[ad_1]
The high-tech cyber hacker who goes by the online moniker “Bouquet” jetted around the world, from Dubai to Thailand to New York, staying in five-star hotels and flashing cash and jewels, federal authorities allege.
As his internet attacks grew bolder and more sophisticated, he taunted the FBI for being a step behind, authorities allege, posted memes depicting his crew as mafia bosses and photos of himself wearing a diamond-studded necklace that spelled out in giant letters “HACK THE PLANET.”
Now, the feds say, “Bouquet” has been busted. His real name is Peter Stokes, a dual citizen of the U.S. and Estonia who was arrested earlier this month in Finland attempting to board a flight to Japan, according to court records obtained by the Tribune.
Perhaps most surprising? He’s only 19.
Federal charges filed under seal in Chicago allege Stokes is a prolific member of a loosely connected, international group of sophisticated hackers known as Scattered Spider, and that he helped infiltrate the sensitive computer systems of large corporations in the Chicago area and elsewhere and collect millions of dollars in ransom.
At the time he was approached at the airport in Helsinki on April 10, Stokes “was in possession of, among other electronics, two two-terabyte hard drives,” alleged a criminal complaint that the Tribune obtained when it was briefly made public last week.
Authorities are seeking to have Stokes extradited to Chicago to face charges, according to the complaint, which has since been resealed. The U.S. attorney’s office declined to comment Wednesday.
The court docket does not list a lawyer for Stokes.
According to the charges, Scattered Spider is a transnational cybercriminal group that targets large companies and their contracted information technology help desks, then steals and encrypts sensitive information and holds it for ransom.
The hacker group, which also goes by the name Octo Tempest, is made up largely of teens and young adults. It began in 2022 in the U.S. and Great Britain, though it is now believed to have spread to other European countries as well as Australia. Among their more high-profile targets: large retailers, major airlines including Qantas and WestJet, and gaming corporations such as MGM Resorts, according to news reports.
Last July, the FBI along with other cybersecurity agencies issued a joint alert about Scattered Spider, saying the group had increased in sophistication as well as the size and prestige of its targets, which included “commercial facilities sectors, subsectors, and other sectors.”
A number of Scattered Spider members have been arrested in the past several years. Among them was Tyler Robert Buchanan, a 24-year-old British national described as a “senior member” of the group, who pleaded guilty last week in federal court in California to using text message phishing attacks to hack U.S. companies and steal at least $8 million in virtual currency from individual victims.
Stokes, meanwhile, was charged in a six-count complaint filed under seal in December with wire fraud, conspiracy and computer intrusion. The charges alleged Stokes personally participated in at least four Scattered Spider hacks, including one when he was just 16 years old, that have cost victim companies millions of dollars.
According to the complaint, Stokes, the son of a prominent European businessman, “in recent years has exhibited substantial wealth for a person his age,” posting images on Facebook and Snapchat of his travels in Europe as well as to Mexico, Thailand and Dubai.
Despite only being a teenager, Stokes “stayed in multiple luxury hotels” during his travels and has acquired “numerous watches and substantial cash,” the complaint noted. Included in the charges was one photo from Stokes’ social media accounts showing him standing in a room at the Empire Hotel, a four-star hotel in midtown Manhattan, holding up dozens of fanned out $100 bills.
Stokes also posted an image from the hit HBO mob show “The Sopranos,” with the monikers of other Scattered Spider members written in over various characters, according to the complaint. In the image, which was included in the charges, Stokes’ first name, “Peter,” is written in over Carmine Lupertazzi Sr., the boss of a fictional New York crime family.
The first Scattered Spider hack specifically attributed to Stokes in the complaint occurred in March 2023, a few months after his 16th birthday. The victim, an online-communication platform identified only as “Company H,” was targeted through a seemingly routine request to reset an employee’s two-factor authentication, the complaint alleged.
As part of the investigation, authorities uncovered encrypted chats Stokes allegedly had with an accomplice as they gained access to Company H’s sensitive data, including the personal identification information for employees. The conversations are peppered with teenage lingo like “bro” and “lmfao.”
“u have 30 mins before i kick u off btw,” Stokes told the co-conspirator, a juvenile living in the U.S., according to the complaint. “i gtg to school.”
More recently, Stokes was responsible for the May 2025 hack of “Company F,” a multibillion-dollar “luxury item retailer,” according to the complaint. That intrusion began with phishing calls to the company’s technology help desk by hackers who pretended to be employees requesting a reset of their authentication credentials.
Within hours, Stokes and his accomplices had gained access to “high-privilege” accounts held by two of the company’s IT administrators, which were used to hack into a main server in New Jersey and access reams of sensitive data, the complaint alleged.
On May 15, 2025, the hackers sent a ransom note to several Company F personnel with the subject “IMPORTANT: WE STOLE THE DATA, CONTACT UMMEDIATELY (sic),” the complaint alleged.
“In the email, the threat actors claimed they had stolen 100 gigabytes of data, including … credit card and related payment information, and threatened to publish the data unless Company F contacted them at a specified email address for negotiations,” the complaint stated.
After several weeks of communication, which included the hackers sharing some of the stolen data with the company, the suspects sent another message saying, “We are wanting to push things forward, after some consideration $8 million seems like a good price. Let us know what you think.”
Company F did not pay the ransom, and no further attempts were made to communicate with the hackers, the complaint alleged.
Still, the ordeal cost the company more than $2 million in business disruption, investigation and mitigation, according to the complaint.
The complaint also alleged Stokes and other Scattered Spider members traded memes and jokes about law enforcement being on their tail. One image sent to Stokes by a co-conspirator in 2024 depicted a computer screenshot of a series of failed log-in attempts and the phrase “F— off, FBI.”
In another exchange from January 2025, Stokes sent images of a police station in Estonia to a co-conspirator along with the caption, “Feel like raymond reddington season 1 episode 1 rn,” a reference to the character from the show “The Blacklist,” played by James Spader, turning himself into the FBI with an offer to help catch high-profile criminals.
Stokes later sent an image over Snapchat with the caption “Feds dont know what they just fumbled…,” the complaint stated.
jmeisner@chicagotribune.com
[ad_2]
Click Here For The Original Source.
