Chaotic Public Services, Evidence Of National Data Center Not Managed Properly And Professionally

JAKARTA The National Data Center (PDN) which has been disrupted since Thursday (20/6/2024) shocked the public. This incident caused a number of public services to be chaotic, one of which was the immigration system of the Directorate General of Immigration, Ministry of Law and Human Rights.

Head of the National Cyber and Crypto Agency (BSSN) Hinsa Siburian said the incident was at the Temporary National Data Center in Surabaya, East Java. Then the team was flown in from Ragunan, Jakarta, which is the headquarters of BSSN, and was deployed after they detected an attempt to hack the heart of the country.

The BSSN team has succeeded in identifying a ransome variant called the Brain Chiper.

“This ransomware is the latest development of the Lockbit 3.0 ransomware.So this is the latest after we have seen the samples that have been temporarily carried out by forensics from BSSN," said Hinsa in his press conference on Monday, June 24.

On the same occasion, Hinsa emphasized that his team together with the Kominfo, Cybercrime Police, and Telkom Sigma were trying to solve this attack because the perpetrators encrypted the data they got.

In this case, Telkom Indonesia's Network and IT Solution Director Herlan Wijanarko said the cyberattack perpetrators asked for a ransom of US$8 million or equivalent to Rp131.3 billion.

Has a Domino Effect

BSSN has apparently detected suspicious acts since June 17, 2024, at around 23.15 WIB. Citing Tempo, this state agency found that there was an effort to disable Windows Defender security features that made the PDNS security system vulnerable.

Then the attack began on June 20, 2024, at 00.54 WIB. The attack in the form of ransomware affected the Surabaya PDNS.

The disturbance experienced by the National Data Center is chaotic. The most widely reported is the immigration system of the Directorate General of Immigration of the Ministry of Law and Human Rights. As a result, immigration services such as immigration offices, passport service units, and checkpoints at airport and port immigration posts are hampered, such as at Bali's I Gusti Ngurah Rai International Airport.

However, immigration services are not the only institution affected by cyber-attacks on PDN. Director General of Informatics Application Kominfo, Semuel Abrijani Pangerapan said there were 210 agencies affected by this ransomware attack.

Micro and small business actors (UMK) were also affected because the verification process and validation of data for submitting halal certificates on the Ptsp.halal.go.id portal managed by the Halal Product Guarantee Agency of the Ministry of Religion was hampered. Application data cannot be entered into the Silal system due to the paralysis of the PDN server.

In addition to submitting halal certificates, other affected public services are the Ministry of Education, Culture, Research, and Technology (Kemendikbudristek). Director General of Early Childhood Education (PAUD), Dikdas and Dikmen Kemendikbud, Research and Technology, Muhammad Hasbi said there were 47 service domains or applications of the Ministry of Education and Culture. Research and Technology was affected.

In addition, there is also the Coordinating Ministry for Maritime Affairs and Investment, and the Ministry of Public Works and Public Housing (PUPR) who was also affected.

Unprofessional PDN Cloud Management

Cybersecurity expert from vaccine.com, Alfons Tanujaya highlighted the issue of ransomware attacks to the National Data Center and asked for a fantastic ransom to restore encrypted data.

"This incident is extraordinary. Because a data center like PDN that manages thousands of virtual machines (VM) can be exposed to ransomware," he said.

He added that it would be terrible if the attacker managed to retrieve the data.

"If the data is successfully retrieved, it means that the ransomware has been entrenched in the system for a long time. For days, so that it had copied the server data. That must be a question and evaluation. It can be missed like this," said Alfons.

Alfons added, this attack proves that the National Data Center is very vulnerable because it does not have mitigation from ransomware attacks. According to him, PDN managers should have two anticipations, namely business continuity and disaster recovery. The National Data Center, he said, should have a backup server so that services continue in the event of such an attack.

He added that the government must evaluate why the recovery and business continuity of PDN are not responsive. According to him, one of the reasons is because the Ministry of Communication and Information acts as an executive of regulators as well as players. As a result, the cloud PDN is managed unprofessionally.

Whereas cloud-based services such as the National Data Center should be managed by local companies that are competent and experienced in order to reduce the vulnerability of burglary or hacking. The government can also hold accountable if the manager cannot overcome system paralysis.

"If it is held by government agencies, there will be no sanctions for four days of this down. So the service agreement level is not clear. Why? Because fellow government institutions, they are ignored," he concluded.