September 8, 2015
A major website in the United Kingdom was hit with a distributed denial of service attack, followed up with a hoax call summoning police to the home of a top executive. The attackers claim that the site’s users hate fathers.
Justine Roberts, cofounder of UK peer-to-peer parenting site Mumsnet, has been the subject of a vicious Web attack and is probably not sleeping easily these days. Police officers showed up at her house, knocking on the door with weapons drawn, in response to a call that someone was running around the property with a gun.
The hoax call, an act of criminal mischief called “swatting,” was started by the people behind the Twitter name @DadSecurity, the soapbox for a group (a branch of Anonymous) who said that they were perpetrating a distributed denial of service (DDoS) deluge against the website so that customers could not use it.
Roberts, who is the website’s CEO, explained in a post on its blog that Mumsnet had undergone the DDoS attack starting late on August 11. The company’s servers were hit with a massive volume of requests, as is the nature of DDoS, so the amount of resources required to keep the site online shot through the roof. The site went down until the following morning, when it was successfully up and running – having seemingly rooted out the problem.
While the website was struggling to stay alive, the Twitter user @DadSecurity said it was behind the assault, announcing http://thenextweb.com/insider/2015/08/19/armed-police-turn-up-at-mumsnet-co-founders-house-after-ddos-and-swatting-attacks/ in various posts on Twitter, “Now is the start of something wonderful … RIP Mumsnet … Nothing will be normal anymore … Our DDoS attacks are keeping you offline.” (This was not one lone actor but a team of people, as indicated below.)
Unfortunately, the problem wasn’t just that they were behind the IT attack and false-emergency swatting. They also said that they had administrative control over the site, which was at least partially true. They sent people who were trying to visit Mumsnet to the Twitter page of @DadSecurity and edited posts from the accounts of users.
The company responded immediately by shutting down the ability to get into the site’s administration panels. They also called the police. They were glad they had invested in protections for user data, explained Roberts. “We were confident that users’ passwords had not been accessed, because MNHQ doesn’t hold them as plain text,” she said. “[T]hey’re all encrypted, so that no one – not even us – can see them.”
Even though Mumsnet took what it thought to be extreme defensive maneuvers, users continued to have problems for the next few days, with posts being created from several people’s accounts by intruders.
The company believes that the false posts occurred because of phishing emails that fraudulently populated a sham Mumsnet login screen, instructing recipients to update their passwords for security (and that was actually sending that password information to the attackers so that they could access the accounts).
DadSec, which is a branch of Anonymous that advocates for fathers, said that they attacked Mumsnet for what they viewed to be a general anti-father attitude in the community.
It is not immediately clear why the swatting attack by DadSec, aka DadSecurity, was aimed at Justine Roberts while the company’s other cofounder, Carrie Longton, was spared.
The UK’s Mirror newspaper spoke with a man from the United States who said that he was part of the Anonymous subgroup that includes more than 100 people.
“[M]y politics are very much involved in this raid,” said http://www.mirror.co.uk/news/technology-science/technology/mumsnet-hacker-speaks-out-we-6285082 the supposed DadSecurity representative. “We have seen a lot of anti-father hate written by Mumsnet members, so we decided to launch an attack.”
The hacker interviewed by the Mirror said that he did not have children. Some members of the group are thought to be in ongoing custody disputes with ex-wives.
Roberts responded that the idea of Mumsnet being anti-father was ludicrous, that the site was fundamentally about spreading information to parents, regardless their sex. She did note that most of the people who used the site were women just based on interest in the subject matter.
“Our site offers a space where largely women speak freely about the issues that matter to them and offer advice and support to each other,” she said. “We’ve found that some mens’ groups in particular seem to have a problem with that.”
It is believed the idea to go after Mumsnet was hatched on 4Chan, a common gathering-place for hackers.
Along with the DDoS attack, swatting, and false comments, DadSec also hijacked the Twitter account of a UK government worker and father, using it to spread their message.
Do you need sophisticated DDoS protection? Nexusguard DDoS+ Protection provides comprehensive, professional and cost-effective protection against the most potent denial of service attacks. Get Started. https://www.nexusguard.com/services/ddos-protection.php
