At some carefree recent point, a teenager called Peter Stokes bought a necklace bearing the diamond-encrusted message “HACK THE PLANET.”

It is not clear if Stokes was wearing his flashy jewellery when he was arrested in Finland in April, while attempting to board a flight to Japan.

But it was captured for posterity in a criminal complaint against him unsealed on July 1 that alleged Stokes – also known as Bouquet and Jordan – was a member of the “Scattered Spider” cybercrime group.

The son of a rich executive

It is not Stokes’ gauche sartorial decisions that are interesting cybersecurity researchers – and likely cybercriminals too –  however. 

Nor is it the fact that this alleged cyber criminal isn’t Russian, or Iranian, or North Korean, but a joint US-Estonian national and the son of an “executive in two major European businesses” as the FBI puts it.

What is interesting to many hackers – friendly “white hats” as well as no doubt the Scattered Spider members still at large – is the teenager’s operational security, or “opsec” failures; crudely, how he got caught. 

It’s also triggered some industry hand-wringing about Microsoft’s little-publicised and little-documented “Global Device Identifier” or (GDID); a data string tied by Microsoft to specific devices – that shows up like this g:1298371934870 in one rare public Microsoft example.

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in