An international law enforcement coalition involving 21 countries, backed by Europol and the FBI, dismantled 53 domains linked to commercial DDoS-for-hire platforms and identified more than 75,000 users of those services.
What Happened
Operation PowerOFF concluded an enforcement phase on April 16, 2026, seizing 53 domains that hosted “booter” services — platforms allowing anyone to pay to flood a target server or network with malicious traffic. Four individuals were arrested across participating countries. Law enforcement executed 25 search warrants and obtained access to databases containing over three million criminal user accounts tied to these services.
The operation was coordinated through Europol and involved 21 countries including Australia, Austria, Belgium, Brazil, Bulgaria, Denmark, Estonia, Finland, Germany, Japan, Latvia, Lithuania, Luxembourg, the Netherlands, Poland, Portugal, Sweden, Thailand, the United Kingdom, and the United States. Europol sent over 75,000 warning emails and letters to identified users, notifying them that their activity had been identified and documented.
Booter services function by renting access to botnets — typically composed of compromised home routers and IoT devices — and directing attack traffic against targets chosen by the paying customer. These services have historically been used to attack gaming servers, disrupt businesses, and harass individuals. The entry price is low, making them accessible to non-technical actors. Source: BleepingComputer, The Hacker News
Why This Matters for Canadian Organizations
DDoS-for-hire services represent a persistent operational risk for Canadian businesses, municipalities, and critical infrastructure operators. Any organization with an internet-facing presence is a potential target, and the low cost of booter services means attacks do not require a sophisticated or well-funded adversary.
Europol’s prevention phase — which includes search engine advertising targeting young people seeking these tools and the removal of over 100 URLs promoting illegal DDoS services from search results — addresses a recruitment pipeline that has historically drawn in teenagers and young adults. Canadian law enforcement agencies, including the RCMP’s National Cybercrime Coordination Centre (NC3), work closely with Europol and FBI on cross-border cybercrime operations of this type. The 75,000 warning emails sent to identified users put individuals across all participating countries on notice that their use of these services has been logged.
For security and IT teams, the takedown also offers a practical reminder: organizations that have experienced DDoS disruptions and suspect booter service involvement should retain logs and contact the RCMP NC3, as the data obtained from seized platforms during operations like PowerOFF is frequently shared with law enforcement in affected countries for follow-on investigations.
What to Do
Review your organization’s DDoS mitigation posture. Ensure internet-facing services have anti-DDoS protections in place, including upstream scrubbing or CDN-based rate limiting. For organizations that have not yet assessed their exposure, consult the CCCS’s guidance on DDoS resilience for Canadian critical infrastructure operators. If your organization received a warning email as part of Operation PowerOFF’s notification campaign, treat it as a serious indicator that an employee or contractor has used illegal services and escalate accordingly.
