19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finl 2026-7-1 19:28:7 Author: thehackernews.com(查看原文) 阅读量:4 收藏

A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1.

Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in a Chicago federal court on June 30, where a judge ordered him held in custody.

Finnish police arrested him in April on an Interpol Red Notice, an international arrest request, before his extradition in late June. His case is the latest in a run of arrests targeting a crew tied to breaches at casinos, retailers, and airlines.

Court records identify Stokes by the online handle "Bouquet" and describe at least four intrusions, the first when he was 16. In one case, in May 2025, prosecutors say he and others broke into a luxury jewelry retailer, copied its data, and demanded about $8 million in cryptocurrency.

The retailer refused to pay, evicted the intruders, and spent at least $2 million cleaning up. According to those records, Finnish officers seized two 2-terabyte hard drives when they stopped Stokes at Helsinki airport as he tried to board a flight to Japan.

Who is Scattered Spider

Scattered Spider is not a traditional gang. It is a loose, mostly English-speaking group of young people, many of them teenagers, spread across the U.S., U.K., and Europe.

Security companies also track it under the names Octo Tempest, UNC3944, and 0ktapus. Its main trick is simple and hard to stop. Instead of breaking software, it fools people.

Members phone a company's IT help desk, pretend to be a worker who is locked out, and talk the staff into resetting a password or approving a login. Once inside, they steal files and threaten to leak them unless they are paid.

The group is best known for the 2023 attacks on MGM Resorts and Caesars Entertainment, which shut down MGM's casino and hotel systems. Through 2025, it was linked to attacks on U.K. retailers including Marks & Spencer, Harrods, and Co-op, then U.S. insurers and, later, airlines, a pattern security researchers describe as moving through one sector at a time.

Assistant Attorney General A. Tysen Duva said the group has been involved in "over 100 network intrusions, resulting in more than $100 million in ransom payments."

Part of a wider crackdown

Stokes is part of a broader shift in the Scattered Spider story: police are putting names, countries, and court dates to a crew that long operated as handles in chat rooms. Recent cases include:

  • Tyler Buchanan, a 24-year-old from Scotland, who was once described as a ringleader, pleaded guilty in a U.S. court in April 2026 to fraud and identity theft. He admitted stealing at least $8 million in cryptocurrency through phishing campaigns that hit companies including Twilio and LastPass, and faces a statutory maximum of 22 years in prison.
  • Noah Urban, a member from Florida, was sentenced in August 2025 to 10 years and ordered to repay about $13 million.
  • Thalha Jubair and Owen Flowers, two young men in the U.K., pleaded guilty in June 2026 to a 2024 attack on Transport for London, the capital's transit agency. Flowers also admitted conspiring to hack two U.S. health systems, SSM Health and Sutter Health.

How companies can defend

The playbook has outlived the arrests. Mandiant reported a lull in attacks tied to the group after the 2025 arrests, then warned that other crews are already copying it.

The weak point is the help desk, not the firewall, so the fixes that hold are stricter identity checks before a reset and sign-in keys that phishing cannot steal.

A joint U.S. and international advisory adds that once inside, the intruders often lurk in a company's chat tools and join the calls it holds to respond to the breach, watching who is hunting them.

For investigators, the drives seized in Helsinki may matter as much as the charges: devices taken from one member often lead to others. Stokes is presumed innocent, and his case must still go to trial, but the past year has made one thing plain: being young, scattered across borders, and good at talking past a help desk is no longer keeping this crew out of court.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.


文章来源: https://thehackernews.com/2026/07/19-year-old-scattered-spider-suspect.html
如有侵权请联系:admin#unsafe.sh