Polish authorities arrested four individuals accused of operating six rental DDoS platforms—services allegedly responsible for facilitating thousands of attacks against schools, governments, businesses, and even gaming platforms since 2022.
Although these sites were advertised as legal tools for network stress testing, they were actually used for a very different purpose: overwhelming servers, websites, and other online services to take them offline. This was done through DDoS attacks, which essentially involve sending so much fake traffic that the targeted systems can no longer function properly.
The six services involved (Cfxapi, Cfxsecurity, neostress, jetstress, quickdown, and zapcut) were taken down in a joint police operation involving Germany, the Netherlands, Poland, and the United States.
“In the latest blow to the market for-for-hire DDoS attacks, Polish police arrested four individuals suspected of running a network that enabled thousands of cyberattacks worldwide,” Europol reported on Wednesday.
According to the investigation, these suspects were behind several platforms known as stressers or booters. Customers only needed to pay a fee (as low as €10), enter the target’s IP address, select the type and duration of the attack, and that was it. No technical knowledge was required. The platforms’ interfaces were as easy to use as a music or shopping app.
Quickdown User Interface (Source: BleepingComputer)
The Dutch police seized data from these booter websites and shared it with international partners. Thanks to this information, four administrators linked to the DDoS platforms were arrested in Poland.
Meanwhile, the United States intervened and seized nine domains as part of this coordinated crackdown on DDoS services. German authorities also joined the investigation, identified a suspect, and shared key data on other individuals involved.
In a rather clever move, Dutch investigators even created fake booter sites to catch those looking to hire DDoS attacks. When users tried to access them, they were met with clear warnings: what you are attempting to do is illegal and is being monitored. This approach aimed not only to catch criminals but also to deter potential buyers.
All of this is part of a long-running joint operation called Operation PowerOFF, which began in December 2018. In its early phases, it had already led to the shutdown of 15 sites linked to DDoS attacks.
Over the years, PowerOFF has also achieved other significant successes: it shut down the popular DDoS review platform Dstat.cc, dismantled the DigitalStress service in the UK, and arrested two booter operators in Poland.
Additionally, in other coordinated actions, authorities seized 13 domains on one occasion and later another 48 sites related to booter platforms, delivering heavy blows to the market for these illegal services.
