News: 0184320244

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Windows 11 Identifier Code Used to Arrest 19-Year-Old Over Alleged Ransomware Spree (tomshardware.com)

(Sunday July 05, 2026 @05:55PM (EditorDavid) from the crime-doesn't-pay dept.)


America's Justice Department and FBI teamed joined Finland's National Bureau of Investigation to arrest a teenager they say is part of one of the world's biggest cybercrime syndicates, [1]reports Tom's Hardware . The "Scattered Spider" syndicate has extorted over $100 million in ransom payments, according to Department of Justice figures:

> 19-year-old Peter Stokes is a dual U.S.-Estonian citizen who was trying to board a flight to Japan from Helsinki, when law enforcement caught up with him. [T]he main criminal complaint against Stokes stems from a May 2025 attack on a luxury jewelry dealer based in the United States. The attackers apparently called the company's IT helpdesk using Google Voice, posing as employees. They were able to convince the help desk into resetting their credentials, which allowed them to infiltrate three accounts, two of which had admin privileges. From there, the group, allegedly including Stokes, stole important data and held the jeweler at ransom, demanding an $8 million payment in crypto. The company ultimately regained access to their infrastructure and avoided paying the ransom, but the operational disruption still caused a purported $2 million in losses. This served as the spark that led to Stokes' eventual arrest in Helsinki, as the prosecutors slowly followed the paper and digital trail laid by the attackers.

>

> Microsoft played a key role in the process by providing GDID [Global Device Identifier] data to the FBI to help them apprehend the alleged criminal... [I]t's a unique identifier assigned to every Windows install that tracks device-specific telemetry. It's the reason why sometimes changing a major component in your PC can revoke your Windows license... [T]he court documents from the case reveal that Stokes used Windows, from which investigators were able to link his physical hardware to specific internet activity and locations... Stokes' web activity, videogame history, IP addresses, tool usage (including Ngrok), Azure status, and more were logged with timestamps, and were provided to the investigators by Microsoft...

>

> Stokes was carrying two hard drives full of incriminating evidence with him when boarding his flight to Japan... His real identity has actually been known since 2024, but since he was a minor living across Estonia and the UAE at the time, he could only be monitored until the time was right.

The [2]official criminal complaint even includes a selfie photo that Stokes posted on Snapchat (hiding his face behind dozens of hundred dollar bills). It then notes that behind Stokes the wallpaper, carpet, and furniture match New York's Empire Hotel — and that Stokes had visited the hotel's web site in Germany before then flying to New York...

"Following the arrest, Stokes was extradited to the U.S., where he appeared in front of a federal court in Chicago for the first time on June 30, 2026, and he remains in custody," adds Tom's Hardware .

"The accused is now awaiting trial, having been charged with conspiracy, cyber intrusion, and fraud..."



[1] https://www.tomshardware.com/software/windows-11-identifier-used-to-track-scattered-spider-perp-after-microsoft-shared-info-with-fbi-19-year-old-us-estonian-hacker-arrested-over-alleged-ties-to-infamous-extortion-group

[2] https://www.justice.gov/usao-ndil/media/1450651/dl?inline



Re: (Score:2)

by sound+vision ( 884283 )

They only seem to receive you if you help them geopolitically, and even then, you'll probably spend years sleeping on benches at the Moscow airport before they let you in.

But this isn't Ed Snowden, this is a garden-variety scammer. So, zero chance anyone in Russia cares. Even if he waits in line all night.

Re: (Score:2)

by jfdavis668 ( 1414919 )

Not if he offers to share his loot.

Re: (Score:2)

by Rujiel ( 1632063 )

Is Russia in the room with us now? And was this all it takes for you to remicrowave this ancient dig at Snowden as being russia-aligned as if his passport was not cancelled by the US govt when he was in moscow?

Another win for Linux! (Score:1)

by Anonymous Coward

The moral of the story is use Linux to make money. His mistake was using Windows, highly traceable. This would have never happened if he'd used a proper OS for this business.

Re: (Score:1)

by Anonymous Coward

I'm using OS/2 you insensitive clod!

Re: (Score:2)

by Lobachevsky ( 465666 )

You need say "Warp". OS/2 Warp.

Re:Another win for Linux! (Score:4, Interesting)

by nuckfuts ( 690967 )

It's not a win for anybody. Would you actually be cheering if he was using Linux and had gotten away with his ransomware spree?

Re:Another win for Linux! (Score:5, Insightful)

by Charlotte ( 16886 )

If you're going to be a criminal, at least make an effort and try to be the best criminal you can be!

Re: (Score:2)

by drnb ( 2434720 )

> If you're going to be a criminal, at least make an effort and try to be the best criminal you can be!

Old police joke: "If criminals were not so dumb we would not catch so many of them."

Re: (Score:2)

by RitchCraft ( 6454710 )

A win would be these fucking companies spending the correct money for proper security. They skimp on their IT budgets so this happens, even after getting hacked!

Re: (Score:3)

by nuckfuts ( 690967 )

> A win would be these fucking companies spending the correct money for proper security. They skimp on their IT budgets so this happens, even after getting hacked!

This is such a simplistic take. We're living in the age of Anthropic's Mythos LLM, and others like it. Vulnerabilities ate being discovered at an unprecedented rate. Don't kid yourself that Linux will be immune.

Re: (Score:2)

by SpzToid ( 869795 )

>> A win would be these fucking companies spending the correct money for proper security. They skimp on their IT budgets so this happens, even after getting hacked!

> This is such a simplistic take. We're living in the age of Anthropic's Mythos LLM, and others like it. Vulnerabilities ate being discovered at an unprecedented rate. Don't kid yourself that Linux will be immune.

It's not a question about immunity. It's a question about privacy -- using linux is clearly more private than using Microsoft and it's the lack of privacy that did the kid in.

Re: (Score:2)

by Excelcia ( 906188 )

> Would you actually be cheering if he was using Linux and had gotten away with his ransomware spree?

> I would be cheering regardless of the end-use of the computer if the method used to apprehend the suspect was not frighteningly draconian. Yes.

>> It's not a win for anybody.

> Indeed, invasion of privacy is not a remedy for crime.

> These are the same arguments that legislators and law enforcement are using the world over to erode privacy. To institute "age verification" (which is really just tracking by another name

Re: (Score:2)

by Excelcia ( 906188 )

Bah,

Made a typo in the quoting but I'm sure you can figure it out.

Re: (Score:2)

by allo ( 1728082 )

The point here is, that your computer should work for you and only for you, no matter what you do. You probably don't want to use a machine, that you can't trust (and am machine, that doesn't trust you).

The trustworthy computer is a disadvantage from the utilitarian point of view, but with that argument you can also justify global surveillance, because it is a net benefit for society and only to the detriment of individuals.

on point (Score:2)

by luther349 ( 645380 )

windows encryption is even handed to the nsa. there is zero security using windows. but a machine id is in linux to. however you can make a script that changes that with every restart. but relly all that kinda stuff should be done in a live environment then all gone when you power the machine off. its not perfect but it would not make it easy.

Re: (Score:2)

by eneville ( 745111 )

Meh, it's probably used by trackers too.

Re: (Score:2)

by RitchCraft ( 6454710 )

Oh come on Bill, we all know that you used Linux when traveling around with Jeff.

Re: (Score:2)

by Tailhook ( 98486 )

And the case doesn't really rely on the GUID, so it doesn't matter.

Re:GUID =/= unique (Score:5, Informative)

by znrt ( 2424692 )

guid = "globally unique identifier", microsoft name for uuid, a standard (rfc4122) 128 bit identifier for all sorts of objects, keys, components, etc.

gdid = "global device identifier", a non-standard (windows) 128 bit identifier for devices generated from serial numbers on install.

in both cases the chance of collision is nearly zero, but not zero. guids however are generated on the fly, in the millions daily. fun times ahead?

Re: (Score:2)

by allo ( 1728082 )

Don't click here: [1]https://wasteaguid.info/ [wasteaguid.info]

[1] https://wasteaguid.info/

No, my name is Linus (Score:2)

by Provocateur ( 133110 )

I am visiting my parents

Dear Microsoft, FU (Score:2)

by RitchCraft ( 6454710 )

"Microsoft played a key role in the process by providing GDID [Global Device Identifier] data to the FBI to help them apprehend the alleged criminal... [I]t's a unique identifier assigned to every Windows install that tracks device-specific telemetry."

Yeah, fuck Microsoft and Windows if not for this reason alone.

"Stokes' web activity, videogame history, IP addresses, tool usage (including Ngrok), Azure status, and more were logged with timestamps, and were provided to the investigators by Microsoft..."

Isn't

Re: (Score:2)

by Vlad_the_Inhaler ( 32958 )

> Isn't that nice that the slop house knows everything about you.

It's not as though that was not known already.

I wonder when his birthday is - he is 19 now, but how old was he 14 months ago?

(Looking at the second link - the pdf - he was born on December 3 2006 so he was 18 in May 2025)

The moral of this story (Score:2)

by nehumanuscrede ( 624750 )

Is the fact that surveillance capabilities are being built into ( or already exist within ) much of the technology we use on a daily basis.

Even if you never plan on doing anything that would be considered criminal, if you utilize the tech, you should do so with the understanding

that everything you say and even places you go are likely being recorded and certainly can / will be used against you if the need ever arises.

While I no longer use a Windows OS as my daily driver and / or internet machine, who can sa

Re: (Score:2)

by allo ( 1728082 )

When booting with systemd you may send DNS requests to Google (hard coded default) before your VPN is connected. Sending your hostname to Google DNS on every boot takes only one unfortunate configuration option. You can only hope that logging all DNS requests would cost too much performance. But who knows ... Google has a lot of resources.

Hmmm (Score:2)

by liqu1d ( 4349325 )

The biggest takeaway I have from this is I didn't realise how intrusive telemetry is. Timestamps of programs being launched is pretty intrusive. Me no like.

In custody for now. (Score:4, Interesting)

by fahrbot-bot ( 874524 )

> Following the arrest, Stokes was extradited to the U.S., where he appeared in front of a federal court in Chicago for the first time on June 30, 2026, and he remains in custody, ...

Until he complains he was treated unfairly, ponies up some $$$, and gets a pardon from Trump. Maybe get a discount if he tries to blame his treatment on Biden or Obama. Trump's okay with white collar crimes, especially if he gets a cut.

Disable all telemetry on install (Score:3)

by PhantomHarlock ( 189617 )

I just did a clean install of 11 (all should work with 11 as well), did the shift+F10 command prompt on setup to create a local account only and used O&OShutUp10, WinHance before I ever connected the machine to the internet and disabled all telemetry and involuntary communication with M$'s servers. Those two pieces of software are really handy.

Re: (Score:2)

by allo ( 1728082 )

Are you sure you got all of it? I won't rely on that.

Why does his age matter? (Score:2)

by couchslug ( 175151 )

Why was it somehow important to state his age?

A young adult criminal should surprise no one even in this era of grotesquely extended childish behavior.

Microsoft just got kicked out of all of European (Score:3, Informative)

by Cafe Alpha ( 891670 )

governments for complying with the Republicans demanding to spy on the Dutch government. The Republicans didn't like European internet privacy regulations that were being proposed and wanted to spy on lawmakers working on it.

The EU has banned Microsoft Office and replaced with free software called Euro Office.

They're trying to ban Google from sending data to the US and EU governments are banning the use of Google Search replacing it with a French search company.

The French Government has banned the use of Windows in their government.

Was it worth it becoming an arm of the US Fascist state, Microsoft? How much of your market are you losing?

Meanwhile Palentir is being kicked out of Europe too.

American companies that went Fascist FAFO

Use a VM, maybe even a VM in a VM (Score:2)

by SlydogSZ ( 675605 )

Don't use your own bare metal system. VM it. Same is true with phone, don't take your phone with you when you are going to crime. Never break more than 1 law at a time.

On the bright side ... (Score:2)

by PPH ( 736903 )

> a May 2025 attack on a luxury jewelry dealer based in the United States.

... Stokes did get a nice new set of bracelets.

FORD Tell me Arthur...
ARTHUR Yes?
FORD This boulder we're stuck under, how big would you
say it was? Roughly?
ARTHUR Oh, about the size of Coventry Cathedral.
FORD Do you think we could move it? (Arthur doesn't
reply) Just asking.

- Ford and Arthur in a tricky situation, Fit the Eighth.