What’s to hate about Mumsnet? The site is the UK’s largest forum for, you guessed it, mums (and parents in general) who come to it to discuss everything from childcare to finances and health. But last week, the site went under completely after an attack from an anonymous user.
According to a post from founder Justine Roberts on the site today, the site went offline last Tuesday following a denial of service (DDoS) attack, a common tactic used to take down a website by bombarding its servers with access requests.
A Twitter user, “@DadSecurity” (which suggests the user was male), was quick to claim credit for the attack. The account has now been removed, but the Mumsnet post reports that @DadSecurity tweeted “RIP Mumsnet”, “Nothing will be normal anymore”, and “Our DDoS attacks are keeping you offline” during the attacks. On Twitter, other users were mostly bemused: “What’s the agenda? Why parenting site?” asked one, while another predicted @DadSecurity would never make it into hacking collective Anonymous by “picking on a site which supports and helps”.
The trouble didn’t end there. Roberts also says in the blogpost that she believes the same user “Swatted” both her and a Mumsnet user – a practice through which trolls report a crime at a victim’s house to police, so they’re visited by an armed response team. Here’s what she says happened:
An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around. A Mumsnet user who engaged with @DadSecurity on Twitter was warned to “prepare to be swatted by the best” in a tweet that included a picture of a swat team, after which police arrived at her house late at night following a report of gunshots. Needless to say, she and her young family were pretty shaken up. It’s worth saying that we don’t believe these addresses were gained directly from any Mumsnet hack, as we don’t collect addresses. The police are investigating both instances.”
This is particularly mysterious as Mumsnet doesn’t collect users’ home addresses, so it’s unclear how @DadSecurity (or whoever the swatter was) traced both women.
Roberts also warned that some user passwords were compromised during the attack, despite the fact that the site encrypted them. It’s possible that the hacker created a “phishing page”, a fake login page which pops up when users click the “login” button and harvests their details. The site has reset all user passwords so any collected by the hacker will now be useless.
Late last night, 3,000 Mumsnet passwords were posted on 4Chan, an online forum, so users should make sure to change their passwords to any other accounts which used the same login or password.
We also spoke to Justine Roberts this morning, who says that the site has been attacked in the past by men keen to undermine a female-dominated space:
Mumsnet has periodically come under attack from a mixture of people who think it’s quite amusing, in a sort of “let’s upset our mother” kind of way, and people with a more sinister agenda for attacking a female-dominated space on the internet – for whatever reason they’re not overly keen on women interacting and supporting each other.
It’s upsetting and irritating but also very sad. Mumsnet is the sort of site where people are getting an awful lot of support form each other, and some of our users are in quite serious situations. It’s a shame that those are the people being targetted when there are some truly evil people in the world you could spend your energy targetting.”
She also says that either @DadSecurity or one of his followers tweeted that Mumsnet users should get “back to the kitchen” during last week’s attacks, though the Tweet is no longer visible. @DadSecurity’s account was removed from Twitter, though Roberts says the user has surfaced again under a new handle: “We have reason to believe they are still active, and the police haven’t found them yet.”
Fathers For Justice has accused Mumsnet of an “anti-male agenda” in the past, and while there’s no evidence that the attack is linked to the group, the use of “Dad” in @DadSecurity’s Twitter handle implies that the user may share the organisation’s views.