It *is* a criminal offence under extensions to the original CMA1990 in the Police and Justice Act 2006. The maximum penalty was also increased to two years imprisonment.
I don't think this particular incident is enough to attract a custodial sentence, but he will almost certainly end up with a well-deserved criminal record for his stupidity if somebody can be bothered to press charges. Some people's opinions are truly astounding.
Why do we even bother having best practices if people aren't going to follow them? No damage was done- that's a hell of a lot more than you can ask from a damned hacker. And if your provisioning system doesn't blow- then fixing the problem isn't a big deal either. Would your insurance company pay a claim on your stolen car if you left it running, with the doors wide open, in Harlem? Of course not. Nobody wants to take any responsibility for their own stupidity. The only criminal act here was the negligence on the part of the ISP. They got embarrassed- no harm was done- get on with your damned life. The fact is that people will ALWAYS be curious- it's what makes human beings so amazing. People will explore their surroundings and if you don't want them to- then try taking some basic steps to ensure they can't. As for the laws? Prison is for people who irrevocably harm society- some stupid kid who went exploring his cable modem DOES NOT QUALIFY. And what about a criminal record? Who the hell does that help? Give the guy a record and force him to go to work for the spammers and botnet writers? Great thinking. "well-deserved criminal record for his stupidity." Where is the criminal record for the idiot who allowed remote access with a single username and password to every single cable modem? That's pretty damned stupid. Honetly- when did we all become such vindictive assholes? Had the guy caused any real damage then you might have an argument. He didn't. We need to stop letting companies abuse the law instead of performing due dilligence. -Don