Europol Leads Global Crackdown on DDoS-for-Hire Services, Arrests Made
Global Crackdown on DDoS-for-Hire Services by Europol

Europol Coordinates Global Action Against DDoS-for-Hire Criminal Networks

In a significant international effort, Europol, alongside law enforcement agencies from 21 countries, recently executed a coordinated action week focused on enforcement and prevention measures targeting distributed denial-of-service (DDoS)-for-hire services. This operation aimed at disrupting the activities of over 75,000 criminal users engaged in these illicit services, which facilitate cyberattacks with minimal technical knowledge required.

Massive Enforcement Actions Yield Tangible Results

The action week led to substantial outcomes, including the sending of more than 75,000 warning emails and letters to identified criminal users. Authorities made four arrests, issued 25 search warrants, and successfully took down 53 domains associated with illegal booter services. Booter services are platforms that allow users to launch DDoS attacks against targeted websites, servers, or networks, often causing significant disruption to online operations.

By dismantling the technical infrastructure—comprising servers, databases, and other components—that supports these illegal DDoS activities, authorities were able to hinder criminal operations and prevent further damage to victims worldwide. The seized databases provided Europol experts with critical data on over 3 million criminal user accounts, enabling a series of coordinated actions across the globe during the action week.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

International Collaboration in Cybercrime Fight

The following countries participated in the joint action: Australia, Austria, Belgium, Brazil, Bulgaria, Denmark, Estonia, Finland, Germany, Japan, Latvia, Lithuania, Luxembourg, the Netherlands, Poland, Portugal, Sweden, Thailand, the United Kingdom, and the United States. Prior to the action week, a series of operational sprints gathered experts from national authorities to carry out actions against high-value target users of DDoS-for-hire platforms and raise awareness about the illegality of these activities.

Understanding DDoS-for-Hire Attacks

DDoS-for-hire represents one of the most prolific and easily accessible trends in cybercrime. It enables individuals with little technical expertise to follow step-by-step tutorials and execute criminal attacks. These attacks inflict significant harm on businesses and individuals globally by targeting servers, websites, or online services, rendering them inaccessible to legitimate users.

Individuals engaging in DDoS activity range from those with minimal technical background, who can launch attacks with little effort, to more technically proficient actors who customize and optimize their illegal operations. Attacks are often regionally focused, with users targeting servers and websites within their continent, and directed at a wide array of targets including online marketplaces, telecommunications providers, and other web-based services. Motivations vary from curiosity and ideological purposes linked to hacktivism to financial gain through extortion or disrupting competitors' services.

Operation PowerOFF: A Proactive Approach to Disruption and Prevention

Operation PowerOFF is an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling criminal DDoS-for-hire infrastructure. As the operation enters its prevention phase, a series of coordinated and proactive campaigns have been implemented to prevent future attacks, with more initiatives planned. These campaigns include:

  • The creation of targeted ads on search engines, such as Google, with messages aimed at young people searching for DDoS-for-hire tools.
  • The removal of over 100 URLs advertising DDoS-for-hire services from search engine results.
  • Sending warning messages on the blockchains used by criminals to make payments related to their illegal activities.
  • Updating the dedicated website for Operation PowerOFF to track and provide further visibility to all enforcement and prevention actions.

Law Enforcement Authorities Involved

The following law enforcement agencies participated in the operation:

Pickt after-article banner — collaborative shopping lists app with family illustration
  • Australia: Australian Federal Police
  • Austria: Criminal Intelligence Service Austria – Cybercrime Competence Center (C4)
  • Belgium: Federal Judicial Police - FCCU
  • Brazil: Brazilian Federal Police
  • Bulgaria: Cybercrime Department - General Directorate Combating Organized Crime
  • Denmark: Danish Police - POLITI
  • Estonia: National Criminal Police
  • Finland: National Bureau Of Investigation
  • Germany: Federal Criminal Police Office
  • Japan: National Police Agency of Japan
  • Latvia: Cybercrime Enforcement Department, Central Police Department, State Police of Latvia
  • Lithuania: Lithuanian Criminal Police Bureau
  • Luxembourg: Service de Police Judiciaire – Section Cybercrime
  • Netherlands: Netherlands Police
  • Norway: National Crime Investigation Service
  • Poland: National Police - Central Cybercrime Bureau
  • Portugal: Polícia de Segurança Pública and Polícia Judiciária
  • Sweden: Swedish Police Authority - Swedish Cybercrime Center (SC3)
  • Thailand: Royal Thai Police – Immigration Bureau and Cyber Crime Investigation Bureau
  • United Kingdom: National Cyber Crime Unit, National Crime Agency and UK Regional Cyber Crime Units
  • United States: Homeland Security Investigations (HSI), Department of Defense Office of Inspector General’s Defense Criminal Investigative Service (DCIS), United States Department of Justice (DOJ), Federal Bureau of Investigation (FBI), United States Attorney’s Office (USAO)

This coordinated effort underscores the global commitment to combating cybercrime and protecting digital infrastructure from malicious attacks.