Itnews.Au
Microsoft Device ID Used to Track Scattered Spider Hacker
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Peter Stokes, a 19-year-old hacker, was arrested in Finland on April 10, 2026, for allegedly being part of the Scattered Spider hacking group. The FBI linked him to a US$8 million ransom demand against a luxury retailer using a Microsoft Global Device ID (GDID). Despite using a VPN, Stokes' GDID was identified through Microsoft telemetry and ngrok access records. The FBI's investigation revealed that Stokes' GDID was associated with multiple IP addresses across different countries, corroborated by Snapchat and Apple account access logs. Stokes faces six charges, including conspiracy and extortion, as part of a broader crackdown on the Scattered Spider group, which has been linked to over 100 attacks and more than US$100 million in extortion. The case raises concerns about user privacy and the potential for abuse of device tracking technologies.
Key Points: • Peter Stokes was arrested for his involvement with the Scattered Spider hacking group. • Microsoft's Global Device ID was crucial in linking Stokes to his alleged crimes. • The case highlights concerns over user privacy and potential surveillance via device identifiers.