Europol-supported global operation targets over 75 000 users engaged in DDoS attacks

The following countries participated in the joint action: Australia, Austria, Belgium, Brazil, Bulgaria, Denmark, Estonia, Finland, Germany, Japan, Latvia, Lithuania, Luxembourg, the Netherlands, Poland, Portugal, Sweden, Thailand, the United Kingdom and theUnited States.

Leading up to the action week, a series of operational sprints took place gathering experts from national authorities across the globe to carry out actions against high-value target users of DDoS-for-hire platforms and raise awareness about the illegality of these activities.

During these sprints, the participating countries disrupted illegal booter services, dismantling the technical infrastructure that supports illegal DDoS. Booter services allow users to launch DDoS attacks against targeted websites, servers, or networks. Their infrastructure is made up of servers, databases, and other technical components that make DDoS-for-hire activities possible. By seizing these infrastructures, authorities were able to hinder these criminal operations and prevent further damage to victims. The seized databases allowed Europol experts to support their national colleagues in providing data on over 3 million criminal user accounts, which led to a series of coordinated actions across the globe during the action week.

DDoS-for-hire is one of the most prolific and easily accessible trends in cybercrime, enabling individuals with little technical knowledge to follow step-by-step tutorials to execute criminal attacks. These attacks inflict significant harm on businesses and individuals across the globe by targeting servers, websites, or online services and making them inaccessible to legitimate users.

Individuals engaging in DDoS activity range from users with minimal technical background able to launch attacks with little effort to more technically proficient actors who customise and optimise their illegal operations. Attacks are often regionally focused, with users targeting servers and websites within their continent, and directed at a wide range of targets including online marketplaces, telecommunications providers, and other web-based services. Motivations vary from curiosity to ideological purposes linked to hacktivism, as well as financial gain through extortion or the disruption of competitors’ services.

Operation PowerOFF: disrupt and prevent

Operation PowerOFF is an ongoing, coordinated effort among international law enforcement aimed at dismantling criminal DDoS-for-hire infrastructure. As the operation enters its prevention phase, a series of coordinated and proactive campaigns to prevent future attacks took place, with more to follow. These campaigns include:

• The creation of ads on search engines, with targeted messages shown to young people searching for DDoS-for-hire tools on Google.
• The removal of over 100 URLs advertising DDoS-for-hire services from search engine results.
• Sending warning messages on the blockchains used by criminals to make payments related to their illegal activities.
• Updating the dedicated website for Operation PowerOFF to keep track of and give further visibility to all the enforcement and prevention actions.

Law enforcement authorities involved:

• Australia: Australian Federal Police
• Austria: Criminal Intelligence Service Austria – Cybercrime Competence Center (C4)
• Belgium: Federal Judicial Police – FCCU
• Brazil: Brazilian Federal Police
• Bulgaria: Cybercrime Department  – General Directorate  Combating Organized Crime
• Denmark: Danish Police – POLITI
• Estonia: National Criminal Police
• Finland: National Bureau Of Investigation
• Germany: Federal Criminal Police Office
• Japan: National Police Agency of Japan
• Latvia: Cybercrime Enforcement Department, Central Police Department, State Police of Latvia
• Lithuania: Lithuanian Criminal Police Bureau
• Luxembourg: Service de Police Judiciaire – Section Cybercrime
• Netherlands:Netherlands Police
• Norway National Crime Investigation Service
• Poland: National Police – Central Cybercrime Bureau
• Portugal: Polícia de Segurança Pública and Polícia Judiciária
• Sweden: Swedish Police Authority – Swedish Cybercrime Center (SC3)
• Thailand: Royal Thai Police – Immigration Bureau and Cyber Crime Investigation Bureau
• United Kingdom: National Cyber Crime Unit, National Crime Agency and UK Regional Cyber Crime Units
• United States: Homeland Security Investigations (HSI), Department of Defense Office of Inspector General’s Defense Criminal Investigative Service (DCIS), United States Department of Justice (DOJ), Federal Bureau of Investigation (FBI), United States Attorney’s Office (USAO)

Regarding Europol’s support, the Agency primarily:

• Conducted analysis of seized datasets, identified and geolocated users, and disseminated intelligence packages to all EU Member States and countries with operational agreements. Analytical support, crypto-tracing expertise, and forensic assistance were also provided.
• Organised sprints to develop investigative leads in preparation for the final phase of the operation.
• Established a command post during the action days.
• Assigned a dedicated cybercrime prevention specialist to support the prevention working group throughout the case.