A cybersecurity expert has warned that an uptick in cyber attacks conducted by youths should be a “wake-up call” after two teens were charged following an attack on TfL last year.
Thalha Jubair, 19, and Owen Flowers, 18, were arrested following raids by the National Crime Agency (NCA) and City of London Police earlier this week.
The duo appeared at Westminster Magistrates Court on Thursday and were charged under the Computer Misuse Act for their alleged targeting of the rail operator..
TfL fell victim to a cyber attack last year which severely disrupted systems and cost the rail operator upwards of £31 million in damages. In a statement coinciding with the arrests this week, the NCA said it believes the attack was carried out by the notorious cyber crime group, Scattered Spider.
“Today’s charges are a key step in what has been a lengthy and complex investigation,” said Paul Foster, deputy director and head of the NCA’s National Cyber Crime Unit.
“This attack caused significant disruption and millions in losses to TfL, part of the UK’s critical national infrastructure. Earlier this year, the NCA warned of an increase in the threat from cyber criminals based in the UK and other English-speaking countries, of which Scattered Spider is a clear example.”
Jubair and Flowers have both been remanded in custody and are set to appear at Southwark Crown Court at a later date.
Tech-savvy teens need a positive outlet
Anna Chung, principal researcher for EMEA at Palo Alto Networks, said the arrests should serve as a “wake-up call” for authorities and highlights a failure to “properly engage a generation growing up in a digital-first world”.
“Young people don’t usually turn to online mischief out of malice - it’s often down to a mixture of boredom, technical skills, and a lack of boundaries,” she said.
“They’re driven by a desire for challenge, recognition, and control. And if no one offers them a positive outlet, the internet becomes their playground—and eventually, their battlefield. So, how do we break the cycle?”
Chung said a concerted effort toward teaching young people digital ethics and making it a “part of core education” will be crucial to preventing future incidents.
“Give them a mission,” she said. “Channel their curiosity into something meaningful: ethical hacking challenges, capture-the-flag competitions, and open source contributions. Let them see that their skills have real value.”
Schools are dealing with a wave of kid hackers
Gupta’s call to action comes just weeks after a report from the Information Commissioner's Office (ICO) warned tech-savvy kids have caused havoc at schools across the country.
A report by the data protection watchdog highlighted security failings across the education sector, but emphasized that many incidents were caused by kids themselves.
The ICO found students were using techniques to bypass security and network controls. In one incident, three Year 11 students accessed a secondary school’s information management system which held personal information on around 1,400 students.
Another saw a student access a college’s information management system then viewed, amended and deleted personal information. The system stored details on more than 9,000 staff, students, and applicants.
Echoing Gupta’s comments, Heather Toomey, principal cyber specialist at the ICO, warned the trend ultimately has the potential to snowball into more nefarious activities further down the line.
“What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organizations or critical infrastructure."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- The best online cybersecurity courses to kickstart your career
- Cybersecurity certification vs degree: Which is best for your career?
- Want to get into coding? Here's our top picks for free online bootcamps
-
Audit and security professionals must step up to govern AI – before it governs usNew ISACA credentials introduced to tackle the challenge of AI preparedness amongst audit and security management professionals
-
Check Point buys Lakera to secure the full enterprise AI lifecycleNews Lakera’s AI-native security will be integrated with Check Point's Infinity architecture to deliver full end-to-end AI security coverage
-
Microsoft and Cloudflare just took down a major phishing operationNews RaccoonO365’s phishing as a service platform has risen to prominence via Telegram
-
Cyber professionals are losing sleep over late night attacksNews Hackers are biding their time and launching attacks when businesses can’t respond
-
BreachForums founder resentenced to three years in prisonNews A US appeals court vacated his previous sentence and remanded the case for resentencing
-
Jaguar Land Rover says IT disruption set to continueNews The automotive manufacturer is still not fully operational after the recent cyber attack
-
Nearly 700,000 customers impacted after insider attack at US fintech firmNews FinWise, which provides loans on behalf of US financial services firms, revealed a former employee accessed sensitive customer information after leaving the firm.
-
How to check if you’ve been affected by Salesforce attacks – and stop hackers dead in their tracksNews The FBI has issued a fresh advisory over the threat posed to Salesforce customers by two threat groups. Here's how you can stay safe and mitigate any risks.
-
Kids hacking for kicks are causing security headaches at schoolsNews More than half of cyber incidents at schools are caused by students, with some tech-savvy pupils attempting to bypass security and network controls.
-
Mobile app security is a huge blind spot for developer teams – 93% are confident their applications are secure, but 62% reported breaches last yearNews Organizations are overconfident about their mobile app security practices, according to new research, and it’s putting enterprises and consumers alike at risk.
