‘Channel their curiosity into something meaningful’: Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attack
Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
A cybersecurity expert has warned that an uptick in cyber attacks conducted by youths should be a “wake-up call” after two teens were charged following an attack on TfL last year.
Thalha Jubair, 19, and Owen Flowers, 18, were arrested following raids by the National Crime Agency (NCA) and City of London Police earlier this week.
The duo appeared at Westminster Magistrates Court on Thursday and were charged under the Computer Misuse Act for their alleged targeting of the rail operator..
TfL fell victim to a cyber attack last year which severely disrupted systems and cost the rail operator upwards of £31 million in damages. In a statement coinciding with the arrests this week, the NCA said it believes the attack was carried out by the notorious cyber crime group, Scattered Spider.
“Today’s charges are a key step in what has been a lengthy and complex investigation,” said Paul Foster, deputy director and head of the NCA’s National Cyber Crime Unit.
“This attack caused significant disruption and millions in losses to TfL, part of the UK’s critical national infrastructure. Earlier this year, the NCA warned of an increase in the threat from cyber criminals based in the UK and other English-speaking countries, of which Scattered Spider is a clear example.”
Jubair and Flowers have both been remanded in custody and are set to appear at Southwark Crown Court at a later date.
Tech-savvy teens need a positive outlet
Anna Chung, principal researcher for EMEA at Palo Alto Networks, said the arrests should serve as a “wake-up call” for authorities and highlights a failure to “properly engage a generation growing up in a digital-first world”.
“Young people don’t usually turn to online mischief out of malice - it’s often down to a mixture of boredom, technical skills, and a lack of boundaries,” she said.
“They’re driven by a desire for challenge, recognition, and control. And if no one offers them a positive outlet, the internet becomes their playground—and eventually, their battlefield. So, how do we break the cycle?”
Chung said a concerted effort toward teaching young people digital ethics and making it a “part of core education” will be crucial to preventing future incidents.
“Give them a mission,” she said. “Channel their curiosity into something meaningful: ethical hacking challenges, capture-the-flag competitions, and open source contributions. Let them see that their skills have real value.”
Schools are dealing with a wave of kid hackers
Gupta’s call to action comes just weeks after a report from the Information Commissioner's Office (ICO) warned tech-savvy kids have caused havoc at schools across the country.
A report by the data protection watchdog highlighted security failings across the education sector, but emphasized that many incidents were caused by kids themselves.
The ICO found students were using techniques to bypass security and network controls. In one incident, three Year 11 students accessed a secondary school’s information management system which held personal information on around 1,400 students.
Another saw a student access a college’s information management system then viewed, amended and deleted personal information. The system stored details on more than 9,000 staff, students, and applicants.
Echoing Gupta’s comments, Heather Toomey, principal cyber specialist at the ICO, warned the trend ultimately has the potential to snowball into more nefarious activities further down the line.
“What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organizations or critical infrastructure."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- The best online cybersecurity courses to kickstart your career
- Cybersecurity certification vs degree: Which is best for your career?
- Want to get into coding? Here's our top picks for free online bootcamps
-
AI-generated code is fast becoming the biggest enterprise security riskNews Security teams are scrambling to catch AI-generated flaws that appear correct before disaster strikes
-
Sundar Pichai hails AI gains as Google Cloud, Gemini growth surgesNews The company’s cloud unit beat Wall Street expectations as it continues to play a key role in driving AI adoption
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
-
Former Google engineer convicted of economic espionage after stealing thousands of secret AI, supercomputing documentsNews Linwei Ding told Chinese investors he could build a world-class supercomputer
-
The FBI has seized the RAMP hacking forum, but will the takedown stick? History tells us otherwiseNews Billing itself as the “only place ransomware allowed", RAMP catered mainly for Russian-speaking cyber criminals
-
90% of companies are woefully unprepared for quantum security threats – analysts say they need to get a move onNews Quantum security threats are coming, but a Bain & Company survey shows systems aren't yet in place to prevent widespread chaos
-
LastPass issues alert as customers targeted in new phishing campaignNews LastPass has urged customers to be on the alert for phishing emails amidst an ongoing scam campaign that encourages users to backup vaults.
-
NCSC names and shames pro-Russia hacktivist group amid escalating DDoS attacks on UK public servicesNews Russia-linked hacktivists are increasingly trying to cause chaos for UK organizations
-
An AWS CodeBuild vulnerability could’ve caused supply chain chaos – luckily a fix was applied before disaster struckNews A single misconfiguration could have allowed attackers to inject malicious code to launch a platform-wide compromise
