Global Coalition Dismantles DDoS-for-Hire Infrastructure
A sweeping international law enforcement operation has resulted in the arrest of four individuals and the execution of 25 search warrants, as authorities from more than 20 countries united to dismantle multiple platforms that sold cheap, easy access to distributed denial-of-service (DDoS) attacks. Europol coordinated the effort but declined to provide specific details about those arrested or the locations of the raids.
In total, more than 50 domains were seized during the operation, and European authorities said they had identified approximately 75,000 users across the various DDoS-for-hire sites. The action represents the latest chapter in Operation PowerOFF, an ongoing multinational campaign that has been targeting the DDoS-for-hire industry for nearly a decade.
U.S. Justice Department Seizes Eight Sites
American officials announced their own court-authorized seizures as part of the same coordinated effort, taking down eight websites including Vac Stresser and Mythical Stress. Justice Department prosecutors based in Alaska stated they had also "conducted searches of DDoS-for-hire backend servers." Law enforcement seizure banners now appear at the domains for both Vac Stresser and Mythical Stress.
Court documents filed by the DOJ identified the full list of seized domains, which includes:
- Quantum-stress
- Stresse
- Unknownstresser
- Vacstresser
- Dreams-stresser
- Mythicalstress
Prosecutors noted that the sites "purport to launch tens of thousands of DDoS attacks per day," underscoring the industrial scale at which these services operated. A Justice Department spokesperson directed all questions about the arrests to Europol, which did not respond to requests for comment.
Pricing and Scale of the Illegal Services
The accessibility and affordability of these platforms was a central concern for investigators. An FBI agent involved in the operation disclosed that they purchased a Mythical Stress subscription plan offering a full month of DDoS attack capabilities for just $45. Under that plan, up to three victim IP addresses could be targeted simultaneously, with each attack lasting up to 40 minutes.
At the upper end of the pricing spectrum, the most expensive available plan was priced at $950 per month. That tier offered attacks lasting up to 500 hours and allowed operators to target as many as 90 victim IP addresses concurrently. At least one of the platforms bragged about facilitating more than 142 million DDoS attacks in total.
Victims Ranged from Schools to Critical Infrastructure
The Justice Department described a broad and troubling range of targets affected by these DDoS services, stating they victimized entities "including schools, government agencies, gaming platforms, critical infrastructure, including Department of War resources, and millions of people" in the United States and overseas. The indiscriminate nature of the attacks highlights how DDoS-for-hire services enable virtually anyone — regardless of technical skill — to cause serious disruption to essential services.
Europol's Role and the 'Operational Sprint' Framework
Europol described the recent wave of enforcement actions as part of an "operational sprint," a model in which participating nations coordinate with technical experts to rapidly identify and dismantle the infrastructure underpinning DDoS attacks. Information harvested from several previously seized databases enabled Europol to geolocate more than three million "criminal user accounts," which in turn "led to a series of coordinated actions across the globe during the action week."
Powerful DDoS tools function by flooding targeted servers with overwhelming volumes of unwanted traffic, rendering them inaccessible. These tools are exploited by a wide range of actors, from disgruntled gamers settling scores to nation-state threat actors pursuing geopolitical objectives.
A Persistent Problem Despite Years of Enforcement
Despite sustained pressure from law enforcement over many years, the DDoS-for-hire ecosystem has proven remarkably resilient. Justice Department officials acknowledged that these services "have continued to proliferate as they offer a low barrier to entry for users looking to engage in cybercriminal activity."
Over the past four years alone, eleven people have been charged in the United States specifically for facilitating DDoS-for-hire services, and a cumulative total of 100 domains have been seized through U.S. actions.
The problem is not confined to American borders. Last year, Polish police arrested four individuals allegedly operating six separate DDoS-for-hire sites, with some services priced as low as 10 euros. The recurring pattern of arrests and seizures across multiple jurisdictions reflects both the global reach of the problem and the growing determination of international authorities to confront it head-on.
Operation PowerOFF: A Decade in the Making
Operation PowerOFF has been an active multinational initiative for nearly ten years, spanning dozens of countries and resulting in administrator arrests and database seizures at numerous DDoS-for-hire platforms. The consistent participation of more than 20 nations in the latest action demonstrates that the coalition continues to expand, even as the underground marketplace for attack-for-hire services finds new ways to regenerate. Authorities remain committed to pursuing both operators and users of these platforms as part of a long-term strategy to raise the cost and risk of participating in DDoS-enabled cybercrime.
Source: The Record