
A teenager accused of being part of the criminal hacking collective known as “Scattered Spider” has been extradited to the United States from Finland to face federal conspiracy charges in Illinois, the Justice Department announced Wednesday.
Peter Stokes, 19, holds dual citizenship in the United States and Estonia. He faces charges including conspiracy, computer intrusion, and fraud, according to a criminal complaint that was unsealed Tuesday. Finnish law enforcement arrested Stokes back in April following the issuance of an Interpol Red Notice. He was brought to the U.S. last week and made his first court appearance Tuesday in federal court in Chicago, where a judge ordered him to remain behind bars.
The Justice Department’s Assistant Attorney General A. Tysen Duva stated that Scattered Spider has been linked to more than 100 network intrusions, which have resulted in over $100 million in ransom payments along with millions of additional dollars in damages suffered by victims.
FBI Cyber Division Assistant Director Brett Leatherman also weighed in, saying: “Scattered Spider has repeatedly targeted U.S. companies, extorting employees, inflicting millions of dollars in losses, and disrupting essential operations.”
Federal prosecutors had previously filed criminal charges in 2024 against other individuals suspected of being part of Scattered Spider — described as a loosely organized network of hackers believed to have broken into dozens of American companies to steal sensitive data and cryptocurrency. The group has become notorious for particularly aggressive cybercrime campaigns aimed at large multinational corporations as well as individual cryptocurrency holders.
The group gained widespread attention in September 2023 when its members infiltrated and effectively locked down the computer networks of casino giants Caesars Entertainment and MGM Resorts International, demanding large ransom payments. Caesars ultimately paid approximately $15 million to regain control of its systems. Prosecutors have alleged that the group carried out phishing schemes by blasting employees with fake but convincing text messages warning that their accounts would be shut down unless they clicked a link — a link that secretly handed hackers access to company systems.







