US government charges British teenager accused of at least 120 ‘Scattered Spider’ hacks

The U.S. Department of Justice has announced federal charges against 19-year-old Thalha Jubair, a British national accused of orchestrating over 120 cyberattacks, including serious breaches of the U.S. Courts system and extorting numerous American companies. Jubair was apprehended at his home in East London on Tuesday, as confirmed by the National Crime Agency, and appeared in court the following day alongside fellow teen Owen Flowers, aged 18. Both individuals are linked to a significant cyberattack in 2024 targeting Transport for London, which manages the city's public transit. This incident reportedly resulted in a substantial data breach and necessitated an extensive recovery operation. The National Crime Agency attributes this breach to the Scattered Spider hacking group. Scattered Spider is known for its members, often referred to as “advanced persistent teenagers,” who utilize relatively simple social engineering tactics to infiltrate systems. These techniques can include impersonating employees to trick helpdesk staff into providing access. The group is also engaged in a broader cybercrime community known as “the Com,” which has been linked to threats and violent actions, including swatting incidents. In a separate case brought forth in New Jersey, federal prosecutors have revealed that Jubair faces additional charges, including computer hacking, extortion, and money laundering. These accusations stem from a series of hacks that reportedly resulted in over $115 million in ransom payments from corporate victims. The FBI's investigation, which included the seizure of Jubair's servers in July 2024, indicated that he was involved in numerous hacks affecting at least 120 companies, with 47 of those based in the U.S. Prosecutors allege that Jubair used social engineering to infiltrate corporate networks, steal sensitive data, encrypt servers, and subsequently extort companies for ransom to regain access to their files. Among the victims was a critical infrastructure firm located in New Jersey. Evidence from Jubair's seized server reportedly included over a gigabyte of data stolen from the critical infrastructure company, alongside browsing histories revealing unauthorized access to its servers. Another serious breach attributed to Jubair involved unauthorized access to the U.S. Courts system, where he and his associates allegedly contacted the helpdesk to obtain access to multiple user accounts, including one belonging to a federal magistrate judge. The hackers utilized their access to submit a fraudulent emergency information request to a financial services provider, a common tactic designed to deceive companies into disclosing user data under the guise of a legitimate legal demand. The FBI noted that Jubair's server was actively used for conducting searches related to the U.S. Courts incident and for sending the deceptive request. Reports from Bloomberg indicated that Scattered Spider hackers had infiltrated the U.S. Courts system to seek information about members of their group, including a previously convicted associate. Furthermore, Jubair's servers were found to contain a cryptocurrency wallet with approximately $36 million at the time of seizure, much of which was linked to ransom payments. The FBI reported that Jubair allegedly transferred about $8.4 million from this wallet just as they were taking control of the server. There is currently no information on whether the Department of Justice plans to pursue Jubair's extradition, as inquiries to DOJ representatives have gone unanswered.