Teenager charged over Mumsnet hack and DDoS attack

An 18-year-old man has been charged by British police in connection with an internet attack that saw Mumsnet hacked, users’ accounts breached, passwords stolen, and the site blasted offline.

David Gerrard Buchanan, 18, from Haslemere, Surrey, was charged by the Metropolitan Police’s Cyber Crime Unit (MPCCU) with two counts under section 1 of the Computer Misuse Act 1990 and one count under section 3, in connection with attacks last year against the immensely popular British parenting website.

During the attacks, described by WeLiveSecurity at the time, an unauthorised party managed to break into Mumsnet servers and exploit admin privileges to redirect the site to a (now defunct) Twitter account called @DadSecurity. @DadSecurity was posting messages like:

“Now is the start of something wonderful”
“RIP Mumsnet”
“Nothing will be normal anymore”
“Our DDoS attacks are keeping you offline”

No popular website likes to be knocked offline by a distributed denial-of-service (DDoS) attack, of course. But things became particularly unpleasant and dangerous when the internet threat became physical in the form of a ‘swatting’ attack.

Mumsnet co-founder Justine Roberts and a Mumsnet user who had bravely confronted @DadSecurity online found that hackers had tricked armed police units into raiding their homes.

Roberts described the terrifying experience of being ‘swatted’ in a message to Mumsnet users:

An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around. A Mumsnet user who engaged with @DadSecurity on Twitter was warned to “prepare to be swatted by the best” in a tweet that included a picture of a swat team, after which police arrived at her house late at night following a report of gunshots. Needless to say, she and her young family were pretty shaken up.

In my opinion, MumsNet responded well to the breach – being transparent with users about what was happening, telling them to reset their passwords, and warning of the dangers of phishing attacks. They also called in external experts to advise on how they could best strengthen their security systems, and invited me in to answer computer security questions from their users. :)

Buchanan is due to appear at Guildford Magistrates’ Court on June 7.

The Met Police says that it has eliminated from its inquiries two 17-year-old boys who it had interviewed under caution, but is continuing to investigate the attacks. Anyone with information is encouraged to contact police directly or anonymously via CrimeStoppers.

Author Graham Cluley, We Live Security

Follow us

Copyright © 2016 ESET, All Rights Reserved.