Mumsnet hacked, co-founder falls victim to swatting attack

Mumsnet hacked, co-founder falls victim to swatting attack
Mumsnet hacked, co-founder falls victim to swatting attack

Mumsnet, one of the UK's most popular websites for parents, has reset its users' passwords as a precaution after suffering a series of attacks where user-data was compromised. One attack involved armed police being called out to the London home of the parenting site's co-founder.

The hacker gained access to the site's administrative functions and hijacked some accounts. There was also an attempt to force Mumsnet offline via a distributed denial of service (DDoS) attack.

A Twitter account linked to the incident, called DadSecurity, was suspended.

“According to news reports the attack peaked at 17,000 requests per second," said Igal Zeifman, senior digital strategist at Imperva. "While significant, compared to the regular amount of traffic, this is still considered a mid-sized application layer DDoS attack that could have been easily mitigated with adequate DDoS protection."

Justine Roberts, co-founder of Mumsnet, said she suffered a ‘swatting attack' last week—a harassment where a perpetrator calls the emergency services out to their victim under false pretence.

The incident occurred on Tuesday of last week at her home, although Roberts was on holiday. “The first thing I knew was when our au pair contacted us the next morning to tell us that at 3:30 am she'd been woken up and disturbed by a 'Swat' team of five armed police and three unarmed police and a police dog. They'd received a report of a man prowling round the house with a gun,” Roberts said.

She was aware of such incidents becoming more common in the US, but believed they remained relatively rare in the UK. The call was assessed as requiring a firearms response.

No suspects have been identified, but enquiries continue, according to a spokesman for the Metropolitan Police.

“It's sad, but an unfortunate sign of the times that someone, somewhere thinks it's worthwhile taking the time to carry out this sort of attack and to waste police resources in terrifying some poor family,” said Barry Scott, CTO EME, Centrify.

Roberts said the second case occurred after a Mumsnet user engaged the DadSecurity Twitter account and received a reply saying “prepare to be swatted” alongside a photo of a Swat team.

The husband was initially handcuffed when the police arrived. “The [hoax] report had said they had heard gunshots and identified a man as shooting in the house. It's incredibly disturbing and not surprising that that user and her family were very upset,” Ms Roberts said.

“RIP Mumsnet” was repeatedly posted via DadSecurity tweets, although it's now offline. Data was stolen from the site before the account was blocked.

Mumsnet has yet to determine how the hacks were carried out, but one theory is that a cross-site scripting (XSS) attack was involved. Code would have been added to Mumsnet's site to redirect the login process to computers controlled by the hacker.

“Though evidence indicates only 11 user accounts were hacked, given that the website generates some 70 million page views and over 14 million visits per month, we may only be seeing the tip of the iceberg,” said Sol Cates, CSO of Vormetric.