This article is super vague about this as well. How does Microsoft not only have the GDID->IP link, but they have Web history as well? Are they just exposing all this through advertising telemetry?
My interpretation was that they had an IP that they suspected was the perp’s home network, and subpoena’d some major platforms to confirm beyond a shadow of a doubt. Given the perp’s sloppiness in using the same machine for both personal and illicit computing activities, they could even have some network traffic in the capture to indicate which platforms they should subpoena
Or if we want to be more conspiracy-minded, maybe they installed a trojan on his computer and this is the parallel evidence trail that law enforcement created so they don’t have to admit to hacking the hackers
My interpretation was that they had an IP that they suspected was the perp’s home network, and subpoena’d some major platforms to confirm beyond a shadow of a doubt. Given the perp’s sloppiness in using the same machine for both personal and illicit computing activities, they could even have some network traffic in the capture to indicate which platforms they should subpoena
Or if we want to be more conspiracy-minded, maybe they installed a trojan on his computer and this is the parallel evidence trail that law enforcement created so they don’t have to admit to hacking the hackers
Or he used Edge, so Microsoft just has all his browsing data.