LulzSec gives security advice to British National Health Service

LulzSec – the hacking group behind the recent attacks on Sony and Nintendo – demonstrated its cuddly side this week.

The group sent the  British National Health Service (NHS) a letter warning that it’s found security vulnerabilities in NHS computer systems.

“While you aren’t considered an enemy – your work is of course brilliant – we did stumble upon several of your admin passwords.”

But on its Twitter account, it says: “And no, we never planned to exploit those passwords. We sit on admin passwords for many things. It’s kind of like a lulz collection.”

The Department of Health has played down the vulnerability, saying it related to a very small number of network administrators in just one of the country’s 150 Primary Care Trusts. Patient records weren’t compromised, it says, and no national systems were affected.

That’s confirmed by LulzSec: “Subdomain NHS access compromised 5 core admins and contact info of several affiliates. Luckily they stored nothing of importance on that DB,” it says.

The group was apparently inspired by the case of Alice Pyne, a 15-year-old with terminal bone-marrow cancer – which explains the otherwise incomprehensible suggestion in the email that it hopes “little girls feast on the bones of many giving souls”.

The whole affair is a marked contrast to the group’s other activities. In the last few weeks, it’s been responsible for major attacks on Sony, Nintendo and InfraGard, which works with the FBI.