This story initially reported that filters used by Family Friendly ISPs had been reverse engineered. Ms O'Loughlin was actually referring to Family Friendly filter vendors.
update An Australian Communications and Media Authority (ACMA) executive has told a Senate Estimates hearing that the alleged leak of its blacklist in March was the result of a hacker reverse-engineering a Family Friendly filter.
"We started off very much concerned about our internal process, but then as more information came to us it became very clear that where the alleged list was acquired from was actually from the filter itself," Nerida O'Loughlin, ACMA's general manager of its Industry Outputs Division told the Senate Estimates hearing on Monday.
ACMA's investigation into the leak revealed one of the filters on the Internet Industry Association's Family Friendly filter list was "reverse engineered" to produce the blacklist that was leaked. Family Friendly filter vendors include Microsoft, f-secure, McAfee and Trend Micro amongst others.
Shortly after the alleged leak, Minister for Communications Stephen Conroy said the list was not current, but an older version that ACMA had used. The leaked list contained some 2395 web pages whereas the list at the time of the leak contained 1061 URLs. ACMA's current list issued to Family Friendly ISPs contains just 977 web pages.
The leak prompted a review of security arrangements around how ACMA sends out the weekly update of the blacklist, which it claimed is "always encrypted" before sending. Participating vendors are typically notified that a new list is available and are provided a password to access it.
ACMA also asked the vendors to submit details on how the blacklist is handled once it had been received, though only eight of the 13 participants responded, said O'Loughlin.
"We asked them to provide information back to the ACMA with regard to any security vulnerabilities. We stopped distributing the list at that point in time until we were satisfied that we had information from those vendors as to what they would put in place," said O'Loughlin.
O'Loughlin said the matter had been referred to the Australian Federal Police in the past few weeks.
Liam,
You say:
"ACMA's investigation into the leak revealed the filter used by one of 13 ISPs on the Internet Industry Association's Family Friendly ISP list was "reverse engineered" to produce the blacklist that was leaked"
What Nerida actually said:
"We have written to the 13 Family Friendly filter providers under the IIA scheme to whom we provide that list".
Nerida is talking about filter vendors who get access to the blacklist.
"...it became very clear that where the alleged list was acquired from was actually from the filter itselfâ€
"We stopped distributing the list at that point in time until we were satisfied that we had information from those vendors as to what they would put in place"
Nerida is not referring to IIA family friendly ISPs... there are more than 13 of them.
Nerida is referring to IIA approved internet filter vendors.
No ISP, besides those about to embark on the ISP-level content filtering trials, have received the blacklist.