If you thought SWATting – a situation in which armed law enforcement officers such as those in American Special Weapons And Tactics teams – are drawn to an unsuspecting victim’s address by a hoax call was a US thing, reserved for only the most well-known celebrities within the infosec profession, think again.
You don’t need to be Brian Krebs to find yourself on the wrong end of a gun.
Nor do you need to be living in the US it seems.
In a double-whammy reminiscent of Krebs’ experience, Justine Roberts found her hugely popular Mumsnet site knocked off line at around the same time armed officers from the Metropolitan police paid her UK address a visit.
In the first incident, Roberts saw her 7.7 million member site crippled by a DDoS attack reportedly launched by whoever hides behind the now-suspended @DadSecurity Twitter account (if he or she thinks they can’t be caught because they are a hacker, they ought to think again).
In the second, Roberts herself received an unexpected call after someone dialled 999 and said a gunman had been spotted near her home.
Not content with attacks against both Mumsnet and its founder, the alleged attacker then went after another member.
In an email sent to members of the site, Roberts explained:
An armed response team turned up at my house last week in the middle of the night, after reports of an armed man prowling around.
A Mumsnet user who engaged with @DadSecurity on Twitter was warned to ‘prepare to be swatted by the best’ in a tweet that included a picture of a swat team, after which police arrived at her house in the middle of the night following a report of gunshots.
Needless to say, she and her young family were pretty shaken up.
Interestingly, Roberts told Mumsnet subscribers that home addresses were not likely to have been found via the site as “we don’t collect addresses”.
She also said she remained confident that passwords had not been accessed following the 11-12 August DDoS attack (they may well have been last year following Heartbleed though) but offered the following sound advice out as good measure:
DO reset your Mumsnet password
DO make passwords really strong to reduce the risk of them being guessed
DO check the URL of any login page to reduce risk of phishing
DO verify that https:// is being used on login pages
DO use social login to avoid typing passwords
DON’T give out information to any organisations without verifying they are who they say they are
Instead, it appears the hacker may well have acquired data by phishing for it via a fake login page which ultimately may have led to as many as 11 accounts becoming compromised.
So what can we learn from this story?
Several things it seems –
- Swatting has just become a ‘thing’ here in the UK
- Even a big site like Mumsnet – which has 14 million+ visitors per month – can be susceptible to a DDoS attack
- Phishing is still rife and people do fall for fake login pages
- A determined hacker will find a way to attack you or your site, even more so if you make it easy for them
- There are some pretty messed up people out there
What have you done to defend yourself, your website and your business from those who would do you harm, or at least put you in harm’s way?