# Europol and International Partners Dismantle DDoS Booter Infrastructure in Operation PowerOFF
An international coalition led by Europol has conducted the large-scale Operation PowerOFF to dismantle platforms offering DDoS attacks for hire. The campaign blocked 53 domains, carried out 25 searches, and arrested four individuals. The criminals' assets served 75,000 users, and the seized databases contain information on more than 3 million accounts.
Global Coordination Against Cybercrime
Operation PowerOFF brought together law enforcement from 21 countries: Australia, Austria, Belgium, Brazil, Bulgaria, Denmark, Estonia, Finland, Germany, Japan, Latvia, Lithuania, Luxembourg, Netherlands, Norway, Poland, Portugal, Sweden, Thailand, United Kingdom, and USA. This level of international cooperation highlights the cross-border nature of modern cyber threats and the need for coordinated responses.
Operation participants organized a series of so-called "sprints"—targeted actions against the most active users and administrators of DDoS platforms. These efforts included not only physical searches and arrests but also technical measures: shutting down servers, seizing databases, and blocking domain names.
Technical Architecture of DDoS Booters
DDoS booters (booter services) are web platforms that provide users with an interface to launch distributed attacks on target resources. Their infrastructure typically includes:
- Control servers (C2 — command and control);
- Web interfaces for clients with options to select targets, duration, and attack types;
- Payment systems, often integrated with cryptocurrency wallets;
- User databases with order and payment histories;
- Proxy networks or botnets used to generate traffic.
Analysis of the seized data revealed a high degree of automation and commercialization in these services. Many marketed themselves as "stress tests" for legitimate purposes, but in practice, they were used exclusively for illegal attacks.
Preventive and Awareness Measures
In addition to directly dismantling the infrastructure, Operation PowerOFF includes preventive components:
- Search ads—placing warning ads in response to queries like "buy DDoS" or "best booter";
- Delisting—removing over 100 URLs promoting DDoS services from search engine indexes;
- Blockchain notifications—sending messages to smart contracts or wallet addresses linked to attack payments, informing them of the illegal nature of the activities;
- Information portal—updating the operation's official website with materials targeted at potential users of such services.
These measures aim not only to punish but also to change behavior: reducing demand by raising awareness and perceived risk.
Context: From LeakBase to PowerOFF
Operation PowerOFF continues a series of global anti-cybercrime initiatives. Previously, Europol and the FBI jointly shut down the hacker forum LeakBase, where stolen data and hacking tools were traded. That operation involved 14 countries, confirming a sustained model of international cooperation in cybersecurity.
The difference between LeakBase and PowerOFF lies in their focus: the former targeted the market for data and exploits, while the latter targets the infrastructure of attack services accessible even to inexperienced users. This points to an evolution in strategy—from addressing consequences to eliminating threat sources.
Key Takeaways
- Operation PowerOFF is an example of effective multinational coordination against cybercrime.
- DDoS booters are commercialized platforms with sophisticated technical infrastructure, not just scripts.
- Over 3 million user records were seized, giving law enforcement a powerful tool for further investigations.
- Preventive measures (search ads, delisting) complement enforcement actions and reduce demand for illegal services.
- Such operations are becoming routine, signaling a systematic approach to combating cyber threats.
— Editorial Team
No comments yet.