Anyone with money could log on, pay a fee, and watch the attack unfold
In the quiet architecture of the internet's underworld, Brazilian federal authorities moved this week to dismantle a network that had turned cyberattacks into a commodity — no expertise required, only payment. Across São Paulo, Rio de Janeiro, and Santa Catarina, the Federal Police executed warrants against those who built and sold distributed denial-of-service attacks targeting the very institutions meant to protect the public order. With FBI support, the operation exposed not merely a local criminal enterprise, but a global marketplace where the barriers between intent and destruction have all but disappeared. The case asks a question that will outlast any single arrest: what does security mean when disruption can be purchased like any other service?
- Brazilian federal agencies — including the Federal Police itself and the Army's telecommunications center — were paying customers of chaos, targeted by attacks their own institutions were meant to prevent.
- The criminal platforms required no technical knowledge from buyers: select a target, pay a fee, and the attack begins — turning sophisticated cyberwarfare into a point-and-click transaction.
- Infrastructure scattered across cloud servers in multiple countries made the network deliberately elusive, its reach extending far beyond Brazil's borders into a global market for digital disruption.
- Four search warrants and two arrest orders across three states signal a deliberate shift in strategy — authorities are now pursuing the entire supply chain, from platform builders to paying clients.
- Suspects face charges of criminal association and disruption of public utility services, as investigators work to map the full scope of attacks dating back to 2018.
On a Wednesday morning, Brazilian federal police moved simultaneously across three states — São Paulo, Rio de Janeiro, and Santa Catarina — to dismantle a criminal network that had been selling cyberattacks as a service. The targets of those attacks were not incidental: they included the Federal Police itself, the Army's integrated telecommunications center, and Serpro and Dataprev, the agencies that form the digital backbone of the Brazilian state.
What made the network especially troubling was its simplicity. Operating under names like booters and stressers, the platforms offered distributed denial-of-service attacks — floods of malicious traffic designed to crash websites and knock services offline — to anyone willing to pay. No technical knowledge was required. The service was purely transactional, with no vetting of customers and no questions about intent. Significant attacks against federal institutions had been traced back to 2018 and 2020.
The infrastructure was deliberately dispersed across cloud servers in multiple countries, complicating efforts to trace and shut it down. The investigation, conducted with support from the FBI, revealed the global scale of this marketplace and how casually it operated. Authorities identified two categories of suspects: those who built and maintained the platforms, and those who contracted specific attacks. Both now face serious federal charges.
What the case ultimately reveals is a portrait of cybercrime as a mature service industry — one in which expertise has been replaced by affordability, and in which the distance between motive and destruction has collapsed to the length of a payment form.
On Wednesday morning, federal police in Brazil moved against a criminal operation that had been selling hacking services to anyone willing to pay. The network's targets were not random—they included the Federal Police itself, the Army's integrated telecommunications center, and critical government technology agencies. The operation unfolded across three states: São Paulo, Rio de Janeiro, and Santa Catarina, with four search warrants and two temporary arrest orders issued by the courts.
The criminal group's business model was straightforward and efficient. They ran illegal platforms that offered what are known as DDoS attacks—distributed denial-of-service strikes that flood a website or online service with malicious traffic until it crashes or becomes unusable. What made this network particularly dangerous was its accessibility. You did not need to be a skilled programmer or understand the technical details of how these attacks worked. Anyone with money could log on, select a target, pay a fee, and watch the attack unfold. The platforms operated under names like booters and stressers, terms that have become common in the underground economy of cybercrime.
The infrastructure behind these services was distributed across cloud servers in multiple countries, making it difficult to trace and shut down. This global dispersal meant that the same platforms being used to attack Brazilian government agencies were available to criminals and activists worldwide. The investigation, which received support from the FBI, revealed the scale of this marketplace and how casually it operated. There was no vetting of customers, no questions asked about intent. The service was purely transactional.
Among the most significant attacks the network had facilitated were strikes against the Federal Police in 2020, the Serpro agency responsible for government digital infrastructure, Dataprev, and the Army's telecommunications center in 2018. These were not peripheral targets. They were the systems that hold the country's digital backbone together. Each successful attack meant hours or days of disruption, lost productivity, and potential exposure of sensitive information.
The police identified two categories of suspects: those who built and maintained the illegal platforms, and those who hired them to carry out specific attacks. Both groups now face charges of criminal association and disruption of public utility services—serious federal crimes. The operation signals a shift in how Brazilian authorities are approaching cybercrime, moving beyond reactive defense to proactive investigation of the entire supply chain, from the vendors offering the services to the customers purchasing them.
What emerges from this case is a portrait of modern cybercrime as a service industry. The technical barrier to entry has collapsed. Expertise is no longer required. All that remains is motive and money, and the platforms make it trivially easy to connect the two. The investigation suggests this is not a localized problem but a global one, with Brazilian government agencies caught in the crossfire of a worldwide market in digital disruption.
Citas Notables
The platforms allowed any person, even without technical knowledge, to contract attacks by making a payment— Federal Police statement
La Conversación del Hearth Otra perspectiva de la historia
Why target government sites specifically? What's the advantage for the attackers?
It's partly about impact and partly about proving capability. A successful attack on the Federal Police or the Army demonstrates that the service actually works. It builds reputation in the underground market. But there's also a political dimension—some clients may want to embarrass the government or test its defenses.
How much would someone actually pay for one of these attacks?
The source doesn't specify prices, but DDoS-for-hire services are typically cheap—anywhere from a few dollars to a few hundred, depending on the target's size and the duration of the attack. That's what makes it so accessible. It's not a luxury service.
The platforms were hosted in multiple countries. Does that mean Brazilian police can't actually shut them down?
Not entirely. They can arrest the people running the platforms and the people paying for attacks. But the infrastructure itself, scattered across cloud servers globally, is harder to eliminate. That's why the FBI was involved—international coordination is necessary.
What happens to someone who gets caught hiring one of these attacks?
They face federal charges for disrupting a public utility service. It's not a minor offense. The penalties can include prison time and fines. The police are treating this as serious crime, not just mischief.
Is this operation likely to actually stop the attacks, or just slow them down?
Probably slow them down. The underlying demand exists—there are always people who want to disrupt government systems. But removing the operators and publicizing the investigation raises the risk and cost of using these services. Some customers will think twice.