Hacker reverse-engineered ACMA blacklist

An Australian Communications and Media Authority (ACMA) executive has told a Senate Estimates hearing that the alleged leak of its blacklist in March was the result of a hacker reverse-engineering a Family Friendly filter.

This story initially reported that filters used by Family Friendly ISPs had been reverse engineered. Ms O'Loughlin was actually referring to Family Friendly filter vendors.

update An Australian Communications and Media Authority (ACMA) executive has told a Senate Estimates hearing that the alleged leak of its blacklist in March was the result of a hacker reverse-engineering a Family Friendly filter.

"We started off very much concerned about our internal process, but then as more information came to us it became very clear that where the alleged list was acquired from was actually from the filter itself," Nerida O'Loughlin, ACMA's general manager of its Industry Outputs Division told the Senate Estimates hearing on Monday.

ACMA's investigation into the leak revealed one of the filters on the Internet Industry Association's Family Friendly filter list was "reverse engineered" to produce the blacklist that was leaked. Family Friendly filter vendors include Microsoft, f-secure, McAfee and Trend Micro amongst others.

Shortly after the alleged leak, Minister for Communications Stephen Conroy said the list was not current, but an older version that ACMA had used. The leaked list contained some 2395 web pages whereas the list at the time of the leak contained 1061 URLs. ACMA's current list issued to Family Friendly ISPs contains just 977 web pages.

The leak prompted a review of security arrangements around how ACMA sends out the weekly update of the blacklist, which it claimed is "always encrypted" before sending. Participating vendors are typically notified that a new list is available and are provided a password to access it.

ACMA also asked the vendors to submit details on how the blacklist is handled once it had been received, though only eight of the 13 participants responded, said O'Loughlin.

"We asked them to provide information back to the ACMA with regard to any security vulnerabilities. We stopped distributing the list at that point in time until we were satisfied that we had information from those vendors as to what they would put in place," said O'Loughlin.

O'Loughlin said the matter had been referred to the Australian Federal Police in the past few weeks.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All