Polish officers from the country’s Central Cybercrime Bureau have arrested two suspects suspected of involvement in operating a DDoS service for hire (aka booter or stresser) that has been active since at least 2013.
These arrests are part of an international law enforcement effort (known as the Power off operation) aimed at disrupting and suppressing online platforms allowing anyone to launch massive Distributed Denial of Service (DDoS) attacks against any target in the world for the right amount of money.
The operation was carried out in coordination with Europol, the FBI and law enforcement agencies from the Netherlands, Germany and Belgium, under the supervision of the Joint Cybercrime Action Taskforce (J-CAT).
Officers from the Polish Central Bureau of Cybercrime arrested two people and carried out ten searches which resulted in the collection of valuable data on the perpetrators’ server located in Switzerland.
Evidence collected from the suspects’ servers revealed information on over 35,000 user accounts, 76,000 login records, and over 320,000 unique IP addresses linked to the DDoS-for-hire service.
In addition, officers also uncovered 11,000 purchased attack plan records, with associated email addresses of service buyers who paid approximately $400,000, and more than 1,000 attack plan records. worth about $44,000.
Polish police also found substantial evidence of the operation and management of a criminal domain on the computer belonging to one of the suspects.
The Polish Central Cybercrime Bureau also shared the following video of the arrests and searches.
Operation PowerOFF is a long-running law enforcement operation that has taken down dozens of other major DDoS platforms for hire.
The FBI also targeted DDoS-as-a-service platforms in December 2018, when it removed 15 websitesand in December 2022, when the Ministry of Justice seized 48 internet domains tied to stressed rigs and charged six suspects for their involvement in exploiting startup services.
Six months later, in May 2023, the US DOJ announced the seizure of 13 additional domains linked to DDoS-for-hire platforms.
“Ten of the 13 domains seized today are reincarnations of services that were seized in a previous sweep in December, which targeted 48 prime services,” the DOJ said. said at the time.
“Whether someone launches a DDoS attack using their own command and control infrastructure (e.g. a botnet) or hires a bootstrap and stress service to carry out an attack, their delivery of a program, information, code or command to a protected computer is illegal and may result in criminal prosecution,” the FBI warns.