European police have launched an unusual cybercrime crackdown by emailing and mailing warnings to more than 75,000 people suspected of using “DDoS-for-hire” services, a move aimed not just at arrests but at deterring future attacks before they happen.
Europol coordinated the operation against services that let customers launch distributed denial-of-service attacks without needing deep hacking skills or their own infrastructure.
Europol said the action week also led to four arrests, the takedown of 53 domains, and 25 search warrants across participating countries.
A crackdown aimed at both operators and customers
The most striking part of the operation was not only the infrastructure seizure but the decision to directly contact suspected users.
TechCrunch reported that law enforcement sent warning emails and letters to more than 75,000 alleged cybercriminals who had paid for or registered with these booter services.
Europol said investigators were able to identify those users after raiding and seizing servers tied to the platforms, gaining access to their databases and registered account information.
That approach suggests police are trying to widen the pressure beyond the handful of people who run the services.
DDoS-for-hire platforms, sometimes called booter or stresser services, are built to make disruption easy for customers who may have little or no technical expertise.
Europol said these services allow users to launch attacks against targeted websites, servers, or networks, and that their infrastructure includes servers, databases, and other technical components that make paid DDoS activity possible.
The operation was broader than a single-country takedown
Europol said the action involved 21 countries, including several in Europe as well as the United States, the United Kingdom, Australia, Japan, Brazil, and Thailand.
TechCrunch described the effort as a coalition of global law enforcement agencies, while Europol said the operation combined both enforcement and prevention measures during a coordinated action week beginning on April 13.
The wider scale matters because DDoS-for-hire services are often resilient, moving across hosting providers, jurisdictions, and domains when pressure builds.
Europol’s statement said that “leading up to the action week,” authorities carried out operational sprints targeting “high-value target users” and dismantling technical infrastructure that supported illegal DDoS activity.
That makes this look less like a one-day takedown and more like a structured international campaign.
Why police are focusing on DDoS-for-hire again
DDoS attacks remain attractive because they are disruptive and relatively easy to commission. These attacks can knock websites offline and remain “relatively common” partly because for-hire services lower the barrier to entry. Last year Cloudflare mitigated what it called the largest DDoS attack to date, peaking at 29.7 terabits per second.
That helps explain why police are now targeting not only service operators but also the customers fueling demand. By warning 75,000 suspected users directly, Europol appears to be sending a message that buying access to an attack can carry consequences even if the buyer never writes a line of malicious code.
A warning campaign, not just a takedown
The larger message from the operation is that cybercrime enforcement is becoming more preventive as well as punitive.
Rather than waiting only for major attacks or focusing solely on the top operators, European police and their partners are trying to interrupt the ecosystem from both ends: seize the services, arrest some suspects, and warn thousands of would-be users that they have been identified.
In that sense, the emails themselves may be one of the most important parts of the operation.
They turn what is often treated as low-risk “for hire” disruption into something much more personal: a notice from police telling recipients to stop.
