Selector Data Site Allegedly Hacked, KPU Disables Sidalih User Account
The General Election Commission (KPU) of the Republic of Indonesia has disabled all user accounts in the Voter Data Information System (Sidalih) following the alleged KPU website being hacked by hackers.
Head of the Indonesian KPU Data and Information Division, Betty Epsilon Idroos, said that the closure of the Sidalih account was carried out in anticipation of the hacking problem.
"The KPU checks the information system submitted by the threat actor, namely Sidalih and deactivates Sidalih user accounts as an effort to handle the hack further," Betty said in his statement, Thursday, November 30.
Initially, the KPU found out about information related to the existence of parties who had sold data allegedly belonging to the KPU since Monday, November 27, 2023 at around 15.00 WIB.
After receiving this information, continued Betty, the KPU immediately informed BSSN, Bareskrim, and other relevant agencies.
"The KPU always coordinates with BSSN, Bareskrim, Developers' parties, and other relevant agencies to obtain digital data and evidence related to the breakdown data information," said Betty.
Based on the results of joint checks, currently several analyses are being carried out such as the analysis of access logs, user management analysis, and other log analysis taken from the application and the servers used to identify the perpetrators, if it is true to hack the Voter Data Information System.
"The KPU provides the widest possible access to the incident response team to jointly protect and prevent the spread of voter data," he explained.
In this case, hackers with the anonymous name "Jimbo" claim to have hacked the kpu.go.id site and managed to obtain voter data from the site. A total of 204 million NIK voter data, KK, and domicile were sold for IDR 1.2 billion.
They then sold the voter data on the BreachForums website which is usually used to sell the hack results.
"Jimbo offers the data he managed to get for US$ 74,000 or almost equivalent to Rp 1.2 billion," said Chairman of the Cissrec Cyber Security Research Institute, Pratama Persadha in his statement, Tuesday, November 28.
In addition to sharing 500,000 example data that was successfully hacked on one of its posts on the BreachForums website,ruchase also shared several screenshots from the cendptonline.kpu.go.id website to verify the correctness of the data obtained.
In another screenshot shared by fire, it appears that a KPU website page is likely to come from the user's dashboard page.
According to Pratama, with the screenshot, it is very likely that you will be able to get access to login with the KPU role admin from the sidalih.kpu.go.id domain using the phishing method, social engineering or through malware.
"By having access from one of these users, please download voter data and several other data. Cissrec has also previously given an alert to the KPU chairman about vulnerability in the KPU system on June 7, 2023," said Pratama.
SEE ALSO:
In the post on the forum, Goodminton also conveyed that the 252 million data he managed to get were several duplicated data. Afterkowal conducted a screening, there were 204,807,203 unique data and this number is almost the same as the number of voters in the KPU DPT, which amounted to 204,807,222 voters from 514 regencies/cities in Indonesia and 128 representative countries.
The data obtained by fire has some quite important personal data, such as a population identification number (NIK), family card number (KK), ID card number (containing passport number for voters who are abroad), full name, gender, date of birth, place of birth, marriage status, complete address, RT, RW, kelurahan, sub-district and district codification as well as TPS codification.