‘Channel their curiosity into something meaningful’: Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attack
Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
A cybersecurity expert has warned that an uptick in cyber attacks conducted by youths should be a “wake-up call” after two teens were charged following an attack on TfL last year.
Thalha Jubair, 19, and Owen Flowers, 18, were arrested following raids by the National Crime Agency (NCA) and City of London Police earlier this week.
The duo appeared at Westminster Magistrates Court on Thursday and were charged under the Computer Misuse Act for their alleged targeting of the rail operator..
TfL fell victim to a cyber attack last year which severely disrupted systems and cost the rail operator upwards of £31 million in damages. In a statement coinciding with the arrests this week, the NCA said it believes the attack was carried out by the notorious cyber crime group, Scattered Spider.
“Today’s charges are a key step in what has been a lengthy and complex investigation,” said Paul Foster, deputy director and head of the NCA’s National Cyber Crime Unit.
“This attack caused significant disruption and millions in losses to TfL, part of the UK’s critical national infrastructure. Earlier this year, the NCA warned of an increase in the threat from cyber criminals based in the UK and other English-speaking countries, of which Scattered Spider is a clear example.”
Jubair and Flowers have both been remanded in custody and are set to appear at Southwark Crown Court at a later date.
Tech-savvy teens need a positive outlet
Anna Chung, principal researcher for EMEA at Palo Alto Networks, said the arrests should serve as a “wake-up call” for authorities and highlights a failure to “properly engage a generation growing up in a digital-first world”.
“Young people don’t usually turn to online mischief out of malice - it’s often down to a mixture of boredom, technical skills, and a lack of boundaries,” she said.
“They’re driven by a desire for challenge, recognition, and control. And if no one offers them a positive outlet, the internet becomes their playground—and eventually, their battlefield. So, how do we break the cycle?”
Chung said a concerted effort toward teaching young people digital ethics and making it a “part of core education” will be crucial to preventing future incidents.
“Give them a mission,” she said. “Channel their curiosity into something meaningful: ethical hacking challenges, capture-the-flag competitions, and open source contributions. Let them see that their skills have real value.”
Schools are dealing with a wave of kid hackers
Gupta’s call to action comes just weeks after a report from the Information Commissioner's Office (ICO) warned tech-savvy kids have caused havoc at schools across the country.
A report by the data protection watchdog highlighted security failings across the education sector, but emphasized that many incidents were caused by kids themselves.
The ICO found students were using techniques to bypass security and network controls. In one incident, three Year 11 students accessed a secondary school’s information management system which held personal information on around 1,400 students.
Another saw a student access a college’s information management system then viewed, amended and deleted personal information. The system stored details on more than 9,000 staff, students, and applicants.
Echoing Gupta’s comments, Heather Toomey, principal cyber specialist at the ICO, warned the trend ultimately has the potential to snowball into more nefarious activities further down the line.
“What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organizations or critical infrastructure."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- The best online cybersecurity courses to kickstart your career
- Cybersecurity certification vs degree: Which is best for your career?
- Want to get into coding? Here's our top picks for free online bootcamps
-
Meta engineer trusted advice from an AI agent, ended up exposing user dataNews The internal security incident exposed sensitive user data to unauthorized employees
-
Stryker hackers struck by FBI in domain seizure campaignNews The domain seizures come hot on the heels of Handala's devastating attack on the medical tech firm
-
Interpol teams up with tech firms to seize 45,000 malicious IPs, servers in global cyber crime crackdownNews Operation Synergia III saw 94 arrests - and counting - with malicious IP addresses used in phishing and fraud schemes seized
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in lifeNews With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
-
Cloudflare warns state-backed hackers are ‘weaponizing legitimate enterprise ecosystems’ as ‘living off the land’ attacks surge
News Chinese, North Korean, and Russian-backed threat groups now favor longer-term compromises over brute force attacks
-
DIY hackers are turning to ‘flat-pack’ malware components to speed up attacks and cut costsNews While these malware campaigns are very basic, researchers noted “they still work”
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
