Owen Flowers, then 17, laughed as police arrested him for a cyber attack on Transport for London (TfL) that caused £29 million in damage and nearly forced the network to shut down, body-worn camera footage shows. Flowers and Thalha Jubair, now aged 20, were each sentenced to five years and six months in prison at Woolwich Crown Court on July 16, 2026, for the intrusion between August 31 and September 3, 2024.
Attack Details and Impact
The pair infiltrated TfL's online network, forcing all 27,000 employees to attend offices in person to reset passwords. The National Crime Agency (NCA) described the damage as “catastrophic,” with TfL nearly having to “pull the plug” on its systems. The hackers worked through the night for 16 hours, tricking the helpdesk into resetting a password and then using TfL’s own Microsoft Azure systems to hack further.
Flowers, from Walsall, West Midlands, was arrested at his home wearing a grey t-shirt and green shorts. In released footage, he chuckles at an arresting officer. Jubair, from Tower Hamlets, was led glum-faced into a police van, wearing a hoodie. Both were arrested by the NCA and City of London Police.
Background and Motivation
The NCA stated Flowers lived with his grandmother and uncle, spending most of his time gaming and on chat forums. No ransom was demanded, suggesting motivation was “kudos within the cybercriminal community.” Both were linked to the Scattered Spider group, which has also targeted Jaguar Land Rover and Marks and Spencer. Jubair lived in a council block in Bow; his mother was a carer and his father a care assistant.
Judge took into account their young ages and neurodivergence but noted Jubair's “history of offending” showed “persistence” and he was “undeterred” by previous investigations. Flowers livestreamed Jubair conducting the hack; some videos were recovered upon his arrest on September 6, 2024. The pair discussed “nuking access” to servers.
Broader Cyber Threat
The NCA described the threat from serious and organised cybercrime to the UK as “very high.” While some UK attackers seek notoriety, most are foreign criminals after financial gain. Data theft remains the most common method due to increased online dependence.



