105 Million Bocor Voters Data Ahead Of The Election, CISSReC Cybersecurity Expert: Possibly Threats From Insiders
JAKARTA - Cybersecurity expert at the CISSReC (Communication & Information System Security Research Center) cyber research institute, Pratama Persadha found a leak of 105 million voter data uploaded on the breached.to website by Bjorka.
The data includes provinces, cities, sub-districts, sub-districts, TPS, NIK-KK, name, place of birth, date of birth, age, gender and address that sells for US$5,000 (Rp74.5 million).
Considering that the political situation in the country is currently warm, Pratama underlines that this is important for investigation, and do not let the leaked voter data become counterproductive in the election administration process.
"There is something wrong with the amount of data of 105 million, even though the total number of 2019 voters is already 192 million. This means that there are more than 87 million data that do not exist. I have tried to confirm with Bjorka but have not received an answer," said Pratama in a release received in Jakarta, Thursday, September 8.
Pratama further explained that with the leakage of voter data, the public would definitely turn their attention to the KPU. Because according to Pratama, there are several institutions that have this data, namely the KPU, Dukcapil, Bawaslu, and political parties and other institutions.
"KPU just has to check whether there is anomaly traffic, if there is no such thing, it is possible that there will be an insider threat attack," he said.
Pratama added that BSSN must also go deeper in various cases of data leakage in the country, or at least explain to the public how and what various public institutions are doing that experience data leakage due to hacking.
"With conditions in Indonesia that there is no Personal Data Protection Law, so there is no attempt to force it from the state to electronic system operators (PSE) to be able to secure data and systems that they manage optimally or with certain standards," he explained.
Pratama said, although there is a lot of data leaks at this time, no one is responsible, everyone feels as if they are victims.
"In fact, regarding the threat of hacking, it is widely known, PSE should provide maximum security, for example by using encryption/cryption for public personal data. At least doing maximum security for the name of both the institution or the company," he added.
When it comes to data leak sanctions, because the PDP Law has not yet been ratified, Pratama explained, the government can use Permenkominfo number 20 of 2016. The sanctions in the candy are only administrative sanctions announced to the public, the highest of which operations are temporarily suspended.
In addition, in Article 100 paragraph (2) of PP Number 71 of 2019 concerning PSTE (Electronic Transaction System Operators), there are administration sanctions for several violations of personal data protection that can be in the form of written warnings, administrative fines, temporary terminations, access terminations and is removed from the list.