The U.S. Division of Justice on Thursday unsealed federal costs in opposition to British teenager Thalha Jubair, who prosecutors accuse of being concerned in at the very least 120 cyberattacks, together with the U.S. Courts system, and the extortion of dozens of U.S. firms.
Jubair, 19, was arrested on Tuesday at his house in East London, in accordance with a assertion by the Nationwide Crime Company. He appeared in courtroom on Thursday morning in London alongside one other teenager, Owen Flowers, 18. Each are accused of involvement in a 2024 cyberattack focusing on Transport for London, the federal government physique that oversees the London public transit system, which resulted in a knowledge breach and a monthslong restoration effort.
The Nationwide Crime Company stated the hack on the London transit system’s IT community was attributed to the Scattered Spider hacking group.
Each Jubair and Flowers have been taken into custody to seem in courtroom at a later date, per BBC Information.
Scattered Spider is an English-speaking group of financially motivated cybercriminals, largely youngsters and younger adults, who’re generally known as “superior persistent youngsters” for his or her expert and repeated cyberattacks. These hackers are recognized for his or her potential to hack into massive numbers of firms usually by utilizing comparatively easy social engineering methods, like calling up an organization’s IT helpdesk pretending to be an worker who forgot their password and now wants a brand new one.
These hackers are additionally recognized for his or her involvement with different hackers via a nebulous cyber collective known as “the Com,” referring to the cybercrime neighborhood that generally crosses into the true world by utilizing bodily threats and violence, together with swatting.
Federal costs for focusing on U.S. firms
As a part of a separate set of federal costs filed in New Jersey, U.S. prosecutors stated Jubair additionally faces laptop hacking, extortion, and cash laundering costs in relation to dozens of hacks that noticed company victims pay over $115 million in ransom funds.
In its prison grievance, the FBI stated in July 2024 it seized servers they consider are run by Jubair, and located proof that Jubair was allegedly concerned in hacks of at the very least 120 firms, together with 47 firms in america.
In accordance with prosecutors, Jubair used social engineering methods to interrupt into firm networks to steal inner knowledge, encrypt the sufferer’s servers, then extort the victims into paying the hackers to unlock the information.
One of many sufferer firms included a vital infrastructure firm primarily based in New Jersey. The FBI stated it discovered proof on one of many servers allegedly run by Jubair that included greater than a gigabyte of information stolen from the vital infrastructure firm, in addition to shopping historical past that confirmed obvious proof of logging into the vital infrastructure firm’s servers.
One other breach the FBI allegedly pinned on Jubair additionally concerned entry to the U.S. Courts system.
Throughout January 2025, Jubair and the opposite hackers allegedly contacted the U.S. Courts’ helpdesk to achieve entry to 3 person accounts, together with one belonging to a federal Justice of the Peace decide, to seek for data associated to “Scattered Spider.”
The hackers additionally used one of many hacked accounts to submit an emergency data disclosure request of buyer data to an unnamed monetary companies supplier, a typical tactic utilized by these hackers to trick firms into turning over person data in response to what they suppose is a reputable authorized request.
The FBI stated Jubair’s seized server was “used to conduct searches” associated to the U.S. Courts hack and was used to ship the emergency request to the monetary agency.
Bloomberg first reported in August that the Scattered Spider hackers broke into the U.S. Courts system to seek for data associated to the hackers, together with the sealed indictment of 1 now-convicted member of Scattered Spider, Noah City.
Jubair’s servers allegedly contained a cryptocurrency pockets storing round $36 million on the time it was seized, a lot of it traceable to the businesses who paid the ransoms, in accordance with the FBI. However the FBI stated Jubair allegedly transferred out round $8.4 million from the pockets because the FBI was taking management of the server.
It’s not instantly clear if the Division of Justice has or will search Jubair’s extradition, and a DOJ spokesperson didn’t instantly remark.
