Mumsnet hack: Pressure group Fathers4Justice condemns cyber attack on parenting forum

Mumsnet was forced offline by a distributed denial of service (DDoS) attack launched by DadSecurity

Adam Sherwin
Wednesday 19 August 2015 15:16
The parenting website Mumsnet claims to have 1.5 million registered members
The parenting website Mumsnet claims to have 1.5 million registered members

The pressure group Fathers4Justice has condemned a cyber-attack on Mumsnet, which led to armed police being called to the home of the parenting site’s co-founder after a hacking group made a hoax call.

Fathers4Justice said it had no connection to the “swatting” attack, perpetrated by a hacking group using the Twitter name @DadSecurity, which appeared to be pursuing a misogynist agenda.

Mumsnet, which receives 14m visits a month to its parenting forum, was forced offline by a distributed denial of service (DDoS) attack launched by DadSecurity, which posted the passwords of 3,000 users online and posted Tweets including “RIP Mumsnet”.

Justine Roberts, Mumsnet co-founder, said that an armed response team turned up at her house in the middle of the night, after reports of a gunman prowling around following an anonymous 999 call.

Police were told that a woman had been murdered at the Islington address which Ms Roberts shares with her husband, Newsnight editor Ian Katz.

Ms Roberts said that another member of the site had been similarly targeted for the “swatting” attack, which she said was perpetrated by “sinister bullies” seeking to undermine a “female-dominated space on the internet.”

“Swatting” takes its name from the militarised Special Weapons and Tactics (Swat) units called to deal with armed incidents. Popularised by computer gamers, the prank involves a malicious call made to the police in the hope of having an armed response team sent to the target’s home.

Mumsnet, founded in 2000, has previously been criticised by fathers’ groups that claim it has pursued an “anti-male agenda”. But Fathers4Justice, which has campaigned against the forum, condemned the cyber-attack.

“Fathers4Justice can confirm that they have no connection or contact with this group and unreservedly condemn these actions which have no place in a movement campaigning for loving fathers who are struggling to see their children,” the organisation said.

The Metropolitan Police said it had yet to identify any suspects for the attack. A spokesman said: “Police were called at approximately 00:15hrs on Tuesday, 11 August to a residential address in Islington, following a report that a man had murdered a woman at the address.

“This was followed by a second call during which the caller stated he had members of his family held in a room. This call was assessed as requiring a firearms response.”

“Local officers and firearms officers attended the address and carried out an assessment. Two people resident at the address were spoken to. The incident was treated as a hoax and the police response explained to those at the address.”

Ms Roberts said she had been away but the family’s au pair was at the residence and had been “terrified” by the incident. She called on the police to take action against the perpetrators of the hoax. The Met said it had received no complaint, although its enquiries were continuing.

After being forced off Twitter the hacking group returned under the name DadSec and announced that it had published 3,000 Mumsnet members’ passwords. “This was only possible because one of our members is a mod (moderator) of Mumsnet. This member would like to remain anonymous,” the group said, promising that the original cyber-attack “was only the start.” The group did not reveal the motivation behind its attacks.

Ms Roberts said all Mumsnet’s 7.7m users would be required to change their passwords after the attack, which resulted in a number of fake messages posted under member’s names.

The Mumsnet site could have been hit by a “cross site scripting” (XSS) attack, in which code would have been added to Mumsnet's site to redirect the login process to computers controlled by the attacker.

A DDoS attack involves a website being so inundated with access requests that its servers cannot cope and it temporarily goes offline.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in