The US Department of Justice on Thursday sealed off a sealed federal charge against British teenager Tarha Jubea. This accuses prosecutors of being involved in at least 120 cyberattacks, including the US court system, and denounces dozens of American companies of fear tor.
Juvea, 19, was arrested at his East London home on Tuesday, according to a statement from the National Crime Bureau. He appeared in court in London on Thursday morning with another teenager, Owen Flowers.
The National Crime Bureau said the hacks in the London Transit System's IT network were attributed to scattered spider hacking groups.
Both Jubair and Flower were taken into custody and appeared in court at a later date on each BBC News.
Scattered spiders are an English-speaking group of economically motivated cybercriminals, primarily teenagers and young adults, sometimes referred to as “progressive and enduring teenagers” due to their skilled and repeated cyber attacks. These hackers are known for their ability to hack into numerous companies by using relatively simple social engineering techniques.
These hackers are also known for their involvement with other hackers through an ambiguous cyber group called “com”.
Federal fees targeting US companies
As part of another federal claim filed in New Jersey, U.S. prosecutors said Jubaia also faced computer hacking, coercion and money laundering fees in connection with dozens of hacks in which corporate victims paid more than $100 million in ransom payments.
In its criminal charges, the FBI seized a server it believed was run by Jubair in July 2024, finding evidence that Jubair is said to be involved in hacking at least 120 companies, including 47 in the US.
According to prosecutors, Jubair used social engineering technology to break into the company's network, steal internal data, encrypted the victim's servers, paid the victim to hackers and unlocked the files.
One of the victim companies included a critical infrastructure company based in New Jersey. The FBI said it not only found evidence on one of the servers allegedly run by Jubair, which contains more than gigabytes of data stolen from critical infrastructure companies, but also viewed history that showed clear evidence of logging into the servers of critical infrastructure companies.
Another FBI violation pinned to Jubair also included access to the US court system.
In January 2025, Jubair and other hackers allegedly contacted the US court help desk to access three user accounts belonging to a federal magistrate judge to search for information related to “scattered spiders.”
The hacker also used one of the hacked accounts to submit an emergency disclosure request for customer information to an unnamed financial service provider. These are common tactics that these hackers trick companies into using to take over user information according to what they think is a legitimate legal requirement.
The FBI said Jubair's seized server was “used to do a search” related to a US court hack, and was used to send emergency requests to financial companies.
Bloomberg reported that spider-hackers scattered in August broke into the US court system and searched for information related to the hackers.
Jubair's servers allegedly contained a cryptocurrency wallet that stored around $36 million at the time of its seized, according to the FBI. However, the FBI is said to have transferred about $8.4 million from the wallet as Jubair manages the servers.
It is not immediately clear whether the Justice Department is seeking or seeking extradition of Juvea, and a DOJ spokesman did not immediately comment.