Stay updated with the latest Cybersecurity News on our TecnetBlog.

Scattered Spider Teens Plead Not Guilty in TfL Cyberattack Case

Written by Adriana Aguilar | Nov 24, 2025 4:40:21 PM

The case of two British teenagers linked to the Scattered Spider group has reignited alarm over early recruitment, international operations, and the growing sophistication of cybercriminal actors. During a hearing at Southwark Crown Court, both defendants pleaded not guilty to participating in the cyberattack that affected Transport for London (TfL), the agency that manages public transportation in London.

At TecnetOne, we view these incidents with concern, as they reflect a growing trend: young people with strong digital skills becoming involved in global campaigns targeting critical infrastructure.

 

Who Are the Accused and What Are They Charged With?

 

The defendants, 19-year-old Thalha Jubair—known online as EarthtoStar, Brad, Austin, or @autistic—and 18-year-old Owen Flowers, were arrested by the UK’s National Crime Agency (NCA) in September 2025. Their arrests took place at their homes in East London and Walsall.

During the hearing, both confirmed their names and denied conspiracy charges relating to unauthorized acts against TfL’s technological network.

These charges fall under the Computer Misuse Act, one of the UK’s strictest laws governing cybercrime.

 

How the Investigation Began: The TfL Attack

 

In August 2024, TfL was hit by a cyberattack that disrupted internal operations and systems connected to London’s mobility infrastructure. Although the direct impact was contained, the attack exposed vulnerabilities in one of the city’s most critical public services.

The NCA stated early on that the intrusion displayed patterns linked to Scattered Spider—one of the most aggressive and disruptive cybercriminal groups in recent years, known for social engineering, large-scale intrusions, and infiltrating corporate networks.

This led authorities to investigate several young Britons with suspected direct or indirect ties to the organization, including Jubair and Flowers.

 

Read more: Scattered Spider: The Arrest of a Suspect

 

Scattered Spider: A Group With a Global Footprint

 

This collective, also known as “Octo Tempest,” has been involved in attacks on:

 

  1. Healthcare systems

 

  1. Transportation networks

 

  1. Telecommunications companies

 

  1. Financial services

 

  1. U.S. federal courts

 

Their operations combine advanced techniques with social engineering, convincing high-level employees to surrender credentials or grant access to critical systems. Because of this sophistication, international authorities consider them among the most dangerous groups in the current cybercrime landscape.

 

Additional Charges: U.S. Intrusions

 

Although the media spotlight is on the TfL case, the accusations against the teenagers go beyond the UK.

Case documents reveal that:

 

  1. Flowers had already been arrested in 2024 for attacks on U.S. healthcare networks.

 

  1. Jubair faces charges in New Jersey for conspiracy to commit computer fraud, wire fraud, and money laundering.

 

The U.S. Department of Justice claims Jubair participated in at least 120 network intrusions, affecting 47 organizations and contributing to extortion schemes exceeding $115 million.

This places the young man among the highest-responsibility operators within Scattered Spider, according to U.S. authorities.

 

Charges With Extremely Severe Penalties

 

The offenses the two young men face are among the most serious under UK cybercrime law. The accusations include:

 

  1. Conspiracy to commit unauthorized acts in computer systems

 

  1. Causing severe disruption to public infrastructure networks

 

  1. Risking significant harm to organizations and users

 

In their most severe form, these charges can carry life sentences. While such penalties are unlikely, they reflect how governments are increasingly prioritizing cyberattacks against essential services.

 

A Case That Shows the Urgent Need for Digital Education and Prevention

 

A worrying pattern emerges: more young people with high technical skills are being drawn into global cybercrime networks, where quick profits and perceived anonymity are appealing.

At TecnetOne, we emphasize three essential points:

 

  1. Cybersecurity education must include digital ethics—not just technical skills.

 

  1. Companies need stronger internal defenses, as groups like Scattered Spider exploit human error more than technical flaws.

 

  1. International cooperation is crucial, as attackers operate without borders.

 

This case is not only newsworthy because of the TfL attack, but because of what it represents: a new generation of cybercriminals—younger, more distributed, and highly capable.

 

You might also be interested in: Lethal Hacker Alliance: ShinyHunters and Scattered Spider Strike

 

What You Can Learn From This Case

 

Even if it feels distant, the Scattered Spider case highlights key lessons for any business or institution:

 

  1. Social engineering remains the most common entry point.

 

  1. Attackers are now global networks—not isolated hackers.

 

  1. Transportation, healthcare, and finance are prime targets.

 

  1. Early detection and continuous monitoring are essential.

 

  1. Ignoring small warning signs can lead to multimillion-dollar breaches.

 

And importantly, global justice systems are becoming increasingly coordinated, even when the suspects are under 20.

 

Conclusion

 

The legal proceedings against these two young men reflect the current state of global cybersecurity. This is not just about an attack on TfL—it is a clear example of how today’s cybercriminals operate: young, globally distributed, tied to powerful groups, and capable of causing massive damage.

Digital security is no longer optional—it is urgent. At TecnetOne, we continue insisting that the best defense is not reacting to the attack, but anticipating it.

 
View full post