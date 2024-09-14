The British authorities have announced A 17-year-old boy was arrested on Thursday in connection with a cyber attack on Transport for London (TfL).

How the 17-Year-Old Hacker Boy Was Arrested

“The 17-year-old boy was arrested on suspicion of breaching the Computer Misuse Act in relation to the attack, which was launched on TfL on September 1“, has declared the UK’s National Crime Agency (NCA).

The youth, originally from Walsall, was due to be arrested on 5 September 2024, following an investigation launched after the accident.

The police agency said the 17-year-old boy, whose name was not released, he was questioned and later released on bail.

“Attacks on public infrastructure like this can be extremely disruptive and have serious consequences for local communities and national systems.“, said Paul Foster, Deputy Director and Head of the NCA’s National Cyber ​​Crime Unit, adding: “TfL’s rapid response following the incident enabled us to act quickly, and we are grateful for their continued cooperation with our ongoing investigation.“

TfL later confirmed that the security breach led to unauthorised access to bank account numbers and sort codes. approximately 5,000 customers and will directly contact those who have been affected.

“While the impact to our customers has been minimal so far, the situation is evolving and our investigations have revealed that some customer data has been compromised.“, has declared TfL.

Attack pattern implemented by the seventeen year old

London’s public transport agency will require as well as around 30,000 members of its staff to complete a cyber identity check by attending an appointment at a specified TfL location to reset their password and be verified in person for access to TfL applications and data.

“This includes some customer names and contact details, including email addresses and home addresses where provided..”

It is worth noting that West Midlands Police had previously arrested a 17-year-old boy, also from Walsall, in July 2024 in connection with a ransomware attack on MGM Resorts. The incident was attributed to the notorious Scattered Spider group.

Not just the UK

It is currently unclear whether these two incidents refer to the same person; last June, another 22-year-old British citizen was arrested in Spain for his alleged involvement in several ransomware attacks conducted by Scattered Spider.

The dangerous cybercrime group, to which the 17-year-old boy was linked, is part of a larger collective called The Com, a heterogeneous ecosystem of various groups that have engaged in cybercrime, illegal occupations, and physical violence; It is also known by the names 0ktapus, Octo Tempest, and UNC3944.

Scattered Spider ransomware operations have increasingly focused on cloud infrastructure within the insurance and financial sectors, echoing a new report from EclecticIQ a similar analysis of Resilience Threat Intelligence in May 2024.

The group has a well-documented history of persistently gaining access to cloud environments through sophisticated social engineering tactics, including purchasing stolen credentials, performing SIM swaps, and using cloud-native tools.

“Scattered Spider frequently uses phone call-based social engineering techniques, such as voice phishing (vishing) and text message phishing (smishing), to deceive and manipulate targets, primarily targeting IT services and identity administrators“, has declared security researcher Arda Büyükkaya, concluding: “The cybercriminal group leverages legitimate cloud tools such as Azure Special Administration Console and Data Factory to remotely execute commands, transfer data, and maintain persistence, while avoiding detection..”