Mumsnet DDoSed, SWATted, hacked – oh, and change your password, too!

Popular and successful UK website Mumsnet is in the news again.

Mumsnet is a community-oriented site that aims to make parents’ lives easier by pooling knowledge, advice and support.

The site is forthright, though hardly outspoken, on many issues: it won’t take web ads from payday loan companies; it actively opposes companies whose marketing of infant formula it considers too aggressive; and has campaigned with some success, for example against the commercialisation and sexualisation of childhood.

Sadly, this time, things got personal, with both Justine Roberts, the site’s founder, and another Mumsnet user apparently targeted in SWATting attacks.

SWAT is short for Special Weapons and Tactics, and the acronym comes from the United States.

It refers to a specially-trained law enforcement team who step up to deal with situations where a dangerous and potentially lethal confrontation is considered likely.

In contrast, SWATting is the odious behaviour of calling the emergency services and lying in order to create the impression of just such a situation, for example by falsely claiming to have seen armed intruders entering a property.

SWATters may even claim to be in the middle of a hostage situation themselves, giving the address of a person whose life they want not only to disrupt but also to put in harm’s way.

SWAT teams can’t easily ignore hoax calls of this sort, especially if the caller is able to forge the Calling Line Identification (usually known as CLI or Caller ID) signal from their telephone to make it look as though the proposed victim were on the line.

In the UK, where policemen on the beat are not usually issued with “deadly force” weapons, any situation where firearms are known to have
been used, or are considered likely, will usually require the attention of an armed response team.

The armed response team is trained in the use of firearms, and authorised to carry them.

According to Roberts, writing on Mumsnet yesterday:

Site attacks, hackergate and resetting passwords - here's what we know, what we're doing about it and what we think you should do. PLEASE READ!

. . .

An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around. A Mumsnet user who engaged with @DadSecurity on Twitter was warned to "prepare to be swatted by the best" in a tweet that included a picture of a swat team, after which police arrived at her house late at night following a report of gunshots. Needless to say, she and her young family were pretty shaken up. It's worth saying that we don't believe these addresses were gained directly from any Mumsnet hack, as we don't collect addresses. The police are investigating both instances.

As well as two SWATtings, Roberts also reports that the Mumsnet site was hit with a Distributed Denial of Service (DDoS) attack, during which it was deliberately flooded with purposeless traffic aimed at keeping legitimate users from browsing the site.

The same Twitter account, @DadSecurity, apparently claimed responsibility with tweets containing boasts such as “Now is the start of something wonderful”, “RIP Mumsnet”, “Nothing will be normal anymore” and “Our DDoS attacks are keeping you offline.”

Lastly, Roberts admitted that an intruder seemed to have got access to some of the administration functions on the Mumsnet site.

Even though the access acquired by the hacker was limited, Mumsnet has reset everyone’s password.

That means you will need to do a password reset to get back onto the site.

What to do?

Mumsnet’s own advice is as follows:

  • DO reset your Mumsnet password
  • DO make passwords really strong to reduce the risk of them being guessed
  • DO check the URL of any login page to reduce risk of phishing
  • DO verify that https:// is being used on login pages
  • DO use social logins to avoid typing passwords
  • DON’T give out information to any organisations without verifying they are who they say they are

We’ll add three caveats here.

Firstly, if you use “social logins” in order to connect to Mumsnet (or any other site), you will inevitably end up logged in to Mumsnet and your favourite social network at the same time, so please make sure that’s what you want.

We prefer to have individual logins for each “social site” we use, so that we can log in and out of each one independently.

Secondly, when you set out to verify an organisation, whether by email, web or phone, be very careful that you don’t accidentally rely on information that came from the source you are trying to verify.

For example, don’t return a call to a company number given in an email, or even in a phone call. Find an independent source, such as an advert in a newspaper or a contract or invoice that you know came from the company concerned.

Thirdly, be aware that with all Mumsnet users busily resetting their passwords, there will be a lot of “password reset” emails flying around.

Be especially sure to apply all the advice given above when you receive your own password reset email: you could easily receive a bogus email that is believable because it just happens to coincide with the time you clicked that [Request reset] button!

Leave a Reply