News has broken that Mumsnet has reset its users’ passwords after a series of attacks, one of which involved armed police being called out to the London home of the parenting site’s co-founder. Hacker gained access to the site’s administrative functions and hijacked some accounts. There had also been an attempt to force Mumsnet offline by swamping it with internet traffic, in a distributed denial of service (DDoS) attack. Security experts from ESET, Imperva and Proofpoint have the following comments.
[su_note note_color=”#ffffcc” text_color=”#00000″]Igal Zeifman, Senior Digital Strategist at Imperva :
“According to news reports the attack peaked at 17,000 requests per second. While significant, compared to the regular amount of traffic, this is still considered a mid-sized application layer DDoS attack that could have been easily mitigated with adequate DDoS protection.
To put this in context, largest application layer attack we saw last quarter peaked at over 179,000 request per second, with even a single hijacked computer able to spew out several thousand request a second.”[/su_note][su_note note_color=”#ffffcc” text_color=”#00000″]Kevin Epstein, VP Advanced Security and Governance at Proofpoint :
“Swatting is where a false report of an active threat at a victim’s address is made to the police, to provoke an active armed response. This is traumatic at best, potentially dangerous at worst to the victim, who the police must recognize as distinct from a potential target. Swatting is a crossover point between cyber- and real-world threat; to ‘swat’ someone, an attacker must have details of the victim’s physical address and life – and in this case it appears such may have been taken from internal records. Statistically such a compromise is quite likely to have been driven by an email phishing based campaign. Sadly, we’ve reached a point in cyberattacks where clicking on the wrong email can result in your facing the wrong side of an armed response officer, in physical jeopardy.”[/su_note][su_note note_color=”#ffffcc” text_color=”#00000″]Mark James, Security Specialist at IT security firm ESET :
“The internet is full of great things and sadly lots of bad. Account hacking and DDoS attacks can cause serious problems to websites when they are the targets. When sites get attacked in this way it’s important that the owners take action as soon as possible to protect the users’ details. Resetting passwords as a default option is a good start and then letting the users know what’s going on so they can take any extra precautions shows a good approach in protecting that valuable data. It’s important to run thorough checks on all the systems once compromised to ensure no long term malware has been injected for future use and then looking at how the incident took place in the first place, making sure systems are updated and patched to stop any potential future attacks succeeding.
Swatting is when someone calls the emergency service to respond to a critical incident that does not exist (firearms, drugs etc). It involves sending in the “swat” team to someone’s home or business usually during unsociable hours to cause as much inconvenience as possible. This can go hand in hand with harassment campaigns and is often very distressing for all concerned.”[/su_note]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.