Poland arrests four in global DDoS-for-hire takedown
Polish authorities have arrested four people suspected of running illegal DDoS-for-hire services that allowed users to launch cyberattacks on websites and servers worldwide, according to Europol.
The suspects, aged 19 to 22 years old, allegedly operated six platforms — Cfxapi, Cfxsecurity, Neostress, Jetstress, Quickdown and Zapcut — that offered distributed denial-of-service attacks for as little as 10 euros. Beginning in 2022, the services targeted educational institutions, government websites, companies and gaming services.
If convicted, the suspects could face up to five years in prison, Poland’s Central Cybercrime Bureau (CBZC) said. During raids, officers seized computers, phones, SIM and payment cards, cryptocurrency wallets containing about $30,500 in digital currency, as well as cash and vehicles.
Unlike traditional botnets, the so-called "booter" or "stresser" services allow users to flood a website with traffic by simply entering a target’s IP address and paying a fee. The attacks are executed through centralized rented infrastructure, making them accessible to users with little technical skill.
The arrests were part of “Operation PowerOFF,” a coordinated international effort led by Europol and the FBI, with support from law enforcement agencies across multiple countries. As part of the latest action, U.S. authorities seized nine domains linked to illegal DDoS services.
In a previous phase of the operation in December, police shut down 27 booter platforms in a global sweep across 15 countries, identifying 300 users and arresting three administrators in France and Germany.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.