Most people just panic and start paying Cloudflare for protection. Pretty much for the same reason that most people pay into protection rackets instead of reporting them to law enforcement, because they're afraid and their livelihood is at risk.
Cloudflare also has this wonderful policy of forwarding abuse reports (with information on who reported) to the booter site in question. You can imagine the consequences of that from what just happened to Krebs for doing reporting on them.
With or without Cloudflare in the mix, how the heck would you go about making the connection between a flood of traffic from a large number of IPs, and any particular booter site? I don't understand how taking Cloudflare out of the mix helps you stop the DDoS.
As an aside, the FBI is indeed interested in investigating large DDoS attacks. Contact your local field office to see if yours qualifies! :-)
DDoS-for-sale sites are not "free speech sites", they are for-profit criminal organizations engaging in the violent censorship of people that are too poor to afford proper DDoS mitigation or that want to control the privacy of their users by managing the SSL certs.
The booters aren't usually as powerful as these 600Gbps+ monsters, but they're quite adequate to wreck almost any network for a long time (most IP transit hookups for racks are 10Gbps or less, these attacks can be well in excess of 100Gbps), requiring you to spend exorbitant amounts of money to protect your site against what are essentially bored high schoolers with a spare $20, your competitors, or whomever. That money is then dumped back into the system, allowing the attackers to build even more sophisticated and powerful infrastructure, leading to worse attacks like the ones we're now starting to see. Krebs was one of the people to document this trend, and now his site has been censored off the net by the same people he was writing about. Why is it so surprising to everyone that he's avoiding Cloudflare?
