Hacker reverse-engineered ACMA blacklist

Hacker reverse-engineered ACMA blacklist

Summary: An Australian Communications and Media Authority (ACMA) executive has told a Senate Estimates hearing that the alleged leak of its blacklist in March was the result of a hacker reverse-engineering a Family Friendly filter.

SHARE:

This story initially reported that filters used by Family Friendly ISPs had been reverse engineered. Ms O'Loughlin was actually referring to Family Friendly filter vendors.

update An Australian Communications and Media Authority (ACMA) executive has told a Senate Estimates hearing that the alleged leak of its blacklist in March was the result of a hacker reverse-engineering a Family Friendly filter.

"We started off very much concerned about our internal process, but then as more information came to us it became very clear that where the alleged list was acquired from was actually from the filter itself," Nerida O'Loughlin, ACMA's general manager of its Industry Outputs Division told the Senate Estimates hearing on Monday.

ACMA's investigation into the leak revealed one of the filters on the Internet Industry Association's Family Friendly filter list was "reverse engineered" to produce the blacklist that was leaked. Family Friendly filter vendors include Microsoft, f-secure, McAfee and Trend Micro amongst others.

Shortly after the alleged leak, Minister for Communications Stephen Conroy said the list was not current, but an older version that ACMA had used. The leaked list contained some 2395 web pages whereas the list at the time of the leak contained 1061 URLs. ACMA's current list issued to Family Friendly ISPs contains just 977 web pages.

The leak prompted a review of security arrangements around how ACMA sends out the weekly update of the blacklist, which it claimed is "always encrypted" before sending. Participating vendors are typically notified that a new list is available and are provided a password to access it.

ACMA also asked the vendors to submit details on how the blacklist is handled once it had been received, though only eight of the 13 participants responded, said O'Loughlin.

"We asked them to provide information back to the ACMA with regard to any security vulnerabilities. We stopped distributing the list at that point in time until we were satisfied that we had information from those vendors as to what they would put in place," said O'Loughlin.

O'Loughlin said the matter had been referred to the Australian Federal Police in the past few weeks.

Topics: Security, Government AU, Telcos, Tech Industry

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • Article needs correcting

    Liam,

    You say:

    "ACMA's investigation into the leak revealed the filter used by one of 13 ISPs on the Internet Industry Association's Family Friendly ISP list was "reverse engineered" to produce the blacklist that was leaked"

    What Nerida actually said:

    "We have written to the 13 Family Friendly filter providers under the IIA scheme to whom we provide that list".

    Nerida is talking about filter vendors who get access to the blacklist.

    "...it became very clear that where the alleged list was acquired from was actually from the filter itself”

    "We stopped distributing the list at that point in time until we were satisfied that we had information from those vendors as to what they would put in place"

    Nerida is not referring to IIA family friendly ISPs... there are more than 13 of them.

    Nerida is referring to IIA approved internet filter vendors.

    No ISP, besides those about to embark on the ISP-level content filtering trials, have received the blacklist.
    anonymous
  • Cheers

    Hey Ben,

    thanks for pointing this out, I'm updating the story.

    Cheers,

    Renai LeMay
    News Editor
    ZDNet.com.au
    anonymous
  • All cool

    Renai,

    No worries :)
    anonymous
  • not reverse engineered

    I think describing this as reverse engineering is over stating the case.
    The list was actually in clear text in a file included with the filter.
    anonymous
  • The AMCA and The Blacklist

    Come on - Wikileaks published the blacklist over 2 months ago.

    The ACMA are idiots - their proposed porn filter was circumvented in a matter of seconds, and I see no reason for this filter to be any different.

    My ISP will not filter anything, instead leaving it to the responsibility of PARENTS to look after their kids, not some luddite in Canberra.
    anonymous
  • This is old news, but still a valid point. The filter is going to be very flawed, and easily bypassed. I know that I can easily get around it as there are several areas which the filter will not cover, which is where everyone will go. The main thing this will do is slow down an already slow slow national speed.

    My main concern is that this list is supposed to be a secret. Why hide what the government is protecting people from, unless it is protecting the government from the people.
    Farreg
  • I think we all know there are a dozen ways to circumvent it, but, the list will never be secret. It will be obvious what the banned sites are when you find you can't reach them, and so publish that information in a shadow blacklist. Has anyone got a url for the blacklist shadow site yet? lol

    The fun will start soon, I'm sure. The leaked list had some perfectly non-porn legal sites, hence the revelation that it was not the actual list.

    In the government's eyes (why do we ever vote for clueless people...), a declining rate of prosecutions will make it a success. But absence of evidence is not evidence of absence.

    I wonder if there will be mandatory secret reporting of attempts to reach blacklisted URLs.

    I'm going to assume the gov't employed IT stars in their dreamland censorship enterprise, because the real hacker talent won't be playing ball...
    fanjet@...