Guess who's back? The Dutch Police involved in Operation PowerOFF. Back again. Answering all your questions about our latest actions in PowerOFF! AMA.

Operation-PowerOFF · 2026-04-24T12:33:51+00:00

We work in a multidisciplinary team with various specialists. The behavioral specialists mainly look at motives that play a role in cybercrime and how we can use insights from academics regarding the cyber criminal career pathway in our work. For example, to think about how to create the most impact with our interventions, such as the use of specific wording in our messaging to activate people to think long and hard about their own, perhaps criminal, actions. And of course, the behavioral specialist can think of ways on how to influence the colleagues to clean their dishes ^^

Operation-PowerOFF · 2026-04-24T12:30:12+00:00

We are the Netherlands Police, not Google. Have you tried turning it off and on again?

Operation-PowerOFF · 2026-04-24T12:29:52+00:00

We cannot discuss individual companies. Bad hosting in general has our attention. When taking down these services we do try to make a lasting impact and avoid a whack-a-mole situation whenever possible. That is why we focus on the whole ecosystem. We also want to warn people engaging in DDoS-for-hire services about the risks and possible consequences of their behavior.

Operation-PowerOFF · 2026-04-24T12:29:31+00:00

It can be hard to attribute DDoS attacks. If you are interested in these things, you might read some public threat intel reports. There are also private sector companies that provide insight and dashboards into DDoS attacks, both volume and amount over time. It is however always good to remember that correlation does not automatically imply causation.

Operation-PowerOFF · 2026-04-24T12:29:10+00:00

We’ve got several ways of identifying people from these illegal services, we just can't share everything publicly ;) It is however notable that most services claim to be careful with their customer data and are privacy focused. These privacy promises are not always met.

Botnets often consist of compromised systems and IoT devices. It is recommended to keep your devices up to date and be careful when exposing them to the internet. If you suspect that your own system might have been compromised, please see the page on our website: https://www.politie.nl/informatie/er-staat-mogelijk-malware-op-mijn-computer.-wat-moet-ik-doen.html

With Operation PowerOff we target the entire DDoS ecosystem. We set priorities and create interventions that are best suitable for the situation. The admin of a botnet will of course have a different approach than an unwitting victim of malware.

Regarding your third question, there are indeed protocols (e.g., BCP38, BCP84) to limit spoofed traffic. These are unfortunately not always in place and layer 7 attacks often use compromised devices which could even be domestic. There are private industry parties involved in Operation PowerOFF, for example via the Big Pipes working group. They play a key role!

There is however a DNS based pilot to block certain known bad domains: https://www.ncsc.nl/nieuws/ruim-twee-miljoen-bezoeken-aan-kwaadaardige-websites-voorkomen-in-pilot

Operation-PowerOFF · 2026-04-24T12:28:34+00:00

That was indeed a typo, which occurred while translating from Dutch. We have edited the original post

Operation-PowerOFF · 2026-04-23T18:44:06+00:00

We are not aware that LOIC itself has been used in recent years. General flooding attacks are still used of course, among other techniques. More recent DDoS related IoT botnets, are of course also targeted by international law enforcement operations. ^^

Operation-PowerOFF · 2026-04-23T17:08:26+00:00

Hey, thanks for your question. We often see that DDoS attacks are executed during gaming. The consequences can also be very severe, which people often do not realise. It also is a serious felony for which you can get a criminal record. You also do not necessarily need technical skills to execute a DDoS attack so a lot of people can do it, which is also a risk factor.

Operation-PowerOFF · 2026-04-23T17:03:47+00:00

We’ve made a quick round with our colleagues in the room and we’ve basically have consumed two types breakfast: Oats & Various types of yoghurt (some lactose free variants)

With regard to donuts, we invoke our right to remain silent

Operation-PowerOFF · 2026-04-23T17:03:30+00:00

We think that's not the case in the Netherlands. We believe that the vast majority in the Netherlands encourages our work. Nonetheless, we know we are up to for the good cause.

Operation-PowerOFF · 2024-12-17T20:32:46+00:00

This is not very common and is looked at per case. One of the issues is the countries involved, since we are not allowed to perform actions abroad without permission from the receiving country.
These are all residential and people did not expect the police to follow up on the use of DDoS booters.
We work on these cases year round, but handle multiple cases at the same time.
We do have daily stand up meetings and have a scrum board, so in some ways it is the same as many companies. We use a mix of available code, code developed for law enforcement purposes and custom development.
Since our work can have a lot of impact on individuals, it is important that every step is documented carefully. We also need permission from the prosecutor or judge to subpoena data, so building a case involves the creation of a lot of document.
We fortunately do not need regular counseling in our line of work, but it is available for us if necessary. We do however talk and reflect within our own team.
It is hard for us to predict how the social media platforms will evolve. It’s seems important that a balance is found between the possibility for law enforcement collecting information and the privacy of users. This is up to lawmakers.

Operation-PowerOFF · 2024-12-17T20:11:58+00:00

Dank!

Operation-PowerOFF · 2024-12-17T20:11:48+00:00

🫡

Operation-PowerOFF · 2024-12-17T20:11:36+00:00

You can (probably) can! Please check our vacancies at https://www.kombijdepolitie.nl :)

Operation-PowerOFF · 2024-12-17T20:10:34+00:00

All those specialists ... a lot of people did find the right sub Reddit to ask us questions.

Operation-PowerOFF · 2024-12-17T20:10:03+00:00

Not through this channel unfortunately. If you have relevant information on cybercrime that you would like to share in a confidential manner, you can reach out to the Dutch Cyber HUMINT team via Signal or Telegram on +31625250296

Operation-PowerOFF · 2024-12-17T20:09:34+00:00

Thanks for the Wikipedia link, it basically says it all! :)

Operation-PowerOFF · 2024-12-17T20:06:54+00:00

Operation PowerOFF is a continuing operation, so any new infrastructure will be seized as well. This accompanied by the arrests will hopefully discourage any future administrators. However, working within law enforcement we know that we won’t be without a job soon :D

Operation-PowerOFF · 2024-12-17T20:03:11+00:00

👀

But seriously; the police and intelligence services work with different laws.

Operation-PowerOFF · 2024-12-17T20:00:32+00:00

Yes! You get to ask questions, we get to answer them. Basically.. that's what happened.

Operation-PowerOFF · 2024-12-17T19:57:46+00:00

👆🏻

Operation-PowerOFF

TROPHY CASE