July 1 (Reuters) – A 19-year-old man accused of being a member of the criminal hacking group “Scattered Spider” was extradited to the United States from Finland to face federal conspiracy charges in Illinois, the Justice Department said on Wednesday.
Peter Stokes, a dual citizen of the United States and Estonia, faces conspiracy, computer intrusion and fraud charges, according to a criminal complaint unsealed Tuesday. Stokes was arrested by Finnish authorities in April after the issuance of an Interpol Red Notice and extradited to the United States last week, the department said. He made an initial appearance on Tuesday in federal court in Chicago and was ordered to remain in custody, it said.
The hacking group has been involved in more than 100 network intrusions, resulting in more than $100 million in ransom payments and millions more in damages to the victims, Assistant Attorney General A. Tysen Duva said in the Justice Department statement.
“Scattered Spider has repeatedly targeted U.S. companies, extorting employees, inflicting millions of dollars in losses, and disrupting essential operations,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division.
U.S. prosecutors announced criminal charges in 2024 against other alleged members of Scattered Spider, a loose-knit community of hackers suspected of breaking into dozens of U.S. companies to steal confidential information and cryptocurrency. The group has been blamed for unusually aggressive cybercrime sprees, targeting major multinational companies as well as individual cryptocurrency investors.
Scattered Spider drew notoriety in September 2023 when members broke into and locked up the networks of casino operators Caesars Entertainment and MGM Resorts International and demanded hefty ransoms. Caesars paid about $15 million to restore its network. U.S. prosecutors have alleged that Buchanan and the other defendants conducted phishing attacks by sending bogus but real-looking mass text messages to employees’ mobile phones warning that their accounts would be deactivated unless they clicked on a link that would surreptitiously grant system access to the hackers.
(Reporting by Daphne Psaledakis and Christian Martinez; Editing by Chizu Nomiyama )


Comments