Brazilian Hacker Son1x Is Back, Now It's The Turn Of The Police Database Being Burglarized

JAKARTA - Hackers with the initials son1x777, from the "theMxOnday" group, are at it again. After hacking last October by carrying out a defacement attack on the State Cyber and Code Agency (BSSN) website, now the Brazilian hacker group is again carrying out attacks on the site of an important Indonesian institution, the Police.

A number of police personnel data was breached. This leak is known from one of the uploads of the Twitter account @son1x777 which also defaced the BSSN website.

In a statement on Thursday, November 18, cybersecurity expert Pratama Persadha explained that the leak was uploaded on Wednesday afternoon, November 17, by the same Twitter account as the hacker on the BSSN website. In the upload, a link is also provided to download a sample of the data taken which is suspected to contain a sample database of National Police (Polri) personnel.

"The two databases provided have the same size and content, namely 10.27 MB with the first file name polrileak.txt and the second polri.sql. From the file, it contains a lot of important information from personal data of police personnel, for example, name, NRP, rank, place, and date of birth, work unit, position, address, religion, blood type, ethnicity, email, and even telephone number. This is clearly dangerous," said the chairman of the CISSReC (Communication & Information System Security Research Center) cyber research institute.

Pratama stated that there are also data columns for decision rehabilitation, trial decision rehabilitation, type of violation, rehabilitation of information, Profession and Security (propam) id, sentence completion, date of completion of Coaching and Counseling (binlu). The possibility of this leaked data is data from violations committed by Polri personnel.

"Most likely this attack as a form of hacktivist, while seeking reputation in the community and society, or to introduce the hacking team," he added.

Pratama added that previously the Police had also been hacked several times. Starting to be hacked to change the appearance (deface), hacked for online gambling sites to hacking the theft of the personnel database. Even now, the police personnel database is still being freely sold on the Internet forum RaidForum by perpetrators who have the account name "Stars12n". In the forum, sample data is also provided for download for free.

"The Indonesian National Police must learn from various hacking cases that have happened to their institutions. In order to further increase their Security Awareness and strengthen their systems. Due to the low awareness of cybersecurity, this is one of the reasons why many government websites are victims of hacking," said the man from Cepu, Central Java, in a release to the media.

Pratama added, at least this can be seen from the budget and management system that manages the information system. In institutions that still do not prioritize cyber security, the person in charge of this information system is not given great attention, meaning that in terms of human resources, infrastructure and budget are given minimal. Unlike in technology companies, usually, there is already a director in charge of technology and cyber security, and even then they still experience being conceded due to hacking.

"In the country, efforts to improve it already exist, for example, the formation of a CSIRT (Computer Security Incident Response Team). This CSIRT will later coordinate a lot with BSSN when a hack occurs," he added.

He added that one of the serious shortcomings is cyber security management which is still weak. In the case of the Ministry of Health's eHAC, for example, the Ministry of Health's IT team did not respond to reports of data leaks twice. Only after the report was submitted to BSSN, within two days the eHAC system was taken down. This should also be done in a matter of hours.

"We clearly hope that this PDP Law will be present with quite a powerful force. It can provide a warning from the beginning to state and private institutions as the rulers of personal data. If from the beginning they do not treat personal data properly and there is a leak due to hacking, then there is a threat that they will be subject to demands for compensation of tens of billions of rupiah," he explained.

This directly encourages efforts to improve human resources, infrastructure, and better management of information system management, so as to reduce data leakage.