LulzSec warns NHS of security flaws

gallery

Hacking group LulzSec sent an email to the NHS this week warning the public body about flaws in its IT infrastructure.

LulzSec, which claimed to be behind a recent hit on Sony, said it had obtained passwords of IT administrators and emailed the NHS about what it took “months ago.”

“While you aren’t considered an enemy, your work is of course brilliant – we did stumble upon several of your admin passwords,” LulzSec said in the email.

“We mean you no harm and only want to help you fix your tech issues.”

The Department of Health (DoH) said the issue only affected “a very small number of website administrators,” noting no patient information had been compromised.

"No national NHS information systems have been affected,” a Department of Health spokesperson told the BBC.

“The Department has issued guidance to the local NHS about how to protect and secure all their information assets.”

LulzSec, which calls itself a group of “pirate ninjas,” has upset a number of corporations recently, in particular Sony, Nintendo and FBI affiliate Infragard.

In the latter case, LulzSec targeted one Infragard user in particular – Karim Hijazi, chief executive of private botnet monitoring service Unveillance.

LulzSec claimed Hijazi offered to pay the hacking collective “to eliminate his competitors through illegal hacking means” in return for its silence.

Hijazi said he had been threatened by LulzSec and asked to provide money and botnet information to the collective.

In a back and forth exchange between the two parties, LulzSec claimed it was attempting to do good, while Hijazi alleged the group was in it for extortion.

Email to a friend

Print this page