Views Bangladesh Logo

British-Bangladeshi hacker jailed over cyberattack that crippled London transport

VB Desk,  International

VB Desk, International

A British court has sentenced two young hackers, including a British-Bangladeshi, to five-and-a-half years in prison for carrying out a major cyberattack that crippled Transport for London (TfL), disrupted services for months and exposed the personal data of millions of passengers.

The sentence was handed down by Woolwich Crown Court on Thursday (July 16) against Talha Zubair, 20, and his British accomplice Owen Flowers, 18, who were found to have played key roles in the 2024 attack as members of the notorious cybercrime group Scattered Spider.

The cyberattack severely disrupted TfL's digital infrastructure, forcing the transport authority to suspend several online services and requiring 27,000 employees to reset their passwords in person after hackers gained extensive access to internal systems.

According to TfL, the attack caused £29 million in direct losses, with an additional £10 million lost due to service disruption.

Investigators said the pair infiltrated TfL's network on 31 August 2024 and continued accessing the system until 3 September, eventually obtaining administrator-level control. To contain the breach, TfL was forced to disconnect its entire network, resulting in widespread operational disruption.

The court heard that Flowers recorded and livestreamed the 16-hour hacking operation, while Zubair shared the footage in a Telegram group and boasted about causing chaos across London's transport network. The pair later searched for personal information of high-profile London figures and attempted to access banking data.

In one online message, Flowers reportedly wrote: "Scattered Spider is spinning its web on the London Underground."

Britain's National Crime Agency (NCA) warned that the growing involvement of young hackers in organised cybercrime has become one of the country's most serious cybersecurity threats.

The court described both defendants as "lonely computer-obsessed young men" who spent most of their time online with little supervision. While sentencing them, the judge considered their age and autism diagnoses as mitigating factors.

Police said Flowers had previously received a warning for cybercrime at the age of 16 and was arrested in September 2024 while allegedly hacking two US healthcare organisations. Authorities also seized cryptocurrency worth nearly £1 million from him.

Zubair's family migrated to London from Bangladesh. He began learning programming after receiving his first laptop at the age of 10 and established links with online criminal groups by the age of 13. He was first arrested at 14 and later received a Youth Rehabilitation Order in 2023 for participating in cyberattacks against companies including Nvidia and BT as part of the Lapsus$ hacking group.

Court documents revealed that Zubair has 22 previous convictions related to hacking, fraud and harassment. He is also accused in the United States of involvement in cyberattacks targeting 47 organisations, with investigators alleging that he and his associates collected $15 million in ransom payments.

Despite gaining access to millions of pounds worth of cryptocurrency, investigators believe the pair were driven more by online notoriety and recognition than financial gain.

Leave A Comment

Avatar

Trending Views