Australian Police Database Lacked Root Password

Concerned Citizen writes "The Australian Federal Police database has been hacked, although 'hacked' might be too strong a word for what happens when someone gains access to a MySQL database with no root password. Can you be charged with breaking and entering a house that has the door left wide open? Maybe digital trespassing is a better term for this situation. 'These dipshits are using an automatic digital forensics and incident response tool,' the hacker wrote. 'All of this [hacking] had been done within 30-40 minutes. Could of [sic] been faster if I didn't stop to laugh so much.'"

It's still breaking and entering

[rm999]

"Can you be charged with breaking and entering a house that has the door left wide open?"

Nothing has to be "broken" during a breaking and entering. Not everything is so literal. As long as the person maliciously entered the system with the knowledge he didn't belong in there, it would be a virtual breaking and entering.

Re:Journalistic Beat-Up?

[Capsaicin]

If I'm reading that correctly, and they broke into a machine with poor security.

On reflection I'm not reading it correctly. What this probably means is they arrested the owner, took over the physical box, and just left it running to see who was using it. But the point stands. Not their responsibility to fix up the villain's poor security. Indeed, if this what happened, one might imagine that miminal-to-no inteferrence with how the box was running would be an operational imperative.

AU judges often don't have passwords on their PCs

[wheels4me]

The judges in AU are on a network that does not have a requirement that all users have passwords. Thus, many judges don't even password protect their PCs that are net-connected. It is no surprise that their db got hacked with the abysmal lack of security on the judicial network.