Europol warns 75,000 suspected cybercriminals in global DDoS-for-hire crackdown

European police have sent warning emails to more than 75,000 individuals suspected of paying for cyberattacks designed to knock websites offline. The coordinated international action, announced by Europol on Thursday, targeted so-called "booter" or "stresser" services that offer distributed denial-of-service (DDoS) attacks for hire.

Dubbed Operation PowerOFF, the crackdown involved law enforcement agencies from several countries. It resulted in four arrests, the execution of 24 search warrants, and the takedown of 53 internet domains associated with these illegal services.

How the Suspects Were Identified

Europol obtained the contact details of the alleged users by raiding and seizing the servers that powered the DDoS-for-hire platforms. "This allowed the police to identify their registered users," the agency stated. The warning emails and letters inform recipients that their activity has been flagged and instruct them to cease any involvement with such services.

DDoS-for-hire services lower the barrier to cybercrime, allowing individuals with no technical expertise to launch powerful attacks by renting infrastructure for a fee. These attacks overwhelm target websites with junk traffic, rendering them inaccessible to legitimate users.

A Persistent and Evolving Threat

DDoS attacks remain a common tool for disruption due to their relative ease of execution. The scale of such attacks continues to grow. In 2025, cybersecurity firm Cloudflare reported mitigating what it described as the largest DDoS attack on record, which peaked at 29.7 terabits per second of traffic.

This is not the first major law enforcement action against the DDoS-for-hire ecosystem. The U.S. Federal Bureau of Investigation (FBI) has conducted several similar operations in recent years, highlighting the ongoing global effort to dismantle these criminal marketplaces.

The operation underscores a shift in strategy by international law enforcement, focusing not only on the infrastructure providers but also on the end-users who pay for these disruptive services. Europol's public warning aims to deter future use by demonstrating that user identities are not anonymous.