This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/news/technology-33985706
The article has changed 6 times. There is an RSS feed of changes available.
| Version 3 | Version 4 |
|---|---|
| Mumsnet's co-founder suffers 'swatting attack' | Mumsnet's co-founder suffers 'swatting attack' |
| (35 minutes later) | |
| Mumsnet has reset its users' passwords after a series of attacks, one of which involved armed police being called out to the London home of the parenting site's co-founder. | |
| Justine Roberts said she suffered a "swatting attack" last Tuesday - a type of harassment in which a perpetrator calls the emergency services out to their victim on a false pretence. | Justine Roberts said she suffered a "swatting attack" last Tuesday - a type of harassment in which a perpetrator calls the emergency services out to their victim on a false pretence. |
| She added that another member of the site had been similarly targeted. | She added that another member of the site had been similarly targeted. |
| Some accounts have been hijacked. | Some accounts have been hijacked. |
| Ms Roberts also disclosed that someone had managed to hack into the site's administrative functions. | Ms Roberts also disclosed that someone had managed to hack into the site's administrative functions. |
| Additionally, she revealed that there had been an attempt to force Mumsnet offline by swamping it with internet traffic, in what is known as a distributed denial of service (DDoS) attack. | Additionally, she revealed that there had been an attempt to force Mumsnet offline by swamping it with internet traffic, in what is known as a distributed denial of service (DDoS) attack. |
| A spokeswoman from the Metropolitan Police was unable to comment on the swatting attack. | A spokeswoman from the Metropolitan Police was unable to comment on the swatting attack. |
| However, a Twitter account linked to the incident, called DadSecurity, has been suspended. | However, a Twitter account linked to the incident, called DadSecurity, has been suspended. |
| A spokeswoman for Mumsnet said it currently had 7.7 million members. | A spokeswoman for Mumsnet said it currently had 7.7 million members. |
| Swat attacks | Swat attacks |
| Ms Roberts - who is married to BBC Newsnight editor Ian Katz - wrote about the hoax call-outs on one of Mumsnet's forums. | Ms Roberts - who is married to BBC Newsnight editor Ian Katz - wrote about the hoax call-outs on one of Mumsnet's forums. |
| "An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around," she wrote. | "An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around," she wrote. |
| "A Mumsnet user who engaged with @DadSecurity on Twitter was warned to 'prepare to be swatted by the best' in a tweet that included a picture of a Swat team, after which police arrived at her house late at night following a report of gunshots. | "A Mumsnet user who engaged with @DadSecurity on Twitter was warned to 'prepare to be swatted by the best' in a tweet that included a picture of a Swat team, after which police arrived at her house late at night following a report of gunshots. |
| "Needless to say, she and her young family were pretty shaken up. | "Needless to say, she and her young family were pretty shaken up. |
| "It's worth saying that we don't believe these addresses were gained directly from any Mumsnet hack, as we don't collect addresses." | "It's worth saying that we don't believe these addresses were gained directly from any Mumsnet hack, as we don't collect addresses." |
| The tweets by the DadSecurity account are now offline, but the BBC can confirm it repeatedly posted "RIP Mumsnet" and claimed to have stolen data from the site. | The tweets by the DadSecurity account are now offline, but the BBC can confirm it repeatedly posted "RIP Mumsnet" and claimed to have stolen data from the site. |
| Login redirect | Login redirect |
| Ms Roberts also provided details of other attacks including: | Ms Roberts also provided details of other attacks including: |
| Ms Roberts added that there was evidence that at least 11 accounts had been hacked, but warned that many more could be affected. | Ms Roberts added that there was evidence that at least 11 accounts had been hacked, but warned that many more could be affected. |
| "It's a reasonable assumption, and our working one, that the passwords of everybody that has logged since 6 August 2015, and possibly some time before that, have been collected," she wrote in a follow-up post. | "It's a reasonable assumption, and our working one, that the passwords of everybody that has logged since 6 August 2015, and possibly some time before that, have been collected," she wrote in a follow-up post. |
| Mumsnet has yet to determine how the hacks were carried out, but one theory is that a "cross site scripting" (XSS) attack was involved, in which code would have been added to Mumsnet's site to redirect the login process to computers controlled by the attacker. | Mumsnet has yet to determine how the hacks were carried out, but one theory is that a "cross site scripting" (XSS) attack was involved, in which code would have been added to Mumsnet's site to redirect the login process to computers controlled by the attacker. |
| That way the hacker would have been able to harvest the passwords of people as they typed them in. | That way the hacker would have been able to harvest the passwords of people as they typed them in. |
| Ms Roberts said Mumsnet itself stored users' passwords in a "high strength" encrypted form, so doubted its own database had been cracked. | Ms Roberts said Mumsnet itself stored users' passwords in a "high strength" encrypted form, so doubted its own database had been cracked. |
| As a precautionary measure, all the site's users will have to create new passwords to access their accounts. | As a precautionary measure, all the site's users will have to create new passwords to access their accounts. |
| In addition, members are being asked to check that the page they log in on uses a specific address - https://www.mumsnet.com/session/login. | In addition, members are being asked to check that the page they log in on uses a specific address - https://www.mumsnet.com/session/login. |
| "It's challenging to build a website that can stand up to a determined attacker, while still being cost-effective to run and easy to use," commented security expert Dr Steven Murdoch from University College London. | "It's challenging to build a website that can stand up to a determined attacker, while still being cost-effective to run and easy to use," commented security expert Dr Steven Murdoch from University College London. |
| "These types of incident will keep on happening, so this is a good reminder to not use the same password on multiple websites and be cautious about what information you give out online." | "These types of incident will keep on happening, so this is a good reminder to not use the same password on multiple websites and be cautious about what information you give out online." |