Dozens of popular DDoS sites raided ahead of potential Christmas attacks

International law enforcement has shut down 27 of the most popular platforms used to carry out distributed denial-of-service (DDoS) attacks, Europol announced in a statement on Wednesday.

The operation, conducted across 15 countries — including the U.S., U.K., Australia, Brazil, Canada, and Finland — led to the identification of 300 users of these platforms and the arrest of three administrators in France and Germany.

Europol explained that the takedowns were timed ahead of Christmas because the holiday season “has long been a peak period for hackers to carry out some of their most disruptive DDoS attacks, causing severe financial loss, reputational damage, and operational chaos for their victims.”

The targeted websites, also known as “booters” and “stressers,” enable cybercriminals and hacktivists to flood online services with junk traffic, rendering them inaccessible. Platforms taken down during the operation included zdstresser.net, orbitalstress.net and starkstresser.net, according to Europol.

Sites like those make it relatively easy for groups or individuals to create digital disruptions without having to use more advanced hacking techniques. 

“We know that Booter services are an attractive entry-level cyber crime, and users can go on to even more serious offending. Therefore, tackling this threat doesn’t just involve arresting offenders, it includes steering people away from straying into cyber crime and helping them make the right cyber choices,” said Frank Tutty of the U.K.’s National Cyber Crime Unit in a news release.

A recent report by Cloudflare revealed that the number of DDoS attacks worldwide surged in the third quarter of 2024 to nearly 6 million — about 50 percent more than during the same period last year. The banking and financial services sector was the most targeted by these attacks.

Global geopolitical tensions have further fueled the use of powerful botnets used in DDoS incidents, Cloudflare noted. Germany’s cybersecurity agency (BSI) reported this week a sharp rise in high-volume DDoS attacks targeting the country over the past year. The BSI suggested that this trend indicates threat actors are increasingly leveraging large botnets for their operations.

On Monday, Denmark’s cybersecurity officials reported a suspected Russia-linked cyberattack targeting websites of several Danish municipalities. The country’s top cyber official, Mark Fiedel, commented that politically motivated hackers often seek attention and therefore choose symbolic targets. “For example, someone with a clear connection to Denmark’s support for Ukraine,” Fiedel added.

The anti-DDoS operation, dubbed PowerOFF, is one of several campaigns led by Europol targeting services used by cybercriminals for a range of illicit activities.

Last week, the agency collaborated with Belgian and Dutch authorities in an international operation against a phone phishing gang, resulting in the arrest of eight suspects. As part of this campaign, hackers attempted to gain access to victims’ financial data via phone or online, later spending the stolen money on luxury watches, jewelry, and lavish parties in designer clothing at exclusive clubs.

Earlier in December, police dismantled a “sophisticated” encrypted messaging service called MATRIX, which was linked to serious crimes, including international drug trafficking, arms trafficking, and money laundering.

In November, Europol and its partners took down one of the largest illegal streaming networks, arresting nearly a dozen individuals tied to the operation. The suspects had pirated over 2,500 television channels — primarily sports channels — and made them available to more than 22 million viewers worldwide.