NHS passwords undergo LulzSec examination Derek Parkinson le 10 June 2011 - 12:46, inside Threats & Alerts Leave a comment Tweet The NHS is the latest organisation to receive a diagnosis of security ailments by LulzSec after the hacker collective gained possession of passwords for five NHS administrator accounts. LulzSec informed the NHS of which accounts were compromised in an email which it subsequently published online in redacted form. The NHS has responded by saying that no patient information has been compromised and that no national NHS information systems have been affected, an assessment the hackers appear to agree with. “Subdomain NHS access compromised 5 core admins and contact info of several affiliates. Luckily they stored nothing of importance on that DB,” LulzSec said via its Twitter feed. “We mean you no harm and only want to help you fix your tech issues,” it said. The somewhat obscure “hope that little girls feast on the bones of many giving souls” appears to be a reference to a ‘bucket list’ that has gone viral on the internet, having been published by Alice Pyne, a 15 year-old girl from Cumbria battling Hodgkin’s lymphoma. Among her hopes, Alice says she would like more people to become bone marrow donors. Embarrassingly for the NHS, an internal memo about the Lulzsec incident appears to have been leaked online, published on the Pastebin website. The Technical Security Briefing, dated 9 June, provides guidance on password security and public-facing websites. “Particular attention should be paid to the ‘OWASP Top Ten’ of web application vulnerabilities,” it says. Lulzsec members are thought to have been involved in the notorious breaches of security suffered by Sony, and more recently Infragard, a partnership between the FBI and industry. UPDATE: The Department of Health responded as follows: “This is not a leaked internal memo. It is guidance which is publicly available throughout the NHS…This is a local issue affecting a very small number of website administrators. No patient information has been compromised. No national NHS information systems have been affected. The Department has issued guidance to the local NHS about how to protect and secure all their information assets.” Did you like this article? If yes, please click the LIKE button and share it with your friends! Express yourself! Start or join the discussion! Leave a comment Virgin acts on SOCA tip-off about SpyEyeWhy injection attacks will be with us for a while yetDigiNotar breach - roundup of evidence about extent and targets
