A British individual labeled by US attorneys as a key player in Scattered Spider, the hacking collective associated with the 2023 cyberattacks on MGM Resorts and Caesars Entertainment, has been sentenced to prison by a UK court.

On Thursday (July 16), 20-year-old British national Thalha Jubair and his co-defendant, Owen Flowers, received sentences of five years and six months for the 2024 cyberattack on Transport for London (TfL), the entity responsible for the city’s public transportation systems.
This attack caused significant disruptions to TfL’s online services for several months and compromised the personal information of millions of customers.
Jubair is also sought by US prosecutors in New Jersey on allegations including computer fraud, wire fraud, and money laundering related to hacks involving 47 US organizations, including MGM and Caesars.
While US authorities have not publicly disclosed an extradition request, prosecutors may seek to transfer him while he serves his sentence in Britain or closer to his eventual release.
Impact of the MGM Cyber Incident
The cyber assault on MGM that commenced on September 10, 2023, disrupted operations for several days, resulting in an estimated financial loss of $100 million, as the casino operator declined to meet the ransom demands.
Scattered Spider executed a comparable cyberattack on Caesars a month earlier, but it wasn’t made public until later. In this incident, the operator reportedly agreed to pay approximately $15 million from an initial $30 million ransom demand after customer data was breached, according to unnamed sources cited by The Wall Street Journal at that time.
The moniker “Scattered Spider” was coined by the cybersecurity community, not by the hackers themselves. The individuals behind the attacks on MGM and Caesars referred to their group as “Star Fraud” and were part of a larger, loosely organized team of hackers known as “the Com.”
US prosecutors claim that during his teenage years, Jubair managed servers utilized by the group, received parts of ransom payments through cryptocurrency wallets he controlled, and laundered millions of dollars in illicit proceeds.
He is alleged to have negotiated ransomware payouts directly with victims, including a $25 million cryptocurrency transaction from an unidentified company. Prosecutors assert that more than $115 million in ransom payments are associated with him and his affiliates.
They also claim that Jubair continued his cybercriminal activities even post-arrest, including breaching the online accounts of a US federal magistrate judge overseeing matters against alleged co-conspirator Noah Urban, seemingly to gather intelligence on the case.
Unassuming Presence in Court
In a London court setting, Jubair portrayed a demeanor that starkly contrasted with the portrayal of him as an international cybercriminal in US legal documents, according to local media reports.
Described as slight, bespectacled, and softly spoken, the 20-year-old was characterized as a loner with limited social connections who resided with his parents in a 22-story public housing tower located in one of East London’s less affluent neighborhoods, despite the allegations suggesting he had access to tens of millions of dollars in stolen and extorted cryptocurrency.

