Teenager charged over Mumsnet hack and DDoS attack

mumsnet-hack-623x425-623x425

An 18-year-old man has been charged by British police in connection with an internet attack that saw Mumsnet hacked, users’ accounts breached, passwords stolen, and the site blasted offline.

David Gerrard Buchanan, 18, from Haslemere, Surrey, was charged by the Metropolitan Police’s Cyber Crime Unit (MPCCU) with two counts under section 1 of the Computer Misuse Act 1990 and one count under section 3, in connection with attacks last year against the immensely popular British parenting website.

During the attacks, described by WeLiveSecurity at the time, an unauthorised party managed to break into Mumsnet servers and exploit admin privileges to redirect the site to a (now defunct) Twitter account called @DadSecurity. @DadSecurity was posting messages like:

“Now is the start of something wonderful”
“RIP Mumsnet”
“Nothing will be normal anymore”
“Our DDoS attacks are keeping you offline”

No popular website likes to be knocked offline by a distributed denial-of-service (DDoS) attack, of course. But things became particularly unpleasant and dangerous when the internet threat became physical in the form of a ‘swatting’ attack.

Mumsnet co-founder Justine Roberts and a Mumsnet user who had bravely confronted @DadSecurity online found that hackers had tricked armed police units into raiding their homes.

Roberts described the terrifying experience of being ‘swatted’ in a message to Mumsnet users:

An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around. A Mumsnet user who engaged with @DadSecurity on Twitter was warned to “prepare to be swatted by the best” in a tweet that included a picture of a swat team, after which police arrived at her house late at night following a report of gunshots. Needless to say, she and her young family were pretty shaken up.

In my opinion, MumsNet responded well to the breach – being transparent with users about what was happening, telling them to reset their passwords, and warning of the dangers of phishing attacks. They also called in external experts to advise on how they could best strengthen their security systems, and invited me in to answer computer security questions from their users. 🙂

Buchanan is due to appear at Guildford Magistrates’ Court on June 7.

The Met Police says that it has eliminated from its inquiries two 17-year-old boys who it had interviewed under caution, but is continuing to investigate the attacks. Anyone with information is encouraged to contact police directly or anonymously via CrimeStoppers.

by Graham Cluley, ESET We Live Security


One thought on “Teenager charged over Mumsnet hack and DDoS attack

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s