Behind the romanticised image of the hacker – capable of disrupting government services or businesses through denial-of-service attacks – lies a cybercrime economy. In an operation carried out in Luxembourg as well, Europol has issued warnings to 75,000 individuals. Photo: Shutterstock

Behind the romanticised image of the hacker – capable of disrupting government services or businesses through denial-of-service attacks – lies a cybercrime economy. In an operation carried out in Luxembourg as well, Europol has issued warnings to 75,000 individuals. Photo: Shutterstock

Behind Operation PowerOFF, led by Europol across 21 countries including Luxembourg, the authorities are targeting a little-known reality: thousands of users, often inexperienced, are launching cyberattacks with just a few clicks via easily accessible platforms. Between the normalisation of such attacks, ease of access and the risk of criminal prosecution, we take a closer look at the economics of DDoS attacks.

Over 75,000 people identified, four arrests, dozens of websites shut down. Behind the figures released by Europol as part of Operation PowerOFF, one reality stands out: cyberattacks are no longer the preserve of experts. They have become industrialised, simplified and, above all, democratised. At the heart of this development are so-called “DDoS-for-hire” services. Their promise is simple: to enable anyone, without any particular technical expertise, to launch a cyberattack against a website or online service. For a few euros, sometimes paid in cryptocurrency, a user can choose a target, set the duration of the attack and simply click a button.

In practical terms, a DDoS attack – which stands for “distributed denial of service” – involves flooding a website or server with a massive volume of requests. Thousands, and sometimes millions, of computers simultaneously target the same system, which eventually becomes overloaded and inaccessible. For the average user, this means a website that won’t load, an unavailable service or a blocked platform.

These attacks often rely on networks of compromised machines, known as “botnets”, but DDoS-for-hire platforms hide all this complexity. They offer a simplified interface, much like a standard online service. “Launching an attack” then becomes as simple as ordering a product or booking a ticket.

More and more “hackers” with no skills

It is precisely this ease of use that is causing concern among the authorities. Europol points out that many of the users identified have “limited technical skills”. Some are drawn in by curiosity, others by a sense of challenge or to settle personal disputes online, particularly in environments such as gaming. Still others seek financial gain by disrupting a competitor or engaging in some form of extortion. The profile of these users is therefore a far cry from the traditional image of a hacker. They are often young adults, or even teenagers, who follow tutorials available online and use off-the-shelf tools. The act itself can be swift, almost routine, without always considering the legal consequences.

This is precisely what is at stake in the current phase of Operation PowerOFF. Beyond the arrests and seizures of infrastructure, the authorities are seeking to send a clear message: using these services remains a criminal offence. The 75,000 warning messages sent out are specifically aimed at reaching this “grey” demographic, straddling the line between curiosity and criminality.

At the same time, law enforcement agencies have turned their attention to the technical infrastructure. “Booter” services – platforms that sell attacks on demand – rely on complex infrastructure: servers, databases and botnets. Taking them down not only stops ongoing attacks, but also enables the recovery of valuable user data.

According to Europol, analysis of these databases has enabled the identification of more than three million accounts linked to these services. This wealth of information is now feeding into investigations in several countries, including Luxembourg, which is involved through the cybercrime unit of the Judicial Police. The strategy is no longer limited to law enforcement. The authorities are now focusing on prevention, right where these practices are emerging. Targeted messages appear in search engines when internet users search for DDoS tools. Websites offering these services are being delisted. Even the blockchains used for payments are subject to warning messages.

This approach marks a paradigm shift. DDoS attacks are no longer merely a threat posed by organised groups, but an accessible, almost commonplace tool within certain online communities. It is precisely this normalisation that the authorities are now seeking to curb. For behind the apparent simplicity of these attacks, the impacts remain very real: economic losses for businesses, disruption to essential services, and a breach of trust in digital infrastructure. And for those who engage in such attacks, even occasionally, the risk is now clearly identified: that of slipping, sometimes without being fully aware of it, into cybercrime.

Related articles

Three years to react “firmly”, in the modern world, is too slow. That’s what yesterday’s European sanctions against a number of Chinese and Iranian entities illustrate. (Illustration photo: Shutterstock)
JUSTICE

EU sanctions Chinese hackers... identified for three years

Thierry Labro 17.03.2026
A giant blackout hit Post and the entire grand duchy, from mid-afternoon until late into the night. Archive photo: Maison Moderne
POLITICS

Post outage: the shadow of pro-Russian hackers

Thierry Labro 24.07.2025
According to one study, 78 of the 187 average applications used by companies in their customer network are used outside the IT department’s security instructions and protocols. Photo: Shutterstock
TECHNOLOGY

“Shadow IT” putting companies at risk

Thierry Labro 06.12.2024