Slashdot Mirror

← Back to Stories (view on slashdot.org)

Australian Police Database Lacked Root Password

Posted by kdawson on from the kick-me dept.

Concerned Citizen writes "The Australian Federal Police database has been hacked, although 'hacked' might be too strong a word for what happens when someone gains access to a MySQL database with no root password. Can you be charged with breaking and entering a house that has the door left wide open? Maybe digital trespassing is a better term for this situation. 'These dipshits are using an automatic digital forensics and incident response tool,' the hacker wrote. 'All of this [hacking] had been done within 30-40 minutes. Could of [sic] been faster if I didn't stop to laugh so much.'"

16 of 214 comments (clear)

  1. a legit hack by Lord+Ender · · Score: 5, Insightful

    They broke out of a honeypot, discovered the available services on a private network, then found and exploited s service that was misconfigured.

    Believe it or not, most hacks don't involve writing custom exploit code. They just require some work and the sense to know what you're looking for.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    1. Re:a legit hack by Lord+Ender · · Score: 3, Insightful

      And? A hack doesn't have to be "hard" to be a hack. As the word is popularly used today, breaking into a computer through nonobvious (to the average person) means is hacking.

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    2. Re:a legit hack by impaledsunset · · Score: 2, Insightful

      By your definition, visiting the FTP server I found running on your PC is hacking. Last month I opened a browser and typed "ftp://ftp.mozilla.org/" to look for an older version of Firefox. I didn't know if such a thing existed, I was just guessing. This is probably hacking, too.

  2. Re:mmmm........ by jcr · · Score: 5, Insightful

    A bureaucrat fired for incompetence?

    If that happens, then Australia is more different than the USA than I can possibly imagine.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  3. Re:It's still breaking and entering by zippthorne · · Score: 4, Insightful

    I should hope that the law is literal. "Don't be so literal" is not the kind of argument you want to hear from the prosecution at any phase of a trial. Especially sentencing. Assault and Battery are sure as damn different things, and separably chargeable.

    --
    Can you be Even More Awesome?!
  4. Re:Brag about it and get snapped! by Beardo+the+Bearded · · Score: 4, Insightful

    Well, they would say that, wouldn't they?

    --

    ---
    ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
  5. In seeing this from the dark side... by shacky003 · · Score: 4, Insightful

    The OP is asking about being charged with anything just because the "door" wasn't on the "house" to keep them out...

    That's a little like saying "Can someone be charged with stealing a bike if it was just sitting up against the front of the store while the owner was inside the store.."
    Just because there wasn't a safeguard in place (supreme dumbasses? Why yes!) it isn't a valid legal argument (at least in the states) to plead ignorance to the
    effect that you still stole the bike, even if there was no lock securing it..

    It might be an interesting place to live if everything could be played with/used/stolen
    as long as it wasn't secured..

    As always, I may know nothing about anything, ever - and don't smoke crack.

  6. TERRIBLE analogy by Anonymous Coward · · Score: 3, Insightful

    Let's get a better analogy:

    "If you broke a window (pun intended), entered the house, saw safe on the floor, turned the handle and it was unlocked, would you be breaking and entering?"

  7. Re:mmmm........ by gcnaddict · · Score: 4, Insightful

    Government employees are always fired when their actions (or inaction) embarrass the nation.

    Incompetence? You're right; employees typically aren't fired for that, but causing major embarrassment is always grounds for termination.

    --
    Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
  8. Re:mmmm........ by Shakrai · · Score: 4, Insightful

    Government employees are always fired when their actions (or inaction) embarrass their political masters

    Fixed that for you :)

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  9. Re:no injection necessary by rivetgeek · · Score: 2, Insightful

    Are you (or he, i haven't read his comment) trying to say that mysql was accessible from the outside to arbitrary connections directly? I find that pretty hard to believe.

  10. Re:mmmm........ by Mr.+Freeman · · Score: 5, Insightful

    No, SOMEONE is always fired when their action causes embarrassment to the nation/their boss/etc.

    It most sure as hell IS NOT the person that should be fired.

    --
    -1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
  11. Re:mmmm........ by lena_10326 · · Score: 3, Insightful

    Government employees are always fired when their actions (or inaction) embarrass the nation.

    Is president of the United States considered a government employee? Cuz... that totally messes up your comment if so.

    --
    Camping on quad since 1996.
  12. Re:Even if unlocked still breaking and entering by Whalou · · Score: 2, Insightful

    So, breaking your neighbors WEP encryption and logging onto his network is a misdemeanor. Using this access to browse onto his c$ share and download his secret porn stash bumps it up to a felony.

    How can I know the felony is worth it if I can't look at his porn stash first!

    --
    English is not this .sig mother tongue...
  13. Re:mmmm........ by Canazza · · Score: 2, Insightful

    I hear the call of he who shall not be named... Lord Mandels... *guurk*

    --
    It pays to be obvious, especially if you have a reputation for being subtle.
  14. Re:mmmm........ by Anonymous Coward · · Score: 1, Insightful

    The president is a figurehead or scapegoat for those that are truly in charge. You wouldn't fire your scapegoat unless you really had to.