Peter Stokes (alleged Scattered Spider member) was arrested in Finland while trying to board a flight to Japan.
But honestly, that’s not the most interesting part.
The criminal complaint is worth reading:
https://www.justice.gov/usao-ndil/media/1450651/dl?inline
What really surprised me is how investigators allegedly tied everything together using Microsoft’s telemetry.
The complaint says they used a Microsoft Global Device ID (GDID) and correlated it with IP addresses, account logins, and even browsing activity (ngrok signup, hotel website, Growtopia login, etc.) to link the same Windows installation to the suspect.
I knew Windows collected telemetry, but I didn’t expect this level of visibility.