Blog

Operation PowerOFF: Law Enforcement Seizes 9 DDoS-for-Hire Webpages as Part of Global Crackdown

Flashpoint is proud to have contributed to this investigation as part of an alliance of government agencies and private sector partners.

Default Author Image
May 7, 2025

Today, the Justice Department announced the seizure of nine of the world’s leading Distributed Denial-of-Service (DDos) services, with Poland’s Central Cybercrime Bureau simultaneously reporting the arrest of four major administrators running those domains.

The seizures were performed by the Defense Criminal Investigative Service (DCIS) and were taken in conjunction with Operation PowerOFF, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling DDoS-for-Hire infrastructures worldwide—holding both administrators and users of these illegal services accountable. 

Flashpoint is proud to have contributed to this investigation as part of an alliance of government agencies and private sector partners.

DDoS Attacks Target Schools, Governments, and Civilians

The DDoS-for-Hire webpages and booter services named in Operation PowerOFF allegedly attacked a wide array of schools, government agencies, gaming platforms, and millions of people. In addition to targeting victims, these attacks significantly degrade internet services and completely disrupt internet connections.

“Booter services facilitate cyberattacks that harm victims and compromise everyone’s ability to access the internet. This week’s sweeping law enforcement activity is a major step in our ongoing efforts to eradicate criminal conduct that threatens the internet’s infrastructure and our ability to function in a digital world.”

United States Attorney Bill Essayli

Many of these services posed as “stresser” services, claiming to perform network testing of the victim’s systems. However, the DCIS found these claims to be completely false—as customers were not aware that they were attacking their own systems.

Understanding DDoS Attacks

DDoS attacks are a widely-accessible and commonly favored tool used by threat actors. DDoS services are frequently advertised on many illicit marketplaces, allowing unsophisticated threat actors to “rent” their use for a fee. Then, leveraging a botnet—a network of malware-infected computers—cybercriminals flood a victim’s IP address with overwhelming volumes of traffic, such as malicious connection requests, malformed packets, or UDP floods, ultimately forcing their systems to crash under the pressure.

This disruption can result in significant operational losses, with downtime costs estimated to average around $40,000 USD per hour. For critical infrastructure and online businesses, this can translate to millions in lost revenue and reputational loss. Moreover, DDoS attacks can act as a smokescreen, masking other cybercriminal attempts to compromise systems, potentially leading to data breaches or the exploitation of vulnerabilities.

Ongoing Partnerships and Vigilance

More than 75 domains associated with DDoS-for-Hire services have been seized to date, but the fight against DDoS related cybercrime continues.

“The enforcement actions launched today, made possible by enduring partnerships between law enforcement and private industry, represents continued pressure on DDoS-for hire services and the cybercriminals and hacktivists who use them.”

Kenneth DeChellis, Special Agent at the DDefense Criminal Investigative Service (DCIS)

These recent seizures are built on the success of over four years of targeting known DDoS-for-Hire and booter sites. Flashpoint is proud to be at the forefront, working alongside our partners by providing timely and actionable intelligence that helps protect critical internet infrastructure and services. For a comprehensive understanding, refer to the Justice Department’s full announcement, and for more information on the risks of booter and stresser services, consult this resource from the FBI.

Request a demo today.