Europol shifts the pressure onto DDoS buyers

European law enforcement has opened a new phase in its campaign against distributed denial-of-service-for-hire operations by going beyond infrastructure takedowns and contacting alleged customers directly. In a coordinated action announced by Europol, authorities said they sent warning emails and letters to more than 75,000 people suspected of paying for services used to knock websites offline.

The operation, carried out under the PowerOFF banner, also included four arrests, 53 domain takedowns, and 24 search warrants. The scale matters on its own, but the method may be the more important signal. Rather than focusing only on the people running so-called booter or stresser services, investigators are now using seized server data to identify the registered users behind those attacks.

That makes the latest enforcement push more than a cleanup operation. It is also a deterrence campaign aimed at the demand side of the DDoS economy, where low barriers to entry have long helped keep these services alive.

Why DDoS-for-hire services remain hard to stamp out

DDoS attacks are not new, but they remain attractive because they are comparatively easy to launch and often highly disruptive. A customer does not need advanced intrusion skills, their own botnet infrastructure, or deep technical knowledge. For a fee, a service can offer the ability to flood a target with traffic and overwhelm systems until a website, app, or online service becomes unavailable.

That convenience has helped keep the market resilient even as law enforcement has repeatedly dismantled operators. Europol said the latest action was possible because authorities raided and seized servers linked to the services, giving investigators access to records that could be used to identify users. That server-side evidence is what enabled the unusually large outreach effort to suspected customers.

The tactic reflects a practical truth in cybercrime enforcement: infrastructure can be rebuilt, domains can be replaced, and operators can reappear under new brands. But if the customer base begins to view these platforms as unsafe, the business model becomes harder to sustain.

Google is now targeting bad ads over bad actors | TechCrunch
More in News

Google Blocked a Record 8.3 Billion Ads as AI Changed How It Enforces Policies

Google says it blocked 8.3 billion ads globally in 2025 while suspending fewer advertiser accounts, reflecting a shift toward AI-driven ad-level enforcement rather than blanket account bans.

Read article

A message designed to raise the cost of casual abuse

The direct warnings appear tailored to an important segment of the DDoS-for-hire market: people who may not think of themselves as cybercriminals in the conventional sense. These services have often been used in harassment campaigns, retaliation, gaming-related disputes, and low-sophistication disruption. Their appeal has always rested partly on distance. The buyer clicks, pays, and treats the result as if it were outsourced mischief rather than a traceable offense.

Europol’s move is designed to erode that perceived distance. By contacting alleged users individually, authorities are effectively saying that a platform seizure does not just expose the operators. It can expose the clients too.

That matters because the deterrent effect may extend beyond the 75,000 people contacted. The broader audience is anyone tempted to use a commercial DDoS service because it looks easy, anonymous, and low risk. The operation suggests that those assumptions are increasingly outdated.

The broader cybersecurity backdrop

The enforcement action comes against a backdrop of continuing growth in the scale of DDoS incidents. Europol’s announcement cited a threat category that remains common because it can create immediate disruption with comparatively little effort. The pressure on defenders has continued to rise. Last year, Cloudflare said it mitigated what it described as the largest DDoS attack on record, peaking at 29.7 terabits per second.

That figure underscores the split nature of the DDoS landscape. At one end are enormous attacks involving industrial-scale traffic floods. At the other are commercialized services that make attack capability accessible to far less sophisticated customers. The latter may not always generate record-breaking volumes, but they widen the pool of people able to weaponize disruption.

For organizations defending public-facing infrastructure, that means the threat is not limited to elite actors. It also includes a mass market enabled by cheap, packaged attack services.

Meta raises Quest 3 and Quest 3S prices due to RAM shortage | TechCrunch
More in News

Meta Raises Quest 3 and Quest 3S Prices as Memory Costs Climb

Meta will increase Quest headset prices on April 19, citing a global surge in memory chip costs that is pushing up the price of high-performance VR hardware.

Read article

Part of a longer campaign

PowerOFF is not an isolated action. The FBI and other agencies have conducted multiple operations against DDoS-for-hire services in recent years, and Europol’s latest announcement fits that pattern of sustained cross-border pressure. The recurring challenge is that these platforms sit at the intersection of commodity hosting, payment channels, disposable domains, and a customer base that can be globally distributed.

That is why international coordination remains essential. A service may be administered in one country, hosted in another, marketed through domains registered elsewhere, and used by customers across dozens of jurisdictions. A fragmented response leaves too many gaps. The latest action shows authorities continuing to close those gaps through joint investigations and synchronized takedowns.

What the operation changes

The most notable outcome may not be the arrest count or the number of domains seized, though both are significant. It may be the precedent of large-scale notification. Seizing infrastructure is disruptive. Warning identified users is psychological, legal, and strategic at the same time.

  • It tells suspected buyers that their activity may already be known to authorities.
  • It raises the reputational and legal risk of using these services in the future.
  • It signals that investigations are expanding from platform operators to full ecosystems.

Whether that will materially shrink demand remains to be seen. Cybercrime markets have a history of adaptation. But the operation shows that law enforcement is adapting too, using intelligence from seizures not only to prosecute organizers but to undermine the customer confidence that keeps the market running.

For companies, institutions, and online platforms that continue to face disruptive traffic floods, that shift is worth watching. The fight against DDoS abuse is no longer just about taking services offline. It is increasingly about convincing would-be customers that ordering an attack is neither private nor consequence-free.

This article is based on reporting by TechCrunch. Read the original article.

DeepL, known for text translation, now wants to translate your voice | TechCrunch
More in News

DeepL Moves Beyond Text With a Real-Time Voice Translation Push

DeepL has launched a voice-to-voice translation suite and an API for custom deployments, expanding from text translation into meetings, mobile conversations, and frontline worker scenarios.

Read article

Originally published on techcrunch.com