In a significant victory against cybercrime, law enforcement agencies from 15 countries have successfully dismantled 27 DDoS-for-hire platforms in a coordinated operation codenamed “PowerOff.” The operation resulted in three administrator arrests and identified over 300 users of these illegal services, marking one of the largest crackdowns on DDoS infrastructure to date.
Evolution and Scope of Operation PowerOff
Operation PowerOff’s origins trace back to December 2018, when authorities first targeted 15 DDoS-enabling websites. The initiative has since evolved into a comprehensive campaign against booter and stresser services, which have become increasingly prevalent tools for cybercriminals. These platforms enable individuals with minimal technical knowledge to launch devastating distributed denial-of-service attacks against various online targets.
Technical Infrastructure and Service Disruption
The operation targeted several high-profile platforms, including zdstresser.net, orbitalstress.net, and starkstresser.net. These services operated under the guise of legitimate stress-testing tools while actually providing infrastructure for malicious DDoS attacks. Booter services offered direct DDoS-for-hire capabilities, while stresser services attempted to maintain a facade of legitimacy by marketing themselves as website performance testing tools.
Key Arrests and Legal Proceedings
Dutch law enforcement officials apprehended four suspects aged 22-26, with one individual allegedly responsible for orchestrating 4,169 separate DDoS attacks. The U.S. Department of Justice has filed charges against two major players, including Brazilian national Ricardo Cesar Colli, known online as “TotemanGames,” who operated Securityhide.net and Securityhide.com. Approximately 200 service users have been identified and face potential criminal charges based on their involvement level.
300+ Users Identified: What Enforcement Means for Booter Service Operators
The identification of over 300 service users — many of whom face potential charges based on their activity level — illustrates the current enforcement posture: authorities are not limiting prosecution to platform administrators. Users of booter services who paid for DDoS attacks against specific targets are subject to the same criminal statutes as those who operated the infrastructure. The 4,169-attack count attributed to one arrested individual demonstrates that even single-defendant cases can involve substantial charges.
