Close Menu
    What's Hot

    the shoemaker’s son who sparked Britain’s first financial crisis

    Wolters Kluwer: The Business Of Truth That AI Cannot Replace (OTCMKTS:WOLTF)

    I Built a Self-Improving AI, and So Can You

    Facebook X (Twitter) Instagram
    Trending
    • the shoemaker’s son who sparked Britain’s first financial crisis
    • Wolters Kluwer: The Business Of Truth That AI Cannot Replace (OTCMKTS:WOLTF)
    • I Built a Self-Improving AI, and So Can You
    • New Ghost Phishing Wave Is Breaking Traditional Email Security
    • Nigel Farage’s Scandals Might Cost Him Power
    • Judge Orders $5 Million Trump Judgment Be Released to E. Jean Carroll
    • Renewed U.S.-Iran Strikes in Hormuz Threaten Energy Market Recovery
    • African Development Bank Brokers Zambia Debt-for-Energy Swap
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker

    adminBy adminJuly 7, 2026No Comments5 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker

    U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint.

    Microsoft records tied that ID first to the account the attackers used to keep access during the May 2025 intrusion, then to online accounts prosecutors say belong to 19-year-old Peter Stokes.

    Stokes is charged with conspiracy, computer intrusion, and fraud. A dual U.S.-Estonian citizen known online as “Bouquet,” he was extradited from Finland and made his first court appearance in Chicago on June 30, as THN reported. He is presumed innocent pending trial.

    How the break-in worked

    Between May 12 and 15, 2025, attackers phoned the retailer’s IT help desk from Google Voice numbers, posed as locked-out employees, and got staff to reset employees’ passwords and the mobile devices tied to their multifactor authentication.

    Within a few hours, they controlled three accounts, two belonging to IT administrators. They installed ngrok and a second tunneling tool called Teleport, moved data to Amazon cloud storage, and pulled out at least 77 gigabytes.

    Cybersecurity

    They appear to have tried to deploy ransomware, but the retailer’s security team blocked it and evicted them from the network. The attackers still sent a ransom email, subject line “IMPORTANT: WE STOLE THE DATA, CONTACT UMMEDIATELY [sic],” and later asked for $8 million in cryptocurrency. The company did not pay. The breach still cost it about $2 million in disruption, investigation, and cleanup.

    The way in was the help desk, not a software flaw. The fix is a process, not patching: verify identity before any reset with a callback to a number already on file, manager sign-off, or video checks for privileged accounts. Phishing-resistant MFA like FIDO2 keys blunts the group’s other methods, but does nothing if a help desk will reset an account on a phone call.

    The ID that led investigators to Stokes

    Investigators worked back to Stokes from the device that opened the ngrok account. Microsoft told the FBI it carried Global Device Identifier g:6755467234350028, which Microsoft describes as a persistent identifier tied to a single Windows installation, one that survives operating-system updates but changes when Windows is reinstalled.

    Microsoft records show that the device visited the ngrok signup page at 19:21 UTC on May 12, 2025, the same minute the ngrok account was created, and reached the retailer’s website through the same proxy about three hours later.

    The device also kept surfacing on the same IP addresses, at the same times, as Snapchat, Apple, and Facebook accounts prosecutors attribute to Stokes: an address in his home city of Tallinn, Estonia, in June 2024, then New York in November and Thailand in February 2025, matched by State Department travel records.

    The complaint shows an operator who hid the attack, behind a VPN proxy, tunneling tools, and aliases, but not himself. Prosecutors say his Snapchat flaunted cash, watches, and diamond chains reading “HACK THE PLANET,” along with the very trips that placed him in those cities. He even posted photos of an Estonian police station and taunted that the feds had no idea what they had let get away.

    One arrest, and why it may not slow the threat

    Investigators can now tie a single operator to the machine that set up an attack. But one arrest barely touches the wider threat.

    In separate, recent research, Group-IB argues Scattered Spider is not really one group at all. It is a loose collective of small, independent cells, most no bigger than five people, tied together by shared tricks, tools, and chat rooms rather than a shared boss. Group-IB compares it to the Anonymous movement and says arresting some of these cells “will not stop the threat itself.”

    Cybersecurity

    Prosecutors describe Scattered Spider as one group behind more than 100 intrusions and over $100 million in ransoms. Group-IB says the label fits a scene better than a gang, and argues that loose structure is why the activity survives each arrest.

    Part of a longer run of cases

    Other recent Scattered Spider prosecutions follow the same shape: individuals arrested one at a time, the shared playbook intact. In April 2026, Scottish national Tyler Buchanan pleaded guilty in the U.S. to fraud and identity theft tied to the group.

    In 2025, Noah Urban, known as “Sosa,” was sentenced to 10 years over a SIM-swapping scheme linked to Scattered Spider. And in the U.K., two alleged members recently admitted to the Transport for London hack, which cost an estimated £29 million.

    When Finnish police stopped Stokes at Helsinki airport as he tried to board a flight to Japan, they seized two 2-terabyte hard drives. This whole case was built from that kind of material: device records, account links, and IP trails. In a network this diffuse, the drives could matter more than the conviction, if they hold the tools, infrastructure, or contacts that reach the next member.

    alleged court device FBI filing hacker helped reveals Scattered Spider Trace Windows
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleOne of the World’s Best Roller Coasters To Close Aug. 2 in…
    Next Article How novice coders can develop AI programs for military applications | MIT News
    admin
    • Website

    Related Posts

    New Ghost Phishing Wave Is Breaking Traditional Email Security

    July 8, 2026

    AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers

    July 8, 2026

    As Erdogan Hosted NATO, His Jailed Challenger Was in Court

    July 8, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    the shoemaker’s son who sparked Britain’s first financial crisis

    Wolters Kluwer: The Business Of Truth That AI Cannot Replace (OTCMKTS:WOLTF)

    I Built a Self-Improving AI, and So Can You

    New Ghost Phishing Wave Is Breaking Traditional Email Security

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by