Police warn users of Crime-as-Services – ‘DDossing’ is a criminal offence

As part of the international operation PowerOFF, Finnish police have shut down websites offering unlawful booter and stresser services. The operation also affected hundreds of users in Finland.

The Operation PowerOFF targets criminal tools available on the open web. Since it was launched in 2018, the international joint operation has seen law enforcement agencies around the world seize and take down websites offering Crime-as-a-Services. The operation also brings both service operators and users to face criminal investigation and preventive action. The joint operation is led by the Federal Bureau of Investigation, and in Europe, it is coordinated by Europol.

In the first two stages of the operation, foreign authorities seized 63 websites, which were the most widely used booter services in a global scale. Booters are online stress-testing services that are used in carrying out denial-of-service attacks. The cracked-down services include, for example, Ipstresser, Stresserapp and Bootyou. The seizures conducted abroad have led to criminal investigations, and charges have been brought against the website administrators. The international police operation also revealed that hundreds of users from Finland had been signed-in to these services.

Targeted warning message to users

As part of the joint operation, law enforcement agencies in participating countries are contacting users of the taken-down services with a targeted warning message delivered by email or letter. The National Bureau of Investigation will contact users signed-in from Finland by email. The warning message will inform the users that they have been signed-in a site offering unlawful services and that the site has since been seized by the police. The user will be warned about the site's unlawful nature instructing them to stop using the service, as well as to delete any data and remove any software downloaded for this purpose from their devices. 

Through this targeted outreach, the police aim to remind everyone that using booter or stresser services is unlawful. Websites offering these services may claim to sell legitimate products for cybersecurity testing. In reality, however, these services provide unlawful tools that enable launching DDoS attacks from anywhere to anywhere in the world. 

– In the attacks, booter services take advantage of unlawfully hijacked devices. Criminals have typically taken over the devices through data breaches. The user might not even be able to tell in advance what the real impact of the attack will be, and the actual damage caused could come as a surprise to the attacker as well, explains Senior Detective Superintendent Mikko Rauhamaa of the National Bureau of Investigation. 

Carrying out a DDoS attack is a criminal offence

The police take cybercrime seriously. Carrying out a DDoS attack is a criminal offence under the law. It may have far-reaching consequences for both the attacker and the victim. The criminal act could meet, for example, essential elements of interference with a computer system or interference of communications. 

– DDoS attacks are usually considered relatively harmless, as so-called digital traffic jams. In the worst-case scenario, they could cause significant harm to individuals or businesses, and even disrupt critical functions, such as the operations of emergency services, says Rauhamaa.

DDoS attacks cause a major headache for organisations. Defending against cyberattacks often requires taking extensive and costly protective measures. Fixing a disrupted online service can take a significant amount of time and resources. Consumers may notice DDoS attacks when everyday services, such as online banking or payment terminals in stores, do not work. Unfortunately, booter services are quite commonly used, particularly among young people. For example, 'dossing' on gaming platforms could very well be their first introduction to cybercrime. The police remind that any attack carried out using automated tools is also a criminal offence. 

Those who receive the warning message are not currently suspected of any criminal offence, and the email will not require any further action. If they prefer, they may contact the National Bureau of Investigation at poweroff.krp@poliisi.fi for further information.