-
Federal agents arrested 19-year old Peter Stokes, who is a dual citizen of both US and Estonia, in Finland on April 10.
-
He allegedly used the alias “Bouquet” and mocked the FBI online.
-
Prosecutors say he caused millions in losses for companies like a luxury retailer.
US prosecutors have charged a teenage hacker over suspected involvement in a series of cyber attacks related to an international hacking collective.
Authorities arrested the suspect in Finland when he was boarding a flight to Japan. They are making preparations to bring him over to the US to face justice.
Details of the Case
Peter Stokes is a 19-year old, and he holds dual citizenship of both the US and Estonia. Based on prosecutors’accusations, Stokes is connected to a global hacking group called Scattered Spider. His arrest happened in Finland on April 10. He was in the process of boarding a plane to fly over to Tokyo.
Prior to his arrest, Stokes had been on FBI radar for months. They were just collecting enough evidence to finally put him away for good.
Back in December, they filed criminal charges, including wire fraud, conspiracy, and computer intrusion, against Stokes. Now, they’re planning to extradite him from Finland and bring him back to Chicago to face the music.
Stokes would be the second Scattered Spider member sent to the US. Last week, Tyler Robert Buchanan pleaded guilty. That 24-year-old British hacker stole at least $8 million in crypto.
Online, Stokes goes by the alias “Bouquet.” And he lived lavishly, Dubai trips, vacation in New York, trips to Thailand, all the while staying in five-star hotels. And always flaunting cash and costly jewelry. Based on the complaint filed against him, Stokes is the son of a big European businessman, but he has recently displayed wealth too much for someone his age.
He even mocked the FBI. Stokes posted memes of his group members as mafia bosses on social media. He wore a diamond necklace bearing the words “HACK THE PLANET.” One meme from The Sopranos placed his name over a fictional New York crime boss. Investigators found that one was very revealing.
Mocking Federal Investigators
Here is where it gets mad. Stokes treated the FBI like a joke. The complaint says he traded memes with friends. One image showed failed login attempts with a message: “F— off, FBI.”
The taunting only got worse. In a January 2025 exchange, Stokes sent a picture of an Estonian police station.
But law enforcement had the last laugh, as seen in a Homeland Security-aided sting that arrested two alleged child predators, federal agencies are persistent and resourceful, and no amount of online bravado can shield criminals from prosecution, whether they’re hacking corporations or exploiting children.
The caption read: “Feel like Raymond Reddington season 1 episode 1 rn.” That is a reference to The Blacklist, where a criminal turns himself in.
Details of the Alleged Hack Attacks
The charges against him are serious. Stokes took part in at least four Scattered Spider attacks. One happened when he was just 16. These hacks caused millions in losses.
His first alleged attack used a simple trick. In March 2023, he targeted an online platform called “Company H.” He requested a reset of an employee’s two-factor authentication. Encrypted chats show him working with an accomplice. They accessed sensitive data, including employee IDs.
A later attack in May 2025 targeted a luxury retailer. Stokes called the company’s IT help desk. He posed as an employee to reset credentials. The hackers then grabbed administrator accounts.
They claimed they got their hands on 100GB of data. The group demanded 8 million. However, the company refused to pay, but the attack still cost them over 2 million in recovery and disruption.
Who is Scattered Spider?
So who is this group? Scattered Spider targets large companies. They go after IT help desks. They steal data and use it for extortion. The FBI says they rely on social engineering, phishing, and SIM swapping. They do not use advanced malware.
The group is also known as Octo Tempest. It is full of teens and young adults. It emerged in 2022 in the US and UK. Since then, it has spread to Europe and Australia. Victims include MGM Resorts, Caesars Entertainment, and Riot Games.
Stokes is just the latest arrest. Tyler Buchanan, the senior member, pleaded guilty in California. Another member, Noah Michael Urban, got 10 years in prison. UK police also detained a 17-year-old for the MGM attack.
This group’s hacking spree includes Mailchimp, Twilio, DoorDash, and Reddit. Now, Stokes will likely face a Chicago courtroom. His flashy, jet-set ride appears to be over.
