🕷️ The US will get you: British Teens Charged in Global Cybercrime Spree

This case marks a watershed moment in international cybercrime enforcement. It highlights the growing threat posed by young, tech-savvy cybercriminals and emphasises the importance of cross-border cooperation among agencies such as the FBI, NCA, and CPS.

It also shows us that no one is beyond the reach of the US if they want to get you

FBI Cyber Division, Brett Leatherman said

• “No cyber-[CRIMINAL] is beyond our reach…
• If you attack American companies or citizens,
• we will find you,
• we will expose you, and
• we will seek justice.”

Overview

In a significant international cybercrime investigation, Thalha Jubair, 19, from East London, and Owen Flowers, 18, from Walsall, have been charged in connection with a massive cyber-attack on Transport for London (TfL) and a series of ransomware extortion schemes targeting U.S. entities. Authorities allege the pair are members of the notorious Scattered Spider group, responsible for at least 120 network intrusions and $115 million in ransom payments.

UK Charges: TfL Hack

On 31 August 2024, TfL suffered a network intrusion that disrupted IT systems, exposed personal data of over 5,000 passengers, and cost the organisation £30 million in recovery efforts.

• Charges:
• Conspiracy to commit unauthorised acts under the Computer Misuse Act
• Flowers additionally charged with attacks on SSM Health Care Corporation and Sutter Health in the U.S.
• Jubair charged under RIPA for refusing to disclose device passwords
• Impact:
• Disruption to concession card services (Zip, 60+ Oyster)
• Ongoing system outages, including TfL’s “jam cams” feed
• Thousands of Londoners left out of pocket

U.S. DOJ Indictment: Ransomware & Extortion

On 18 September 2025, the U.S. Department of Justice unsealed a complaint charging Thalha Jubair with:

• Conspiracy to commit computer fraud, wire fraud, and money laundering
• Involvement in at least 120 cyberattacks targeting 47 U.S. entities
• Use of social engineering to infiltrate networks, encrypt data, and demand ransom
• Laundering funds through crypto wallets, including $8.4 million transferred during a server seizure

🧠 Who Are Scattered Spider?

Also known as:

• Octo Tempest
• UNC3944
• 0ktapus

This group is known for:

• Targeting critical infrastructure
• Using SIM swapping, phishing, and social engineering
• Operating across the U.S., UK, and other English-speaking countries

Legal Proceedings

• UK Hearing: Westminster Magistrates Court, 18 September 2025
• U.S. Charges: Filed in the District of New Jersey
• Maximum Penalty: Jubair faces up to 95 years in prison if convicted

Final Thoughts

This case marks a watershed moment in international cybercrime enforcement. It highlights the growing threat posed by young, tech-savvy cybercriminals and emphasises the importance of cross-border cooperation among agencies such as the FBI, NCA, and CPS.

Key Sources

• U.S. DOJ Press Release https://www.justice.gov/opa/pr/united-kingdom-national-charged-connection-multiple-cyber-attacks-including-critical
• National Crime Agency Statement https://www.nationalcrimeagency.gov.uk/news/two-charged-for-tfl-cyber-attack
• Yahoo News Coverage  https://uk.news.yahoo.com/teenagers-charged-tfl-cyber-attack-132218562.html