Cyber Threat Actor: @DadSecurity

@DadSecurity is an alias used by an individual or group that has been linked to online harassment and disruption activities originating from the United Kingdom. The actor first came to public attention in August 2015 when a Twitter account bearing the handle @DadSecurity claimed responsibility for a distributed denial‑of‑service attack against the parenting website Mumsnet and for a swatting incident targeting the site’s co‑founder, Justine Roberts. The alias appears to be the primary identifier associated with these actions, and no other names or monikers have been publicly attributed to the same entity in the available sources. The actor’s known location is the United Kingdom, although no further geographic detail such as a specific city or region has been disclosed in open reporting.

The targeting observed in the 2015 incident focused on a consumer‑oriented online community and its prominent founder, indicating a focus on platforms that facilitate public discussion rather than on financial institutions, government networks, or critical infrastructure. The strategic objective demonstrated by the actor appears to be disruption and intimidation, as the distributed denial‑of‑service attack rendered the Mumsnet service temporarily unavailable while the swatting attempt provoked an armed police response at the founder’s residence and at another user who had engaged with the actor on social media. The tactics, techniques, and procedures referenced in the reporting include the use of a distributed denial‑of‑service flood to overwhelm web servers and the fabrication of emergency reports to trigger a swatting response; no specific malware families, exploit kits, or tooling styles are described in the source material. Publicly available information does not establish any state sponsorship, affiliation with a known criminal consortium, or ideological alignment for @DadSecurity, and the actor remains unattributed beyond the alias itself.

The most notable publicly reported operation associated with @DadSecurity is the August 2015 campaign against Mumsnet, which combined a denial‑of‑service attack with swatting to cause both service interruption and personal intimidation. This incident stands as the sole documented activity linked to the alias in the open‑source record, and no additional campaigns or recurring patterns have been identified in the sources provided. Consequently, the profile of @DadSecurity is limited to the confirmed facts of its alias, its United Kingdom linkage, the disruptive nature of its observed actions, and the singular Mumsnet incident as the basis for any further understanding of its behavior.