Posted: June 17, 2011 Filed under: Rant, Technology, WTF | Tags: IT Administrators, LulzSec, NHS, Pathetic, Security, Top Level Management
It’s hard to ignore the shear uprising of hacking related activity in the past weeks. PlayStation Network being the most notable, being crippled for a month and disabling online activity for many millions of PlayStation 3 units around the world. Then came the onslaught of Sony’s other websites and networks.
Then came the rest of the attacks. Let’s take a quick rundown of the hacking that has taken place by LulzSec over the past month:
- Fox.com (user passwords stolen)
- Sony Music Japan
- PBS (user passwords stolen)
- Sony Pictures (user information)
Just yesterday, LulzSec have published 20,000 email addresses and passwords to the public, giving the average user access details to Facebook accounts, GMail accounts, PayPal to name just a few… these are the type of people we are dealing with here.
The NHS was recently sent an email from LulzSec
(click the link to the left to view) regarding discovered security holes in their network – and the NHS turned them away when they wanted to help.
While you aren’t considered an enemy – your work is of course brilliant – we did stumble upon several of your admin passwords
LulzSec go on to say:
We mean you no harm and only want to help you fix your tech issues
In a response from the NHS:
This is a local issue affecting a very small number of website administrators. No patient information has been compromised. No national NHS information systems have been affected. The Department has issued guidance to the local NHS about how to protect and secure all their information assets.
Jesus fucking Christ. What a bog-standard response from some IT administrator cunt that is clearly too proud of his network to admit they have problems and accept help in plugging the holes that the NHS are exposing for all to freely abuse. This in itself shows what is wrong with the people at the “top” of the system. Similar examples of this are seen all over the news where people who are relatively high up in whatever organisation they belong to believe they think that they know everything – but in actual fact, they don’t.
What fucks me up even more, is that the NHS stated (as above):
The Department has issued guidance to the local NHS about how to protect and secure all their information assets.
I can pretty much guarantee that this is just a small email sent to all the satellite IT administrators around the country that either went totally unregarded, not taken seriously or ended up in the Junk mail box. As someone who used to work with NHS (anonymised) patient data, I know exactly how easy it is to obtain it.
LulzSec have clearly stated that they do not consider NHS to be an enemy and that their work is admired, however I hope someone in the NHS takes the polite notice about their security holes seriously… for the sake of all the unsuspecting patients that have used the NHS system, and for the sake of all the other nations in the world that are willing to pay considerable fortunes to obtain this data.