What a to do
"They're only having a laugh, leave 'em alone!", was more less the attitude in the comments that I remember from the last story on Reg about this bunch, especially when anyone tried to condemn them for their actions. I'm all in favour of penetration testing but this sort of baptism of fire only favours security firms offering protection consultants at vastly inflated hourly rates. I'm sure some people think this will wake some companies up to deal with their security, but it won't. Companies won't spend money and the as usual the management will come up with something like, "We bought this firewall/IDS appliance then plugged it in, we're secure!".
This lot are the internet equivalent of "RatBoys", bust into somewhere, dump on the floor, grab anything they can that might be interesting and finally they can boast to their mates about what they did.