The U.S. Justice Department on Thursday unsealed federal charges against 19-year-old Thalha Jubair, accusing the East London teenager of orchestrating more than 120 cyberattacks, including breaches of the U.S. Courts system, and extorting American companies out of millions.
Jubair was arrested at his home this week by the U.K.’s National Crime Agency and appeared in a London court alongside 18-year-old Owen Flowers, who faces related charges. The pair is also accused of a 2024 hack on Transport for London, which crippled the city’s transit IT systems for months. Authorities say the attack was linked to Scattered Spider, a notorious hacking crew made up mostly of teenagers who have earned the nickname “advanced persistent teenagers” for their repeated and surprisingly effective intrusions.
Related: Insight Partners Confirms Data Breach Notifications After January Hack
Scattered Spider is part of a larger underground community known as “the Com,” where online threats sometimes spill into real-world harassment and violence, including swatting. Their hacks are not sophisticated zero-day exploits; they often start with low-tech social engineering, like calling a company’s help desk and pretending to be a locked-out employee. From there, the hackers steal internal data, lock down servers, and demand ransom.
U.S. prosecutors in New Jersey say Jubair faces charges of computer hacking, extortion, and money laundering tied to attacks that netted over $115 million in ransom payments. The FBI claims it seized servers linked to Jubair that stored evidence of his role in dozens of hacks, including access to sensitive accounts at the U.S. Courts system, even one belonging to a federal magistrate judge.
Investigators also say they uncovered a crypto wallet worth $36 million, much of it traced back to ransom victims. As the FBI moved in, Jubair allegedly shifted about $8.4 million out of the wallet in real time.
It is unclear if the U.S. will push for Jubair’s extradition. For now, he remains in U.K. custody. But the case underscores a growing truth: cybercrime is no longer the domain of shadowy professionals in distant corners of the web. Increasingly, it has been driven by teenagers with Discord accounts, audacity, and a knack for exploiting human trust. How do governments and companies defend against attackers who don’t need advanced tools, just the right phone number and a convincing script?
