Two suspects were detained by Polish police from the Central Bureau for Combating Cybercrime, who are believed to have been operating a DDoS-for-hire service (also known as a booter or stresser) since at least 2013.
These arrests are part of Operation PowerOFF, a global law enforcement effort to disrupt and shut down online platforms that enable anyone to launch massive distributed denial-of-service (DDoS) attacks against any target worldwide for the appropriate amount of money.
Under the direction of the Joint Cybercrime Action Taskforce (J-CAT), the operation was carried out in conjunction with Europol, the FBI, and law enforcement agencies from the Netherlands, Germany, and Belgium.
Officers from the Polish Central Cybercrime Bureau made two arrests and carried out ten searches that helped them obtain valuable data from the perpetrators’ server in Switzerland.
Over 35,000 user accounts, 76,000 login records, and more than 320,000 unique IP addresses associated with the DDoS-for-hire service were discovered in evidence retrieved from the suspects’ servers.
In addition, over 1,000 records of attack plans worth approximately $44,000 and 11,000 records of purchased attack plans with associated email addresses of service buyers who paid approximately $400,000 were discovered by police.
On the computer of one of the suspects, Polish police also discovered substantial evidence of operating and managing a criminal domain.
The following video of the searches and arrests was also made available by the Polish Central Cybercrime Bureau.
The long-running law enforcement operation known as Operation PowerOFF has resulted in the removal of dozens of other significant DDoS-for-hire platforms.
In December 2022, the Department of Justice seized 48 Internet domains linked to stressed platforms and charged six suspects for their involvement in operating the booter services. In December 2018, the FBI also targeted DDoS-as-a-service platforms and took down 15 websites.
Thirteen additional domains linked to DDoS-for-hire platforms were seized by the US Department of Justice six months later, in May 2023.
The Department of Justice stated at the time, “Ten of the 13 domains seized today are reincarnations of services that were seized during a prior sweep in December, which targeted 48 top booter services.”
“Whether or not somebody dispatches a DDoS assault utilizing their own order and-control foundation (e.g., a botnet) or recruits a booter and stresser administration to lead an assault, their transmission of a program, data, code, or order to a safeguarded PC is unlawful and may bring about criminal accusations,” the FBI cautions.