, organizations can no longer rely on SMS or telephone based verification codes.

This development will accelerate the mandatory adoption of hardware based, passwordless cryptographic keys across all critical public services.

Impact on Corporate Legal Strategies and Risk Assessment

The financial revelations from this case—specifically the movement of $10 million from Jubair’s wallets immediately following a temporary release from custody—will force insurance syndicates and corporate boards to dramatically recalibrate their ransomware policies.

Companies will likely face stricter compliance mandates to qualify for cyber insurance, as underwriters realize that domestic threat groups are executing attacks equal in severity to state sponsored units.

Implications for Law Enforcement and Judicial Precedent

The sentencing hearing scheduled before Mr Justice Turner on 15 and 16 July will establish a critical legal benchmark for cybercrime prosecutions involving neurodivergent, adolescent offenders.

The judiciary will have to balance the extreme financial damage (£39m domestically and over $115m internationally) against the documented mental health profiles of the defendants.

This outcome will directly dictate how future homegrown digital extortionists are handled within the British penal system.

Tower Hamlets Predator Leaks Photos, Blackmails Tower Hamlets 2026
Tower Hamlets Grants 10-Year Rent-Free Lease to Shadwell’s Glamis Playground​
Tower Hamlets Council Faces Urgent Audit Warnings from Ernst & Young
Baldock Statue Stolen: Parks Safe? 2026
 Tower Hamlets Councillors Reject Debate on Government Takeover Threat
News Desk
ByNews Desk
Follow:
Independent voice of East London, delivering timely news, local insights, politics, business, and community stories with accuracy and impact.
Previous Article Waltham Forest Planning Submissions: New Properties Registered in Walthamstow 2026 Waltham Forest Planning Submissions: New Properties Registered in Walthamstow 2026
Next Article Man Utd Battle Spurs and Fulham for Crysencio Summerville | London 2026 Man Utd Battle Spurs and Fulham for Crysencio Summerville | London 2026
East London Times footer logo

All the day’s headlines and highlights from East London Times, direct to you every morning.

Area We Cover

  • Hackney News
  • Havering News
  • Newham News
  • South East London News
  • Redbridge News
  • Tower Hamlets News
  • Waltham Forest News

Explore News

  • Crime News​
  • Fire News
  • Police News
  • Live Traffic & Travel News
  • Sports News

Discover ELT

  • About East London Times (ELT)
  • Become ELT Reporter
  • Contact East London Times (ELT)
  • Street Journalism Training Programme (Online Course)
  • Politicians
  • Journalists
  • Contributors

Useful Links

  • Privacy Policy
  • Cookies Policy
  • Report an Error
  • Sitemap
  • Code of Ethics
  • Help & Resources

East London Times (ELT) is the part of Times Intelligence Media Group. Visit timesintelligence.com website to get to know the full list of our news publications

East London Times (ELT) © 2026 - All Rights Reserved
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?