Two British teenagers charged with Computer Misuse Act offenses over a cyberattack on Transport for London (TfL) last year pleaded not guilty during a court appearance on Friday.
Thalha Jubair, 19, and Owen Flowers, 18, were arrested at their homes in East London and Walsall, respectively, by officers from the National Crime Agency (NCA) in September. They appeared at London’s Southwark Crown Court on Friday to enter their pleas.
Flowers had initially been arrested over the transit agency attack in September 2024, but released on bail. Both men were remanded into custody following the most recent arrest.
The NCA said following Flowers’ arrest in 2024 that its officers discovered additional potential evidence that the suspect had been involved in attacks against U.S. healthcare companies.
Alongside the TfL incident, Flowers faces two additional charges of conspiring with others to infiltrate and damage the networks of SSM Health Care Corporation and attempting to do the same to Sutter Health in the United States. He pleaded not guilty to these charges too.
Jubair faces an additional charge for refusing to provide investigators with passcodes to access devices seized from him. He also pleaded not guilty to this.
The U.S. Department of Justice also unsealed a complaint against Jubair in September, accusing him of computer crimes.
The specific charges against both men are among the most severe in English law for cyber offenses, specifically “conspiracy to commit an unauthorised act in relation to a computer causing / creating risk of serious damage to human welfare/national security,” the maximum sentence for which is life imprisonment.
At the time of their arrest, Paul Foster, the head of the NCA’s National Cyber Crime Unit, said: “Today’s charges are a key step in what has been a lengthy and complex investigation. This attack caused significant disruption and millions in losses to TfL, part of the UK’s critical national infrastructure.”
It follows the NCA warning of an increasing threat from English-speaking cybercriminal groups, including the loose collective tracked as Scattered Spider, which has been associated with a range of attacks in both Britain and the United States.
“The NCA, UK policing and our international partners, including the FBI, are collectively committed to identifying offenders within these networks and ensuring they face justice,” said Foster.
Hannah Von Dadelszen, the CPS’ chief prosecutor for the Crown Prosecution Service, said: “Our prosecutors have worked to establish that there is sufficient evidence to bring the case to trial and that it is in the public interest to pursue criminal proceedings.”
The charges come as the NCA’s cybercrime unit is understood to be busier than ever in investigating a range of cases. These include the hack against TfL, the Legal Aid Agency, two incidents impacting the National Health Service, and attacks on three retailers — Marks & Spencer, the Co-op, and the London-based luxury store Harrods.
Contempt of court laws prohibit prejudicing a jury trial by suggesting suspects’ guilt or innocence, publishing details regarding their past convictions, or speculating about the character of the defendants.
Recorded Future
Intelligence Cloud.
Learn more.
