‘Channel their curiosity into something meaningful’: Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attack
Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
A cybersecurity expert has warned that an uptick in cyber attacks conducted by youths should be a “wake-up call” after two teens were charged following an attack on TfL last year.
Thalha Jubair, 19, and Owen Flowers, 18, were arrested following raids by the National Crime Agency (NCA) and City of London Police earlier this week.
The duo appeared at Westminster Magistrates Court on Thursday and were charged under the Computer Misuse Act for their alleged targeting of the rail operator..
TfL fell victim to a cyber attack last year which severely disrupted systems and cost the rail operator upwards of £31 million in damages. In a statement coinciding with the arrests this week, the NCA said it believes the attack was carried out by the notorious cyber crime group, Scattered Spider.
“Today’s charges are a key step in what has been a lengthy and complex investigation,” said Paul Foster, deputy director and head of the NCA’s National Cyber Crime Unit.
“This attack caused significant disruption and millions in losses to TfL, part of the UK’s critical national infrastructure. Earlier this year, the NCA warned of an increase in the threat from cyber criminals based in the UK and other English-speaking countries, of which Scattered Spider is a clear example.”
Jubair and Flowers have both been remanded in custody and are set to appear at Southwark Crown Court at a later date.
Tech-savvy teens need a positive outlet
Anna Chung, principal researcher for EMEA at Palo Alto Networks, said the arrests should serve as a “wake-up call” for authorities and highlights a failure to “properly engage a generation growing up in a digital-first world”.
“Young people don’t usually turn to online mischief out of malice - it’s often down to a mixture of boredom, technical skills, and a lack of boundaries,” she said.
“They’re driven by a desire for challenge, recognition, and control. And if no one offers them a positive outlet, the internet becomes their playground—and eventually, their battlefield. So, how do we break the cycle?”
Chung said a concerted effort toward teaching young people digital ethics and making it a “part of core education” will be crucial to preventing future incidents.
“Give them a mission,” she said. “Channel their curiosity into something meaningful: ethical hacking challenges, capture-the-flag competitions, and open source contributions. Let them see that their skills have real value.”
Schools are dealing with a wave of kid hackers
Gupta’s call to action comes just weeks after a report from the Information Commissioner's Office (ICO) warned tech-savvy kids have caused havoc at schools across the country.
A report by the data protection watchdog highlighted security failings across the education sector, but emphasized that many incidents were caused by kids themselves.
The ICO found students were using techniques to bypass security and network controls. In one incident, three Year 11 students accessed a secondary school’s information management system which held personal information on around 1,400 students.
Another saw a student access a college’s information management system then viewed, amended and deleted personal information. The system stored details on more than 9,000 staff, students, and applicants.
Echoing Gupta’s comments, Heather Toomey, principal cyber specialist at the ICO, warned the trend ultimately has the potential to snowball into more nefarious activities further down the line.
“What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organizations or critical infrastructure."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- The best online cybersecurity courses to kickstart your career
- Cybersecurity certification vs degree: Which is best for your career?
- Want to get into coding? Here's our top picks for free online bootcamps
-
Everpure CEO says firm will 'share the pain' with customers amid rising hardware costsNews The Everpure chief thanked customers for “sticking with us” at Pure Accelerate 2026
-
HPE Discover 2026 Live: all the news and announcements as they happenFollow along for key insights from CTO Fidelma Russo's day 2 keynote at HPE Discover 2026
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
Hackers are turning up at law firms to gain physical access to machinesNews The FBI is warning companies to look out for fake IT staff
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Tycoon 2FA is down, but not out – researchers warn the phishing as a service operation is still a huge threat to businessesNews Millions of Tycoon 2FA attacks are still hitting businesses, according to research from Barracuda
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
Interpol teams up with tech firms to seize 45,000 malicious IPs, servers in global cyber crime crackdownNews Operation Synergia III saw 94 arrests - and counting - with malicious IP addresses used in phishing and fraud schemes seized
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
-
Cloudflare warns state-backed hackers are ‘weaponizing legitimate enterprise ecosystems’ as ‘living off the land’ attacks surge
News Chinese, North Korean, and Russian-backed threat groups now favor longer-term compromises over brute force attacks
