DDoS Attack Shuts Down Parenting Website Mumsnet

Armed police also attend Mumsnet founder’s home following a ‘swatting attack’. Oh, and the website’s been hacked, too

Popular parenting forum Mumsnet has been targeted by a creepy cyber criminal who temporarily shut the website down.

The website went offline last week after someone calling themself @DadSecurity overloaded the website’s server, said Justine Roberts, who founded Mumsnet in 2000.

DDoS attack

Roberts said: “On the night of Tuesday 11 August, Mumsnet came under attack from what’s known as a denial of service (DDoS) attack.

DDoS“Our servers were bombarded with requests, which required our Internet service provider to massively increase server capacity to cope.

“We were able to restore the site at 10am on Wednesday 12 August. Meanwhile a Twitter account, @DadSecurity, claimed responsibility, saying in various tweets, ‘Now is the start of something wonderful’, ‘RIP Mumsnet’, ‘Nothing will be normal anymore’ and ‘Our DDoS attacks are keeping you offline’.”

Roberts also alleged that those responsible called in a report to the Metropolitan Police, claiming an armed man had been spotted outside her home.

This, Roberts said, led to armed police visiting her property in the early hours of August 12. Another Mumsnet user has been similarly targeted, when police were informed that gunshots had been heard at her home, according to Roberts.

This is a malicious technique gaining popularity in the US, dubbed a ‘swatting attack’ in relation to the SWAT teams (armed police) that have to respond to such incidents.

Roberts said: “Police arrived at her house late at night following a report of gunshots. Needless to say, she and her young family were pretty shaken up.

“It’s worth saying that we don’t believe these addresses were gained directly from any Mumsnet hack, as we don’t collect addresses. The police are investigating both instances.”

Mumsnet is reviewing its security and has asked all users to change their passwords.

UPDATE:

Mumsnet statement

“@DadSecurity also claimed that he had access to Mumsnet user data. Later on 12 August, it became apparent that someone/ones had hacked into some of Mumsnet’s administrative functions, at which point they were able to redirect our homepage to the @DadSecurity Twitter profile page, as well as to edit posts from two users’ account and an MNHQ account on our forums.

“Someone claiming to be the hacker also posted on the thread on which users were discussing the site outage. We immediately locked down all access to our admin functions and reported the attack to the police. We were confident that users’ passwords had not been accessed, because MNHQ doesn’t hold them as plain text; they’re all encrypted, so that no one – not even us – can see them.

“However, over the weekend, a user reported that posts had been made under her name, which weren’t by her, and we spotted two other cases where this had happened. This clearly suggested that the hacker had nonetheless been able to get hold of some users’ passwords.

“Our best guess at this stage (and it is just a best guess) is that this has been done via a form of phishing, in which the hacker creates a fake Mumsnet login page to which users are directed when clicking on our login button. The page would have had a different url but otherwise would look just like the usual page. The hacker would have been able to see passwords in plain text when they were typed in.”

Find out how to protect your website from a DDoS attack here!

Are you all clued up on hacking and viruses? Try our quiz to find out!