An alleged member of a hacking group was caught, thanks to one hated Windows feature

About

Published July 9, 2026 · Category: Games

Overview

Windows GDID (Global Device Identifier), its own telemetry service, has drawn ire from users for some time. Turns out the data it tracks can be used by law enforcement to incriminate alleged hackers, which is both a decent outcome and sort of worrisome if you think about it too much.

As noted by TechSpot, the US Department of Justice Office of Public Affairs recently announced the arrest of 19-year-old Peter Stokes. Linked to the hacking group Scattered Spider, who are reportedly responsible for 100 network intrusions and over $100 million in ransom payments, the thing that reportedly incriminated him was his Windows GDID.

Back in May last year, Scattered Spider reportedly called the IT helpdesk of a jewellery seller posing as employees and managed to talk them into handing over password reset details. This then gave the group access to three accounts, for which Scattered Spider asked for $8 million in ransom money. Though the jeweller didn't pay, it did reportedly cost the brand $2 million.

Despite using a VPN and a tunnelling service to mask his traffic, Stokes was reportedly caught due to his GDID, which logged information on the device. A court order seemingly forced Microsoft to hand over all the evidence linking Stokes to that machine, and this was used by the US government to justify its arrest.

This wasn't helped by the fact that Stokes seemingly showed off his wealth by posting photos of fancy hotels on Snapchat. The 39-page judgment details not only the GDID link but the Snapchat bragging.

Details

Stokes was seemingly stopped at the airport by law enforcement, and he was reportedly carrying two hard drives with evidence in them, linking him to the crime.

Though stopping potential hackers is in the interest of those who don't want to be hacked, the way law enforcement caught Stokes is only more likely to stoke fears around GDID. Proton, a privacy-focused mail, drive, and VPN service provider, discusses "Windows as spyware", and though in this case, "the system worked as intended", it argues "GDID raises important questions about user consent and who actually owns the hardware you pay for."

Proton makes note of the fact that users don't explicitly consent to GDID and its data tracking trappings. "In all of Microsoft’s extensive online documentation, GlobalDeviceId merits a single mention buried in a highly obscure technical document that no one is ever likely to read."

As you might be able to guess, Proton's advice is that if you want to do away with GDID, you should swap to Linux. And with the last few years Microsoft has had, it's easy to see why one might want to move away from its software.

Source

Originally published at www.pcgamer.com.

Related Articles