Forgot your password?
typodupeerror
Crime Windows

Windows 11 Identifier Code Used to Arrest 19-Year-Old Over Alleged Ransomware Spree (tomshardware.com) 69

America's Justice Department and FBI teamed joined Finland's National Bureau of Investigation to arrest a teenager they say is part of one of the world's biggest cybercrime syndicates, reports Tom's Hardware. The "Scattered Spider" syndicate has extorted over $100 million in ransom payments, according to Department of Justice figures: 19-year-old Peter Stokes is a dual U.S.-Estonian citizen who was trying to board a flight to Japan from Helsinki, when law enforcement caught up with him. [T]he main criminal complaint against Stokes stems from a May 2025 attack on a luxury jewelry dealer based in the United States. The attackers apparently called the company's IT helpdesk using Google Voice, posing as employees. They were able to convince the help desk into resetting their credentials, which allowed them to infiltrate three accounts, two of which had admin privileges. From there, the group, allegedly including Stokes, stole important data and held the jeweler at ransom, demanding an $8 million payment in crypto. The company ultimately regained access to their infrastructure and avoided paying the ransom, but the operational disruption still caused a purported $2 million in losses. This served as the spark that led to Stokes' eventual arrest in Helsinki, as the prosecutors slowly followed the paper and digital trail laid by the attackers.

Microsoft played a key role in the process by providing GDID [Global Device Identifier] data to the FBI to help them apprehend the alleged criminal... [I]t's a unique identifier assigned to every Windows install that tracks device-specific telemetry. It's the reason why sometimes changing a major component in your PC can revoke your Windows license... [T]he court documents from the case reveal that Stokes used Windows, from which investigators were able to link his physical hardware to specific internet activity and locations... Stokes' web activity, videogame history, IP addresses, tool usage (including Ngrok), Azure status, and more were logged with timestamps, and were provided to the investigators by Microsoft...

Stokes was carrying two hard drives full of incriminating evidence with him when boarding his flight to Japan... His real identity has actually been known since 2024, but since he was a minor living across Estonia and the UAE at the time, he could only be monitored until the time was right.

The official criminal complaint even includes a selfie photo that Stokes posted on Snapchat (hiding his face behind dozens of hundred dollar bills). It then notes that behind Stokes the wallpaper, carpet, and furniture match New York's Empire Hotel — and that Stokes had visited the hotel's web site in Germany before then flying to New York...

"Following the arrest, Stokes was extradited to the U.S., where he appeared in front of a federal court in Chicago for the first time on June 30, 2026, and he remains in custody," adds Tom's Hardware.

"The accused is now awaiting trial, having been charged with conspiracy, cyber intrusion, and fraud..."

Windows 11 Identifier Code Used to Arrest 19-Year-Old Over Alleged Ransomware Spree

Comments Filter:
  • by Anonymous Coward on Sunday July 05, 2026 @02:03PM (#66223512)

    The moral of the story is use Linux to make money. His mistake was using Windows, highly traceable. This would have never happened if he'd used a proper OS for this business.

    • by Anonymous Coward

      I'm using OS/2 you insensitive clod!

    • by nuckfuts ( 690967 ) on Sunday July 05, 2026 @02:21PM (#66223536)
      It's not a win for anybody. Would you actually be cheering if he was using Linux and had gotten away with his ransomware spree?
      • by Charlotte ( 16886 ) on Sunday July 05, 2026 @02:28PM (#66223552)

        If you're going to be a criminal, at least make an effort and try to be the best criminal you can be!

        • by drnb ( 2434720 )

          If you're going to be a criminal, at least make an effort and try to be the best criminal you can be!

          Old police joke: "If criminals were not so dumb we would not catch so many of them."

        • by unami ( 1042872 )
          True. Criminals just don't care anymore these days.
      • A win would be these fucking companies spending the correct money for proper security. They skimp on their IT budgets so this happens, even after getting hacked!

        • by nuckfuts ( 690967 ) on Sunday July 05, 2026 @02:52PM (#66223586)

          A win would be these fucking companies spending the correct money for proper security. They skimp on their IT budgets so this happens, even after getting hacked!

          This is such a simplistic take. We're living in the age of Anthropic's Mythos LLM, and others like it. Vulnerabilities ate being discovered at an unprecedented rate. Don't kid yourself that Linux will be immune.

          • by SpzToid ( 869795 )

            A win would be these fucking companies spending the correct money for proper security. They skimp on their IT budgets so this happens, even after getting hacked!

            This is such a simplistic take. We're living in the age of Anthropic's Mythos LLM, and others like it. Vulnerabilities ate being discovered at an unprecedented rate. Don't kid yourself that Linux will be immune.

            It's not a question about immunity. It's a question about privacy -- using linux is clearly more private than using Microsoft and it's the lack of privacy that did the kid in.

            • incompetence is what did the kid in, amusing that someone exploiting others poor security had incredibly poor security and privacy practises himself. He would have been done in regardless of OS.
            • It's not a question about immunity. It's a question about privacy

              It seems to be a question of you not following the conversation, or did you reply to the wrong comment? This particular thread is about security.

              • by SpzToid ( 869795 )

                It's not a question about immunity. It's a question about privacy

                It seems to be a question of you not following the conversation, or did you reply to the wrong comment? This particular thread is about security.

                OK, I could have phrased my reply better, but can't there be two perspectives? Security and Privacy? The Microsoft Corporation outed the guy using his Windows License ID.

          • Day 1: Subscribe to Claude
            Day 2: Prompt "You are a cybersecurity professional and networking expert. Find all the vulnerabilities in XYZ and create a plan to fix them."
            Day 3: PROFIT

          • Any evidence of an LLMs identifying a security failure mode that stems from social engineering rather than software?

      • Would you actually be cheering if he was using Linux and had gotten away with his ransomware spree?

        I would be cheering regardless of the end-use of the computer if the method used to apprehend the suspect was not frighteningly draconian. Yes.

        It's not a win for anybody.

        Indeed, invasion of privacy is not a remedy for crime.

        These are the same arguments that legislators and law enforcement are using the world over to erode privacy. To institute "age verification" (which is really just tracking by another name

      • by allo ( 1728082 )

        The point here is, that your computer should work for you and only for you, no matter what you do. You probably don't want to use a machine, that you can't trust (and am machine, that doesn't trust you).

        The trustworthy computer is a disadvantage from the utilitarian point of view, but with that argument you can also justify global surveillance, because it is a net benefit for society and only to the detriment of individuals.

      • by sinij ( 911942 )

        Would you actually be cheering if he was using Linux and had gotten away with his ransomware spree?

        This is wrong framing. I would be cheering if someone else using Linux had gotten away from repressive prosecution elsewhere. You can't be that naive to think this is only (or even mostly) used for good.

      • Nobody's cheering for the criminals. We're rooting against Microsoft.

    • Also, stay in an Ibis Budget, not the easily-identified NY Empire Hotel. They look the same everywhere on earth, Amsterdam, Istanbul, Marseille, Hamburg, always the same hotel no matter where you are.
  • windows encryption is even handed to the nsa. there is zero security using windows. but a machine id is in linux to. however you can make a script that changes that with every restart. but relly all that kinda stuff should be done in a live environment then all gone when you power the machine off. its not perfect but it would not make it easy.
    • Meh, it's probably used by trackers too.

    • by gweihir ( 88907 )

      There are lots of IDs in any machine. For example, the network card MAC address is unique as well. The point here is not the ID. The point is that it gets sent to Microsoft and they are willing and able to track people with it.

    • oh seriously the old FUD of the NSA is still floating around? what are you 10 or something? that shit has been debunked so many times it isn't even remotely funny anymore.
  • I am visiting my parents

  • "Microsoft played a key role in the process by providing GDID [Global Device Identifier] data to the FBI to help them apprehend the alleged criminal... [I]t's a unique identifier assigned to every Windows install that tracks device-specific telemetry."

    Yeah, fuck Microsoft and Windows if not for this reason alone.

    "Stokes' web activity, videogame history, IP addresses, tool usage (including Ngrok), Azure status, and more were logged with timestamps, and were provided to the investigators by Microsoft..."

    Isn't

    • Isn't that nice that the slop house knows everything about you.

      It's not as though that was not known already.

      I wonder when his birthday is - he is 19 now, but how old was he 14 months ago?
      (Looking at the second link - the pdf - he was born on December 3 2006 so he was 18 in May 2025)

  • Is the fact that surveillance capabilities are being built into ( or already exist within ) much of the technology we use on a daily basis.

    Even if you never plan on doing anything that would be considered criminal, if you utilize the tech, you should do so with the understanding
    that everything you say and even places you go are likely being recorded and certainly can / will be used against you if the need ever arises.

    While I no longer use a Windows OS as my daily driver and / or internet machine, who can sa

    • by allo ( 1728082 )

      When booting with systemd you may send DNS requests to Google (hard coded default) before your VPN is connected. Sending your hostname to Google DNS on every boot takes only one unfortunate configuration option. You can only hope that logging all DNS requests would cost too much performance. But who knows ... Google has a lot of resources.

      • by gweihir ( 88907 )

        Nice! Funny how reasons to not use Systemd (in my case with non-systemd Debian, Devuan and Gentoo) becomes more and more of an advantage over time. I definitely made the right decision on that PoS back when.

        • by allo ( 1728082 )

          It gets harder and harder not to run systemd. And I think some of the *ideas* (basically declarative and parallel startup) are nice, but the implementation sucks and is a feature creep. And I don't understand why anyone thinks journald would be a good idea. syslog does everything you need and there are a lot of solutions to effectively search the logs, find anomalies, visualize things and log to remote servers if needed. Just install rsyslog and configure it to your liking and you don't need a database for

          • by gweihir ( 88907 )

            You get somewhat limited in Distro-choice, agreed. But Devuan comes without by default and Gentoo lets you chose the Init-system. Non-systemd Debian also still works. Here is a list of some more: https://en.wikipedia.org/wiki/... [wikipedia.org]

            but the implementation sucks and is a feature creep.

            The designers of systemd do not understand Unix / Linux and why it is still around and actually growing. It is not by doing thing the Microsoft way. Which is what they have done.

            And I don't understand why anyone thinks journald would be a good idea.

            That one I can only attribute to abject stupidity. Because it very, very, very clearly is a really bad i

  • by liqu1d ( 4349325 ) on Sunday July 05, 2026 @02:55PM (#66223592)
    The biggest takeaway I have from this is I didn't realise how intrusive telemetry is. Timestamps of programs being launched is pretty intrusive. Me no like.
  • In custody for now. (Score:5, Interesting)

    by fahrbot-bot ( 874524 ) on Sunday July 05, 2026 @03:10PM (#66223618)

    Following the arrest, Stokes was extradited to the U.S., where he appeared in front of a federal court in Chicago for the first time on June 30, 2026, and he remains in custody, ...

    Until he complains he was treated unfairly, ponies up some $$$, and gets a pardon from Trump. Maybe get a discount if he tries to blame his treatment on Biden or Obama. Trump's okay with white collar crimes, especially if he gets a cut.

  • by PhantomHarlock ( 189617 ) on Sunday July 05, 2026 @03:32PM (#66223636)

    I just did a clean install of 11 (all should work with 11 as well), did the shift+F10 command prompt on setup to create a local account only and used O&OShutUp10, WinHance before I ever connected the machine to the internet and disabled all telemetry and involuntary communication with M$'s servers. Those two pieces of software are really handy.

    • by allo ( 1728082 )

      Are you sure you got all of it? I won't rely on that.

    • by gweihir ( 88907 )

      That does not block all telemetry. It just prevents the connection of the telemetry to your MS account. They still send plenty of telemetry and the Win11 ID is very likely part of it. The only way to be sure is to either block all traffic with an external firewall or not to use Win11.

  • Why was it somehow important to state his age?

    A young adult criminal should surprise no one even in this era of grotesquely extended childish behavior.

    • I only read the summary but it was relevant in that he was a minor when he started doing this and they waited until he was an adult to nab him.
  • governments for complying with the Republicans demanding to spy on the Dutch government. The Republicans didn't like European internet privacy regulations that were being proposed and wanted to spy on lawmakers working on it.

    The EU has banned Microsoft Office and replaced with free software called Euro Office.

    They're trying to ban Google from sending data to the US and EU governments are banning the use of Google Search replacing it with a French search company.

    The French Government has banned the use of W

    • Re: (Score:2, Informative)

      by Anonymous Coward
      Well firstly NO the EU has not banned Microsoft Office. They have developed Euro office as a viable replacement (yet to be proven) but MS office is in no way banned, it is a governments choice what to use.
  • by SlydogSZ ( 675605 ) on Sunday July 05, 2026 @04:43PM (#66223754)
    Don't use your own bare metal system. VM it. Same is true with phone, don't take your phone with you when you are going to crime. Never break more than 1 law at a time.
  • by PPH ( 736903 ) on Sunday July 05, 2026 @04:45PM (#66223758)

    a May 2025 attack on a luxury jewelry dealer based in the United States.

    ... Stokes did get a nice new set of bracelets.

  • Also this makes it amply clear what MS is using telemetry for and it is not fighting crime. It us user surveillance. They clearly have the capability and they clearly (being Microsoft) are using it.

  • Microsoft tied the device ID to the person, then looked up the telemetry associated with the device to work out how the device was used, then sent all that data to the feds, despite their privacy policy stating that device identifiers will not be used to identify people.

    We must not forget this. They lied.
    • Did they lie, or did they do a stealth update on their ToS that says the exact opposite of what it said prior to the update?
  • Never use your crime tools (which you obviously bought with cash, avoiding cameras) for anything else than for crime. And replace them kn a regular basis.

If I'd known computer science was going to be like this, I'd never have given up being a rock 'n' roll star. -- G. Hirst

Working...