First reported by bsky
19-year-old alleged Scattered Spider hacker extradited to US on cybercrime charges
Windows 11 Identifier Code Used to Arrest 19-Year-Old Over Alleged Ransomware Spree
By
EditorDavid
Source
SlashdotWindows 11 Identifier Code Used to Arrest 19-Year-Old Over Alleged Ransomware Spreeslashdot.orgAmerica's Justice Department and FBI teamed joined Finland's National Bureau of Investigation to arrest a teenager they say is part of one of the world's biggest cybercrime syndicates, reports Tom's Hardware. The "Scattered Spider" syndicate has extorted over $100 million in ransom payments, according to Department of Justice figures: 19-year-old Peter Stokes is a dual U.S.-Estonian citizen who was trying to board a flight to Japan from Helsinki, when law enforcement caught up with him. [T]he main criminal complaint against Stokes stems from a May 2025 attack on a luxury jewelry dealer based in the United States. The attackers apparently called the company's IT helpdesk using Google Voice, posing as employees. They were able to convince the help desk into resetting their credentials, which allowed them to infiltrate three accounts, two of which had admin privileges. From there, the group, allegedly including Stokes, stole important data and held the jeweler at ransom, demanding an $8 million payment in crypto. The company ultimately regained access to their infrastructure and avoided paying the ransom, but the operational disruption still caused a purported $2 million in losses. This served as the spark that led to Stokes' eventual arrest in Helsinki, as the prosecutors slowly followed the paper and digital trail laid by the attackers. Microsoft played a key role in the process by providing GDID [Global Device Identifier] data to the FBI to help them apprehend the alleged criminal... [I]t's a unique identifier assigned to every Windows install that tracks device-specific telemetry. It's the reason why sometimes changing a major component in your PC can revoke your Windows license... [T]he court documents from the case reveal that Stokes used Windows, from which investigators were able to link his physical hardware to specific internet activity and locations... Stokes' web activity, videogame history, IP addresses, tool usage (including Ngrok), Azure status, and more were logged with timestamps, and were provided to the investigators by Microsoft... Stokes was carrying two hard drives full of incriminating evidence with him when boarding his flight to Japan... His real identity has actually been known since 2024, but since he was a minor living across Estonia and the UAE at the time, he could only be monitored until the time was right. The official criminal complaint even includes a selfie photo that Stokes posted on Snapchat (hiding his face behind dozens of hundred dollar bills). It then notes that behind Stokes the wallpaper, carpet, and furniture match New York's Empire Hotel — and that Stokes had visited the hotel's web site in Germany before then flying to New York... "Following the arrest, Stokes was extradited to the U.S., where he appeared in front of a federal court in Chicago for the first time on June 30, 2026, and he remains in custody," adds Tom's Hardware. "The accused is now awaiting trial, having been charged with conspiracy, cyber intrusion, and fraud..." Read more of this story at Slashdot.
You might also wanna read

Windows 11 identifier used to track Scattered Spider perp after Microsoft shared info with FBI — 19-year-old US-Estonian hacker arrested over alleged ties to infamous extortion group
Tom's Hardware·8h ago

Windows 11 identifier used to track Scattered Spider perp after Microsoft shared info with FBI — 19-year-old US-Estonian hacker arrested over alleged ties to infamous extortion group
tomshardware.com·8h ago

Teen ‘Scattered Spider’ suspect extradited to US over $8M crypto ransom
Cointelegraph·2d ago
19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
thehackernews.com·4d ago
19-year-old alleged Scattered Spider hacker extradited to US on cybercrime charges
A 19-year-old alleged member of the Scattered Spider cyber extortion crew, Peter Stokes (dual US-Estonian citizen), has been extradited to t

International Police Coalition Dismantles AudiA6 Crypto Laundering Service, Arrests Two Operators in Georgia
International law enforcement, including the US Department of Justice, Europol, and Eurojust, dismantled the "AudiA6" cryptocurrency launder
blazetrends.com·24d agoMicrosoft uncovers cryptojacking campaign using SEO poisoning and AI chatbots to target high-GPU users via fake utility downloads
Microsoft Defender Experts identified an active cryptojacking campaign that uses SEO poisoning and AI chatbot manipulation to distribute mal
microsoft.com·1mo ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.