EU parliament blocks websites 'to protect' staff

BRUSSELS - Blocking websites is something people usually associate with authoritarian regimes in China or Iran rather than the European Union.

But staff in the European Parliament last week received this message when they tried to access the popular links-and-news sharing site Reddit: "We blocked this website to protect you."

"This website is known to distribute malware or is part of a security incident or cyber threat as reported by the Computer Emergency Response Team (CERT). This is not an error message. We have intentionally blocked this website so you wouldn't get harmed," the EP message went on.

After an avalanche of messages and over 500 comments on the Reddit website itself, the IT department of the European Parliament lifted the ban and admitted that it chose to "err on the safe side" and block all websites which are flagged up by CERT.

Reddit "got blocked at one point because it was included on a list of sites known to distribute malware. That list of sites is maintained by CERT-EU (the Computer Emergency Response Team of the European Institutions). Unfortunately I have no insight into how reddit.com ended up on the list in the first place," Joost De Cock from the parliament's technical support department wrote on Reddit.

He added that "when one of our users raises an issue for a site that is blocked, we look into the matter. If the site is legitimate, we unblock it."

Meanwhile, a contact at CERT-EU has told this website that Reddit was included on the list because Apple computers already infected with a virus called Mac.BackDoor.iWorm were being remotely accessed via a search function on Reddit.

But "it was not Reddit that distributed the malware," Didzis Abolins from CERT-EU wrote in an email.

"Every organisation makes their own decisions whether to monitor or block some resources," Abolins added.

The European Commission, the EU Council and the bloc's diplomatic service (EEAS), which all had been hacked in the past and which are also wary of further internet security "incidents", have not blocked Reddit.

While for his part Florian Walther, a Berlin-based internet security expert, told this website that the EP overreacted.

"When a malware is using Google to find whatever, then they probably block Google?!? - Not a good approach."

He said that a "professional anti-malware team" would have asked Reddit for the list of the servers used to control the infected computers, "this way you stay 100% safe while you have no side effects".

A spokeswoman for the European Parliament told EUobserver that blocking sites occurs "regularly" whenever such "potential threats" are listed, and that in the past even the BBC website was blocked temporarily.

But Malta-based network security expert Luigi Auriemma also said that blocking sites "is not a real solution."

"It's just a way to try to 'limit' the current and further issues for the users in the internal network based on a public information that arrives when it's too late."