THE BIG PICTURE: People have grumbled about Windows telemetry for years, to the point that an entire cottage industry of tools that clean up the OS now exists just to strip the tracking bits out. While there are privacy concerns with the feature, in this particular case, it led to federal agents dropping a hacker into a Chicago courtroom.

That hacker is Peter Stokes, a 19-year-old who holds both American and Estonian citizenship. Finnish police grabbed him on April 10 as he tried to board a flight to Japan out of Helsinki. He was recently extradited to the United States, where six counts covering conspiracy, computer intrusion, and fraud were waiting for him.

Those counts come out of his alleged time with Scattered Spider, a crew the authorities connect to a string of network breaches now past the 100 mark. The group has been so active that its members once floated the idea of retiring from ransomware, though researchers doubted it was anything more than a feint. The Justice Department puts the group's ransom total somewhere north of $100 million.

The main accusation traces back to a May 2025 hit on a luxury jewelry seller. In that case, the crew allegedly called the company's IT helpdesk over Google Voice while posing as employees, then talked support into resetting login details. That handed them three accounts, two of which carried admin privileges. From there, it was simple enough to swipe data and demand $8 million in crypto. The seller never paid, though the cleanup and downtime still cost it roughly $2 million.