Global Crackdown Shuts Down DDoS-for-Hire Empire, Exposing Millions of Cybercriminals

Operation PowerOFF Dismantles Major DDoS-for-Hire Network

An international law enforcement operation, known as Operation PowerOFF, has successfully taken down 53 domains linked to distributed denial-of-service (DDoS) services and arrested four individuals involved in running these illegal platforms. The crackdown targeted so-called “booter” or DDoS-for-hire services that enabled widespread cyberattacks.

Authorities revealed that more than 75,000 cybercriminals used these services to launch attacks, and investigators gained access to databases containing over 3 million user accounts connected to the platforms. As part of the operation, officials have issued 25 search warrants and are actively sending warning emails and letters to identified users.

Global Collaboration

The operation involved coordinated efforts from 21 countries, including the United States, the United Kingdom, Germany, Japan, Australia, and several European nations. This large-scale collaboration highlights the growing international focus on tackling cybercrime networks.

How DDoS-for-Hire Services Work

Booter services allow users—even those with little technical knowledge—to launch powerful DDoS attacks against websites, servers, and networks. These attacks flood targets with massive amounts of traffic, disrupting services, slowing performance, or completely taking systems offline.

The infrastructure behind these services includes servers, databases, and control systems that make large-scale attacks possible. By seizing this infrastructure, authorities have significantly disrupted ongoing cybercriminal operations.

Motives Behind the Attacks

DDoS attacks are used for a wide range of purposes, including:

• Financial gain through extortion
• Disruption of competitors’ services
• Ideological or hacktivist campaigns
• Curiosity or experimentation by inexperienced users

Some operators attempt to disguise these platforms as legitimate “stress-testing” tools to avoid legal scrutiny, while still enabling illegal activity.

U.S. Enforcement Actions

In a parallel effort, the U.S. Department of Justice carried out court-approved actions to disrupt major Internet of Things (IoT) botnet services used to power DDoS attacks. Authorities seized multiple domains associated with these services, including well-known platforms that claimed to launch thousands of attacks daily.

Visitors to the seized domains now see warning notices stating that DDoS attacks are illegal and that both operators and users of such services can face investigation and prosecution.

Additionally, an awareness campaign has been launched to discourage individuals from using DDoS-for-hire platforms and to educate the public about the legal consequences.

Ongoing Efforts

This operation builds on previous actions under Operation PowerOFF. In 2025, authorities also dismantled a major botnet used to carry out attacks across more than 80 countries.

The latest crackdown underscores the continued commitment of global law enforcement agencies to identify, disrupt, and prosecute those involved in cybercrime. It also sends a strong message that both service providers and users of DDoS platforms are being actively tracked.