Teen Hacker Allegedly Ransomed Major Corporations

A teenager with the handle “Bouquet” is now at the center of a very grown-up cybercrime case. Federal prosecutors in Chicago say 19-year-old Peter Stokes, a dual U.S.-Estonian citizen, helped carry out intrusions tied to Scattered Spider, the loose hacking crew blamed for some of the most disruptive corporate extortion attacks in recent years. He was arrested in Finland on April 10 while allegedly trying to board a flight to Japan, and the U.S. is seeking to bring him to Chicago on wire fraud, conspiracy, and computer intrusion charges. (bleepingcomputer.com) ### Who is “Bouquet”? Prosecutors say “Bouquet” was Stokes’ online alias and that he was involved in Scattered Spider operations while still a minor. The complaint was filed under seal in December and later unsealed, which is why the case is surfacing now. The picture prosecutors are drawing is not of a lone basement hacker, but of a young participant in a broader criminal network that allegedly moved across countries and corporate targets with surprising speed. (bleepingcomputer.com) ### What is Scattered Spider, exactly? Basically, it’s a financially motivated hacking collective made up largely of young people in the U.S. and Britain. Security agencies and researchers track it under several names, but the pattern is consistent — social engineering first, extortion second. The group has been linked to attacks on Caesars, MGM Resorts, Twil(bleepingcomputer.com)tion. (bleepingcomputer.com) ### What do prosecutors say he actually did? The complaint says Stokes took part in at least four breaches. One alleged incident dates to March 2023, when he was 16. Another, in May 2025, targeted an unnamed multibillion-dollar luxury retailer. In that case, the attackers allegedly called the company’s IT help desk, posed as employees, reset authentication credentials, got into administrator accounts, stole data, and then demanded ransom. (bleepingcomputer.com) ### Why does the help-desk angle matter so much? Because this is the part that keeps catching companies flat-footed. Scattered Spider is notorious for bypassing security not by smashing through hardened systems, but by persuading a human being to open the door. Federal agencies have warned that the group repeatedly uses phishing, push bombing, SIM swaps, and (bleepingcomputer.com)tion, not software patching. (cisa.gov) ### How much damage are we talking about? A lot, even when the victim refuses to pay. In the luxury retailer case, prosecutors say the attackers claimed to hold 100 gigabytes of stolen data and eventually demanded $8 million. The company did not pay, but still suffered more than $2 million in disruption and remediation costs. That’s the ugly math of ransomware-era extortion — the ransom is only one line item. (bleepingcomputer.com) ### Is this part of a bigger crackdown? Yes. Just last week, Tyler Robert Buchanan, a 24-year-old British man described by investigators as a key Scattered Spider figure, pleaded guilty in the U.S. to conspiracy to commit wire fraud and aggravated identity theft. So Stokes’ case does not look like a one-off. It looks like another step in a broader effort to identify, arrest, extradite, and flip people tied to the same ecosystem. (justice.gov) ### What should companies take from this? The uncomfortable lesson is that expensive security tools do not help much if a help desk can be socially engineered into resetting the wrong account. Scattered Spider keeps exploiting exactly that gap. So the practical defenses are boring but crucial — stricter identity checks for password and MFA resets, tighter admin controls, and more skepticism around urgent phone-based requests. (cisa.gov) ### Bottom line This case is not just about one teenager with an online alias. It shows how a loose, young, internet-native crew can hit major corporations for millions by manipulating people more than machines — and why law enforcement is now chasing that model as aggressively as the malware itself. (bleepingcomputer.com)