Two hackers, teenagers at the time of their offense, pleaded guilty on June 22 to a series of cyberattacks on targets in the UK and the United States.
Thalha Jubair, 20, from London, and Owen Flowers, 18, from Walsall, near Birmingham, pleaded guilty at Woolwich Crown Court in London on the first day of their trial for offenses under the UK’s Computer Misuse Act.
The UK’s National Crime Agency (NCA) said the pair—who were members of an online criminal network called Scattered Spider—mounted a cyber attack on Transport for London (TfL), which cost it tens of millions of dollars and affected thousands of passengers traveling in and around the British capital in the summer of 2024.
In a statement, NCA said it launched an investigation, along with the City of London Police, after TfL’s network was infiltrated between Aug. 31 and Sept. 3, 2024.
2 US Healthcare Providers Targeted
Flowers was initially arrested on Sept. 6, 2024, and at that point, the NCA found evidence that the networks of two U.S. healthcare providers, SSM Health Care Corporation and Sutter Health, had been infiltrated and damaged.
SSM is a Catholic, nonprofit health system covering Illinois, Missouri, Oklahoma, and Wisconsin, while California-based Sutter Health is one of the largest nonprofit health systems, which serves 3.5 million Americans.
NCA said investigators found several laptops, tower computers, hard drives, and USB sticks at Flowers’s home.
“One Acer laptop contained a screenshot showing network connectivity to TfL infrastructure,” the agency said. “Flowers had also accessed an online tool selling breached credentials.”
NCA said it also found videos Flowers had recorded, showing Jubair accessing TfL systems during the 2024 attack.
“The pair were messaging each other over Telegram at the same time and also communicated via an online tool where multiple participants can work remotely on a common workspace,” NCA said.
Jubair, who was 19 at the time, and Flowers were finally arrested and charged on Sept. 16, 2025.
On Sept. 18, 2025, the U.S. Department of Justice (DOJ) announced that a complaint had been filed in New Jersey charging Jubair with conspiracies to commit computer fraud, wire fraud, and money laundering, in relation to at least 120 computer network intrusions and extortions involving 47 U.S. entities.
$115 Million in Ransomware Payments
The complaint, which was unsealed on Sept. 18, 2025, alleges the victims paid a total of $115 million in ransom payments.
The DOJ said Jubair used the online pseudonyms “EarthtoStar,” “Brad,” “Austin,” and “@autistic,” and “conspired with others to use social engineering techniques to gain unauthorized access into the computer networks of U.S. companies, steal and encrypt information, and demand ransom payments from victims in exchange for regaining control and preventing the dissemination of the exfiltrated data.”
The Epoch Times reported last year on the widespread practice of making secret payments to ransomware gangs like Scattered Spider.
The number of reported ransomware attacks worldwide in 2024 was 5,289, up by 15 percent from 2023, according to the U.S. Office of the Director of National Intelligence.
But Andy Jenkinson, a fellow at the Cyber Theory Institute and author of the book “Stuxnet to Sunburst: 20 Years of Digital Exploitation and Cyber Warfare,” told The Epoch Times that those figures do not include the vast majority of attacks that were not reported.
“Scattered Spider and all other so-called cyber criminals use OSINT [Open-Source Intelligence] to easily identify gaps to gain access and exploit,” Jenkinson told The Epoch Times.
“These gaps are a direct result of suboptimal security and the false narratives of what good security should be like; meanwhile, critical security is ignored.
“The bigger concern is why organizations and Five Eyes are so hypocritical with the one hand warning and pleading sophisticated attacks, whilst the reality is basic security negligence.”
Paul Foster, the head of NCA’s National Cyber Crime Unit, said the investigation into Jubair and Flowers had been “lengthy, highly complex and painstaking.”
‘Real-World Consequences’
“Cyber crime may appear faceless and distant compared to other crime types, but the infiltration of TfL’s systems shows it has real-world consequences and impacts hugely on the public,” Foster said.
“The attack caused millions of pounds in losses to a key part of the UK’s critical national infrastructure, and was a significant inconvenience for customers.
“The profile of offenders like Flowers and Jubair demonstrates the increasing threat from cyber criminals based in the UK and other English-speaking countries, epitomized by Scattered Spider.”
Jubair and Flowers will be sentenced on July 16 and face up to 10 years in jail.
It was not immediately clear whether Jubair and Flowers had legal representatives who could comment on their behalf.
The Epoch Times reached out to the DOJ for comment but did not receive a response by publication time.
Friends Read Free
Copy
Facebook
Tweet
