Mumsnet founder 'swatted by misogynist griefers'
@DadSecurity creep responsible for DDoS... and swatting?
Update Mumsnet founder Justine Roberts and another user were both targeted in swatting attacks at the apex of a series of hack attacks that may have led to the compromise of user logins at the high-profile, UK-based parenting site.
Swatting involves making an emergency call to the police claiming that a crime is taking place at the house of the intended victim, in order to get them to send an armed response team to the address. Phone numbers are generally spoofed in order to carry out the dangerous and illegal tactic, which has been used by black hat hackers in various scenarios for years.
Roberts fell victim to just such an attack in the middle of the night last week as part of an escalating series of varied assaults that began around a week ago, initially with DDoS attacks against the Mumsnet parenting site.
Unknown individuals behind a Twitter profile, @DadSecurity, claimed responsibility for the initial DDoS. Mumsnet suspects that the same group is also behind the swatting attack against Roberts and another Mumsnet user, as well as the redirection of Mumsnet's homepage to the @DadSecurity Twitter profile page (the account was suspended as of Tuesday evening).
The appearance of rogue posts on Mumsnet user forums over the weekend fuelled concerns that hackers had got hold of some users' passwords, possibly through a phishing attack. Mumsnet passwords have been reset as a precaution.
"We have no way of knowing how many Mumsnetters were affected. So far we have evidence of 11 user accounts being hacked, but it's an ongoing investigation," a post on the incident to Mumsnet forums explains. "Those users have been informed, and their passwords have been reset. We think it prudent, however, that everyone reset their passwords."
Armed with a password and login, a hacker would have been able to see the data on Mumsnetters' profiles – email addresses, Mumsnet inbox, and users' postcode (if supplied to the site in the first place).
Mumsnet does not think the breach leaked data subsequently used to swat victims. "We don't believe these addresses were gained directly from any Mumsnet hack, as we don't collect addresses," it said.
@DadSecurity stands accused of a hacking rampage fuelled by deep contempt of Mumsnet and alleged misogyny. ®
Mumsnet has published a timeline showing the sequence of the events and their consequences.
It also confrmed that the DDoS attacks on the site had been reported to the police's National Fraud Intelligence Bureau.