Law enforcement agencies from 21 countries have taken coordinated action against the global market for DDoS-for-hire services, seizing 53 domains, arresting four alleged operators of illegal platforms and issuing more than 75,000 warnings to users of so‑called booter and stresser services. This new phase of Operation PowerOFF, led by Europol, marks one of the most comprehensive international efforts to date against DDoS-as-a-Service infrastructures.
Europol’s Operation PowerOFF Targets Global DDoS-for-Hire Infrastructure
The latest phase of Operation PowerOFF is coordinated by Europol with the participation of authorities from Australia, Austria, Belgium, Brazil, Bulgaria, the United Kingdom, Germany, Denmark, Latvia, Lithuania, Luxembourg, the Netherlands, Poland, Portugal, the United States, Thailand, Finland, Sweden, Estonia and Japan. This broad coalition reflects a core reality of modern cybercrime: attack infrastructure, payment channels and victims are typically distributed across multiple jurisdictions, making international coordination essential for effective disruption.
Operation PowerOFF began in 2018 with the takedown of the first 15 DDoS-for-hire platforms. Since then, investigators have consistently targeted booter and stresser ecosystems—shutting down domains, seizing servers and gathering intelligence on both service operators and their customers.
What Are Booter and Stresser Services and Why Are They Dangerous?
Booter and stresser services are online platforms that allow users to launch Distributed Denial-of-Service (DDoS) attacks against a chosen target with just a few clicks. Although many of these sites claim to offer legitimate “stress testing” or “load testing” for network owners, they typically do not verify that the customer actually controls the target system. In practice, they function as an easy front-end to botnets and other attack infrastructures.
These services dramatically lower the barrier to entry for cybercrime. Users do not need to understand DDoS techniques, build botnets or exploit vulnerabilities. They simply register, deposit funds—often in cryptocurrency—select a subscription plan and enter the IP address or domain they wish to disrupt. This commoditization of DDoS capabilities makes powerful attacks accessible to minors and technically inexperienced individuals, not just organized cybercriminal groups.
Earlier Phases: Millions of Accounts and Search Warrants
In previous waves of Operation PowerOFF, law enforcement did more than seize domains. Investigators also obtained access to back-end infrastructure and customer databases. According to Europol, authorities secured information on approximately 3 million user accounts registered on DDoS-for-hire platforms and executed 25 search warrants in related investigations.
Such datasets are valuable for multiple reasons: they enable the identification and prosecution of the most prolific users, support the mapping of payment flows and help build more accurate threat intelligence models. By analyzing account activity, preferred cryptocurrencies, hosting providers and associated network resources, investigators can trace broader cybercrime ecosystems rather than isolated services.
For operators, the repeated loss of domains and infrastructure forces them to constantly rebrand, migrate to new hosting providers and switch payment channels. This increases operational costs, raises the risk of exposure and erodes customer trust—factors that collectively weaken the DDoS-for-hire market.
Who Uses DDoS-for-Hire Services and What Is the Impact?
According to Europol and multiple industry threat reports, DDoS-for-hire platforms remain one of the most widespread forms of cybercriminal activity. Their customer base spans from curious teenagers and “script kiddies” to experienced threat actors who integrate DDoS attacks into broader campaigns, including extortion, distraction for data theft or coordinated hacktivism.
Motivations typically include “pranks” and retaliation in online games, but also financial extortion, political or ideological activism and targeted disruption of business competitors. Even a brief and well-timed DDoS attack can cause significant financial and reputational damage to e‑commerce platforms, financial institutions, gaming services and critical online infrastructure by causing outages, lost transactions and customer churn.
Security vendors and Computer Emergency Response Teams (CERTs) have repeatedly reported record-breaking DDoS volumes in recent years, confirming that these attacks remain a key threat vector for organizations of all sizes.
From Enforcement to Prevention: Reducing Demand for DDoS-as-a-Service
The current stage of Operation PowerOFF places greater emphasis not only on enforcement, but also on prevention and awareness. Law enforcement agencies have announced plans for targeted information campaigns aimed particularly at young people searching the internet for DDoS tools. The objective is to explain the legal consequences of commissioning an attack and to highlight legitimate ways to develop technical skills, such as education in cybersecurity and participation in bug bounty programs.
Search Engine Takedowns and Reduced Visibility of Booter Sites
As part of this preventive strategy, Europol reports that more than 100 URLs associated with booter and stresser services have already been removed from search engine results. Reducing the visibility of these platforms makes it harder for casual users—who may not frequent underground forums or encrypted channels—to discover and purchase DDoS-for-hire services.
Blockchain Transaction Warnings: Challenging the Myth of Anonymity
Law enforcement has also begun using blockchain transactions as a warning channel. In selected cases, special notifications are attached to cryptocurrency transfers linked to the payment of illegal DDoS services. This approach underscores that crypto-transactions are not inherently anonymous: they can be traced, analyzed and used as evidence in criminal investigations.
By leveraging the transparency of public blockchains, authorities send a clear signal that using cryptocurrency does not eliminate legal risk and that payments for cybercrime services can be followed back to individual users or service operators.
The evolution of Operation PowerOFF—from individual site takedowns to a comprehensive strategy targeting infrastructure, financial flows and user demand—illustrates how the fight against DDoS-for-hire services is becoming more systemic. Organizations should respond by strengthening their DDoS resilience through traffic filtering, anomaly detection, upstream mitigation services and predefined incident response plans. Individual users, especially younger audiences, need to understand that ordering a DDoS attack is not a harmless joke but a criminal offense. Channeling interest in hacking toward legal learning paths and cybersecurity careers is not only safer but also far more rewarding in the long term.
