"DDoS is not a game. It's a crime!" Europol targets the youth in latest bid to take down DDoS-for-hire infrastructure
By the very nature of modern DDoS attacks, which often deploy large botnets dispersed over a large geographical area, it's difficult to pin the blame on any one mastermind. That said, last week a number of different countries collaborated in a Europol-supported effort designed to take criminal DDoS-for-hire infrastructure offline.
21 different countries in total now participate in Operation PowerOFF, which has been an ongoing effort since at least 2018. 75,000 users tied to the use of DDoS-for-hire services were sent warning emails and letters during the recent "coordinated action week" that began on April 13. 53 domains were also taken down, 25 search warrants were issued, and four people were ultimately arrested, according to Europol.
Europol's press release claims, "[DDoS] attacks are often regionally focused, with users targeting servers and websites within their continent, and directed at a wide range of targets including online marketplaces, telecommunications providers, and other web-based services. Motivations vary from curiosity to ideological purposes linked to hacktivism, as well as financial gain through extortion or the disruption of competitors’ services."
Much of PowerOFF's success was only possible due to the operation intercepting a number of "illegal booter services" that allow users who may otherwise have little technical knowledge to launch DDoS attacks against their target of choice. These encompassed a number of databases that in turn exposed "data on over 3 million criminal user accounts" to law enforcement.
Now that infrastructure has been dismantled and arrests made, the operation is shifting into a prevention phase. This involves "targeted messages shown to young people searching for DDoS-for-hire tools on Google," and scrubbing 100 URLs linked to such cybercrime services from search engine results.
These 'preventative measures' also include an official website with what I can only describe as a pretty cringe animated short where a young gamer turns to a life of crime after he loses connection with his Minecraft server. It boasts all the wince-worthy inauthenticity you'd expect from a law enforcement body attempting to communicate with the youth of today. I must admit I did chortle when I saw the tagline "DDoS is not a game. It's a crime!"
Anyway, while I may laugh at this particular communiqué, games do get hit hard by DDoS attacks. Earlier this year, Arc Raiders got hit by 'extensive' and 'coordinated DDoS attacks', and Final Fantasy XIV Online's North American servers were also going through it after Patch 7.4.
I'm less convinced young'uns are to blame for either of these examples. That said, in 2025 the US Department of Justice did charge a 22-year-old in relation to his involvement with creating the for-hire Rapperbot, described as 'one of the most powerful DDoS botnets to ever exist'. I'm not sure how common cybercrime really is among the youth of today (for a wizened hag like me, 22-year-olds might as well count as part of 'the youth'), but Europol has been targeting young users of DDoS cyber-attack tools since at least 2016.