A hacker’s arrest just revealed how Microsoft can track your Windows device

News Room

A teenager allegedly used a VPN to cover his tracks while hacking a US jewelry retailer, but Microsoft knew anyway.

Court documents unsealed in the US case against Peter Stokes, a 19-year-old dual US-Estonian citizen accused of being a member of the notorious Scattered Spider hacking group, reveal that Microsoft provided the FBI with records tied to a tracking mechanism called the Global Device Identifier, or GDID. 

Here’s what you need to know

The identifier, which is automatically assigned to every Windows installation, was enough to link Stokes’ computer to specific websites and third-party services, even though he was running a VPN. 

Stokes was arrested in Helsinki in April 2026. He was trying to board a flight to Japan, carrying two two-terabyte hard drives. He now faces federal charges in Chicago for conspiracy, computer intrusion, and fraud (via PCMag).

However, the case surely draws attention to the GDID. For most people, this is the first time they’re hearing the term GDID.

What exactly is a Global Device ID (GDID)?

GDID is a unique number tied to a Windows installation on a device, and it can stay the same across normal Windows updates. 

According to the criminal complaint, Microsoft’s records showed that Stokes’ GDID accessed specific pages on ngrok, a developer tunneling tool, at precise timestamps, which was enough to reconstruct his activity and link it to the hack. 

This identifier can apparently persist across updates, has no simple opt-out, and may allow Microsoft to connect a Windows installation to activity on third-party services, not just Microsoft ones. 

In other words, Microsoft may have a record of which websites your Windows PC visited, independent of your browser history and cookie tracking. You can technically opt out of it by reinstalling Windows, as it generates a new GDID. 

This is exactly what makes the Stokes case worth paying attention to, even if you have no plans to hack a jewelry store with a VPN anytime soon.

Read the full article here

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *