A cybersecurity expert has warned that an uptick in cyber attacks conducted by youths should be a “wake-up call” after two teens were charged following an attack on TfL last year.
Thalha Jubair, 19, and Owen Flowers, 18, were arrested following raids by the National Crime Agency (NCA) and City of London Police earlier this week.
The duo appeared at Westminster Magistrates Court on Thursday and were charged under the Computer Misuse Act for their alleged targeting of the rail operator..
TfL fell victim to a cyber attack last year which severely disrupted systems and cost the rail operator upwards of £31 million in damages. In a statement coinciding with the arrests this week, the NCA said it believes the attack was carried out by the notorious cyber crime group, Scattered Spider.
“Today’s charges are a key step in what has been a lengthy and complex investigation,” said Paul Foster, deputy director and head of the NCA’s National Cyber Crime Unit.
“This attack caused significant disruption and millions in losses to TfL, part of the UK’s critical national infrastructure. Earlier this year, the NCA warned of an increase in the threat from cyber criminals based in the UK and other English-speaking countries, of which Scattered Spider is a clear example.”
Jubair and Flowers have both been remanded in custody and are set to appear at Southwark Crown Court at a later date.
Tech-savvy teens need a positive outlet
Anna Chung, principal researcher for EMEA at Palo Alto Networks, said the arrests should serve as a “wake-up call” for authorities and highlights a failure to “properly engage a generation growing up in a digital-first world”.
“Young people don’t usually turn to online mischief out of malice - it’s often down to a mixture of boredom, technical skills, and a lack of boundaries,” she said.
“They’re driven by a desire for challenge, recognition, and control. And if no one offers them a positive outlet, the internet becomes their playground—and eventually, their battlefield. So, how do we break the cycle?”
Chung said a concerted effort toward teaching young people digital ethics and making it a “part of core education” will be crucial to preventing future incidents.
“Give them a mission,” she said. “Channel their curiosity into something meaningful: ethical hacking challenges, capture-the-flag competitions, and open source contributions. Let them see that their skills have real value.”
Schools are dealing with a wave of kid hackers
Gupta’s call to action comes just weeks after a report from the Information Commissioner's Office (ICO) warned tech-savvy kids have caused havoc at schools across the country.
A report by the data protection watchdog highlighted security failings across the education sector, but emphasized that many incidents were caused by kids themselves.
The ICO found students were using techniques to bypass security and network controls. In one incident, three Year 11 students accessed a secondary school’s information management system which held personal information on around 1,400 students.
Another saw a student access a college’s information management system then viewed, amended and deleted personal information. The system stored details on more than 9,000 staff, students, and applicants.
Echoing Gupta’s comments, Heather Toomey, principal cyber specialist at the ICO, warned the trend ultimately has the potential to snowball into more nefarious activities further down the line.
“What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organizations or critical infrastructure."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- The best online cybersecurity courses to kickstart your career
- Cybersecurity certification vs degree: Which is best for your career?
- Want to get into coding? Here's our top picks for free online bootcamps
-
Tired of legal AI tools that overpromise but underdeliver? The secret to success is in your firm’s dataSponsored Don't let legal AI tools overpromise and underdeliver: the secret to success isn't the software, but building a secure, stable, and connected data foundation that transforms your firm's complex, siloed information into structured knowledge.
-
Cisco wants to take AI closer to the edgeNews The new “integrated computing platform” from Cisco aims to support AI workloads at the edge
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
-
US telco confirms hackers breached systems in stealthy state-backed cyber campaign – and remained undetected for nearly a yearNews The hackers remained undetected in the Ribbon Communications’ systems for months
-
Google says reports of a 'huge' Gmail breach affecting millions of users are false, againNews Reports of a major Gmail affecting millions of users have been flooding the web this week – Google says they're "false" and you've nothing to worry about.
-
Enterprises can’t keep a lid on surging cyber incident costsNews With increasing threats and continuing skills shortages, AI tools are becoming a necessity for some
-
Cyber researchers have already identified several big security vulnerabilities on OpenAI’s Atlas browserNews Security researchers have uncovered a Cross-Site Request Forgery (CSRF) attack and a prompt injection technique
-
CISA issues alert after botched Windows Server patch exposes critical flawNews A critical remote code execution flaw in Windows Server is being exploited in the wild, despite a previous 'fix'
-
Former NCSC head says the Jaguar Land Rover attack was the 'single most financially damaging cyber event ever to hit the UK' as impact laid bareNews Researchers said they place the UK financial impact of the attack on Jaguar Land Rover at around £1.9 billion.
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
