Microsoft
“A Microsoft device identifier (a Global Device ID, or GDID, described below) associated with STOKES is linked to the .168 address”
At some carefree recent point, a teenager called Peter Stokes bought a necklace bearing the diamond-encrusted message “HACK THE PLANET.”
It is not clear if Stokes was wearing his flashy jewellery when he was arrested in Finland in April, while attempting to board a flight to Japan.
But it was captured for posterity in a criminal complaint against him unsealed on July 1 that alleged Stokes – also known as Bouquet and Jordan – was a member of the “Scattered Spider” cybercrime group.
It is not Stokes’ gauche sartorial decisions that are interesting cybersecurity researchers – and likely cybercriminals too – however.
Nor is it the fact that this alleged cyber criminal isn’t Russian, or Iranian, or North Korean, but a joint US-Estonian national and the son of an “executive in two major European businesses” as the FBI puts it.
What is interesting to many hackers – friendly “white hats” as well as no doubt the Scattered Spider members still at large – is the teenager’s operational security, or “opsec” failures; crudely, how he got caught.
It’s also triggered some industry hand-wringing about Microsoft’s little-publicised and little-documented “Global Device Identifier” or (GDID); a data string tied by Microsoft to specific devices – that shows up like this g:1298371934870 in one rare public Microsoft example.
Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.
Already a member? Sign in