Comments on Mumsnet attacks

Recently Barry Scott, CTO EMEA of Centrify, has made several statements on the recent attacks on Mumsnet. He stated:

“It’s both interesting, and alarming, that there’s physical ‘attacks’ going on with
swatting, rather than ‘just’ a cyber attack.

“Mumsnet is a very popular site, so it would be relatively easy to trick some users
into entering their username and password into a fake lookalike site, either by a
phishing attack or maybe automatic redirection by some nasty code injected into the
Mumsnet site. Either way, the user would end up entering their username and password
in good faith on a fake site, where the attacker collects them for use on the
genuine site.

“Mumsnet was caught by Heartbleed in April 2014, so there could be unchanged
credentials that were stolen last year being used now, so it’s possible that the
problems of last year with Heartbleed were not fixed properly.

“The usual rules apply – passwords should be changed regularly, the same ones
shouldn’t be used on Mumsnet and other sites, they should be more complicated than
your child’s or pet’s name, they should use more than just letters and numbers, and
shouldn’t be shared with friends or loved ones. The easiest way to stop this would
be multi-factor authentication, so that when you try and log in, as well as entering
a username and password, you would also need to press a button on your phone to
confirm that it’s actually you logging in. That would mean that even if the password
is stolen, you’d need to lose your phone as well for anyone to be able to log in to
your account.

“It’s a sad but an unfortunate sign of the times that someone, somewhere thinks it’s
worthwhile taking the time to carry out this sort of attack and to waste police
resources in terrifying some poor family.”

Image source: Mumsnet

James Stevenson

Im a Cyber Security enthusiast that loves all things to do with technology. I'm specifically interested in cyber security and ethical hacking.

You may also like...