Support 100 years of independent journalism.

  1. Science & Tech
18 August 2015updated 19 Aug 2015 9:35am

A troll hacked Mumsnet and sent armed police to founder’s house

An anonymous Twitter user has claimed responsibility for an attack on the site last week and two police callouts to Mumsnetters' homes -  but no one knows why they did it. 

By Barbara Speed

What’s to hate about Mumsnet? The site is the UK’s largest forum for, you guessed it, mums (and parents in general) who come to it to discuss everything from childcare to finances and health. But last week, the site went under completely after an attack from an anonymous user. 

According to a post from founder Justine Roberts on the site today, the site went offline last Tuesday following a denial of service (DDoS) attack, a common tactic used to take down a website by bombarding its servers with access requests. 

A Twitter user, “@DadSecurity” (which suggests the user was male), was quick to claim credit for the attack. The account has now been removed, but the Mumsnet post reports that @DadSecurity tweeted “RIP Mumsnet”, “Nothing will be normal anymore”, and “Our DDoS attacks are keeping you offline” during the attacks. On Twitter, other users were mostly bemused: “What’s the agenda? Why parenting site?” asked one, while another predicted @DadSecurity would never make it into hacking collective Anonymous by “picking on a site which supports and helps”. 

The trouble didn’t end there. Roberts also says in the blogpost that she believes the same user “Swatted” both her and a Mumsnet user – a practice through which trolls report a crime at a victim’s house to police, so they’re visited by an armed response team. Here’s what she says happened: 

An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around. A Mumsnet user who engaged with @DadSecurity on Twitter was warned to “prepare to be swatted by the best” in a tweet that included a picture of a swat team, after which police arrived at her house late at night following a report of gunshots. Needless to say, she and her young family were pretty shaken up. It’s worth saying that we don’t believe these addresses were gained directly from any Mumsnet hack, as we don’t collect addresses. The police are investigating both instances.”

Sign up for The New Statesman’s newsletters Tick the boxes of the newsletters you would like to receive. A weekly newsletter helping you fit together the pieces of the global economic slowdown. Quick and essential guide to domestic and global politics from the New Statesman's politics team. The New Statesman’s global affairs newsletter, every Monday and Friday. The best of the New Statesman, delivered to your inbox every weekday morning. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.

This is particularly mysterious as Mumsnet doesn’t collect users’ home addresses, so it’s unclear how @DadSecurity (or whoever the swatter was) traced both women. 

Content from our partners
Small businesses can be the backbone of our national recovery
Railways must adapt to how we live now
“I learn something new on every trip"

Roberts also warned that some user passwords were compromised during the attack, despite the fact that the site encrypted them. It’s possible that the hacker created a “phishing page”, a fake login page which pops up when users click the “login” button and harvests their details. The site has reset all user passwords so any collected by the hacker will now be useless.

Update 19/8:

Late last night, 3,000 Mumsnet passwords were posted on 4Chan, an online forum, so users should make sure to change their passwords to any other accounts which used the same login or password.

We also spoke to Justine Roberts this morning, who says that the site has been attacked in the past by men keen to undermine a female-dominated space:

Mumsnet has periodically come under attack from a mixture of people who think it’s quite amusing, in a sort of “let’s upset our mother” kind of way, and people with a more sinister agenda for attacking a female-dominated space on the internet – for whatever reason they’re not overly keen on women interacting and supporting each other.

It’s upsetting and irritating but also very sad. Mumsnet is the sort of site where people are getting an awful lot of support form each other, and some of our users are in quite serious situations. It’s a shame that those are the people being targetted when there are some truly evil people in the world you could spend your energy targetting.”

She also says that either @DadSecurity or one of his followers tweeted that Mumsnet users should get “back to the kitchen” during last week’s attacks, though the Tweet is no longer visible. @DadSecurity’s account was removed from Twitter, though Roberts says the user has surfaced again under a new handle: “We have reason to believe they are still active, and the police haven’t found them yet.” 

Fathers For Justice has accused Mumsnet of an “anti-male agenda” in the past, and while there’s no evidence that the attack is linked to the group, the use of “Dad” in @DadSecurity’s Twitter handle implies that the user may share the organisation’s views.