Mumsnet Seeks to Boost Security after Spate of Attacks

Popular parenting website Mumsnet suffered a fresh wave of distributed denial of service (DDoS) attacks this week, prompting the site to take further steps to improve its security.

After both cyber and swatting attacks against the site and its members earlier in August, the attackers, who apparently use the now-suspended @DadSecurity Twitter handle, have redoubled their efforts.

Mumsnet issued a statement online following a series of outages on Monday and Tuesday this week.

“We were hit by another denial of service attack which meant we were offline until this morning,” Mumsnet wrote on Tuesday. “As soon as we got back up we were attacked again.

“This attack was double the size of the previous one and was distributed across many servers but we have no reason to believe that any security breaches occurred, the intention was to take the site offline rather than to hack into it.”

As part of the earlier attacks on Mumsnet, hackers dumped log-in credentials of around 3000 users online, and multiple comments on the site were reported to have been made through hacked accounts. Mumsnet responded by enforcing a password change on all of its users and issued advice on strong password construction.

Today, the site issued another statement explaining it is taking further measures to enhance its security:

“In the wake of the recent hacking and DDoS attacks, we've been considering the security of entry points to Mumsnet. Because the current Talk app uses http, rather than https, we can't guarantee it is 100% secure, so we've taken it offline.

“We've been developing a new iOS app using https for a while and we'll be launching it in a few weeks' time. We hope to follow this up with an Android app in due course. In the meantime, though, we'd suggest app users move over to our mobile site. Sorry for the inconvenience.”

It seems the site has taken security to heart after its shortcomings were highlighted through recent attacks. Indeed, Mumsnet has received praise from security experts for the manner in which it has handled the attacks. It has provided detailed FAQs and updates offering information and advice to worried users, meanwhile demonstrating a desire to enhance its security across the board.

In response to the recent DDoS attacks, Arbor Networks chief security technologist, Darren Anstee, said: “The best-practice defense against DDoS is a layered solution compromising a cloud and ISP-based DDoS protection service, which has the capability to stop high-magnitude attacks, combined with an always-on on-premise solution, to deal proactively with even the most stealthy and sophisticated attacks.”

What’s Hot on Infosecurity Magazine?