What Happened to lina (The Hacker Who Accidentally Shut Down a Police Honeypot)?
In April 2026, a hacker known as 'lina' discovered and exposed a police honeypot named Cyberzap, operated by the international law enforcement initiative Operation PowerOFF. Her detailed investigation and interaction with the fake DDoS-for-hire website led the authorities to abruptly shut down the honeypot and a related domain.
Quick Answer
As of April 29, 2026, a hacker named lina accidentally caused the shutdown of 'Cyberzap,' a police honeypot designed to trap individuals seeking DDoS-for-hire services. lina, while researching the international law enforcement initiative Operation PowerOFF, uncovered Cyberzap's true nature and her subsequent probing led the operating agencies, including the Dutch Police, FBI, and Europol, to pull the plug on the site. She documented her findings in a blog post, highlighting the honeypot's design and the police's reaction.
📊Key Facts
📅Complete Timeline11 events
Operation PowerOFF Commences
Europol's Operation PowerOFF (formerly Operation Vulcania), an international law enforcement effort to dismantle DDoS-for-hire infrastructure, begins its ongoing activities.
NCA Infiltrates Cybercrime Market with Disguised DDoS Sites
The UK's National Crime Agency (NCA), part of Operation PowerOFF, publishes an article detailing how they infiltrated the cybercrime market using disguised DDoS sites, a tactic similar to Cyberzap.
Cyberzap.fun Domain Created
The domain cyberzap.fun, later identified as a police honeypot, is created.
Cyberzap.fun Captured by Internet Archive (Empty)
The website cyberzap.fun is captured by the internet archive, but it appears to be empty at this time, suggesting it was not yet fully operational as a honeypot.
Scattered Lapsus$ Hunters Fall for Resecurity Honeypot
In a separate but related incident, the hacking collective Scattered Lapsus$ Hunters claims a breach at cybersecurity firm Resecurity, only to discover they had fallen into a sophisticated honeypot designed to expose their infrastructure.
Operation PowerOFF Coordinated Action Week
21 countries participate in a coordinated action week as part of Operation PowerOFF, focusing on enforcement and prevention against over 75,000 criminal users of DDoS-for-hire services. This leads to 4 arrests and the takedown of 53 domains.
Operation PowerOFF Announces Major Takedowns
Operation PowerOFF publicly announces the seizure of 53 DDoS domains, 4 arrests, and access to databases containing over 3 million criminal user accounts.
lina Discovers Cyberzap Honeypot
While researching Operation PowerOFF, lina discovers cyberzap.fun, a website designed to look like a DDoS-for-hire service, and begins to investigate its true nature.
lina Registers with Research Email
lina registers on Cyberzap with an email explicitly stating her research intent, 'conducting-research-hello-operation-poweroff@lina.sh'.
Police Shut Down Cyberzap Due to lina's Actions
Following lina's extensive probing and interaction with the Cyberzap honeypot, law enforcement agencies 'panic' and take cyberzap.fun and bytecannon.net offline.
lina Publishes Blog Post Detailing Incident
lina publishes a blog post on lina.sh titled 'I accidentally made law enforcement shut down their fake honeypot,' detailing her discovery, investigation, and the subsequent shutdown.
🔍Deep Dive Analysis
In late April 2026, a cybersecurity researcher operating under the moniker 'lina' gained significant attention after publicly detailing how her investigation led to the accidental shutdown of a sophisticated police honeypot. The honeypot, named 'Cyberzap' (cyberzap.fun), was part of 'Operation PowerOFF,' a large-scale international effort coordinated primarily by the Dutch Politie, alongside agencies such as the FBI, the UK National Crime Agency, and Europol. This operation aims to dismantle DDoS-for-hire services and deter cybercriminals.
lina stumbled upon Cyberzap while actively researching Operation PowerOFF's activities. The website was designed to mimic legitimate DDoS-for-hire platforms, complete with SEO-friendly meta tags, sitemaps, and a seemingly functional dashboard featuring fake network speed graphs and bot counters. However, lina quickly identified inconsistencies, notably the use of 'bit.nl' for mail servers, a known host for Dutch police operations.
Driven by curiosity and a desire to understand the honeypot's depth, lina registered on Cyberzap using a distinct email address, 'conducting-research-hello-operation-poweroff@lina.sh,' explicitly signaling her intent as a researcher rather than a malicious actor. She proceeded to interact with the site, including attempting to 'order an attack' on a humorous target. According to lina, her persistent 'digging around' and taking screenshots triggered an alarm within the law enforcement agencies.
Within a short period, the police 'panicked' and abruptly took Cyberzap offline, along with an unused related domain, bytecannon.net, which displayed the same authorization message. This swift shutdown, as described by lina, was a direct consequence of her investigative actions, effectively neutralizing the honeypot. The incident highlights the delicate balance law enforcement faces in operating covert cyber traps, as sophisticated researchers can expose their methods.
As of April 30, 2026, Cyberzap.fun and bytecannon.net remain offline. lina's blog post, published on April 29, 2026, serves as a detailed account of the incident, providing insights into the design of police honeypots and the operational security challenges they present. Operation PowerOFF, meanwhile, continues its broader mission, having recently announced the seizure of 53 DDoS domains, four arrests, and the identification of over 3 million criminal user accounts in a coordinated action week in April 2026, demonstrating its ongoing efforts despite this specific honeypot's exposure.
What If...?
Explore alternate histories. What if lina (The Hacker Who Accidentally Shut Down a Police Honeypot) made different choices?