National Cyber and Crypto Agency Hacker: I Can Sell The Database For A High Price!

JAKARTA - The cyber world has recently been shocked by a hack that has victimized the National Cyber and Crypto Agency (BSSN). The perpetrator behind the attack claimed to be a native of Brazil.

The official website of the National Malware Center (Pusmanas) belonging to BSSN, which has the address https://pusmanas.bssn.go.id/, could not be restored for several days.

Pusmanas was formed by BSSN to improve the ability to detect cyber attacks and provide literacy to the public regarding the risk of malware attacks used for theft of sensitive and financial information.

According to cyber security expert Pratama Persadha, the Pusmanas website was hacked on Wednesday, October 20. Pratama got evidence from the upload of the Twitter account @son1x777 which was claimed to be a hacker. In his upload, it says the perpetrator is "theMxOnday".

TheMxOnday itself is a hacker group originating from Brazil. Pratama said that this action was an act of revenge, where previously an Indonesian citizen had hacked the Brazilian state website first.

BSSN Cyber Attack Perpetrator Interview: This Target Is Very Interesting

Taking a deeper look, VOI team had the opportunity to interview hackers on the BSSN site through the Telegram application, which has the pseudonym son1x777, see below.

Hello, can we talk about the hack you did to BSSN?

Son1x77: Hi, of course, we can talk about it. Peace and love for Indonesia.

Okay fine, why did you choose BSSN to be the target?

Son1x77: The goal was to respond to the attacks of Indonesian defacers, so I decided to pick something big and important to show them how it was done.

(Defacer is where hackers change the appearance of the site, these changes can cover the entire page or in certain parts. For example, the website font is changed, annoying ads appear, to changes the page content as a whole)

BSSN is not easy to hack, how did you get in there?

Son1x77: I was looking for a big institution to hack into and I saw BSSN, so I thought, this target is very interesting.

What type of attack did this carry out?

Son1x77: I've done all kinds of attacks, but mostly just as a hobby. I have a passion for hacking, so I study and hack to gain experience and improve my skills.

After hacking the BSSN site, what are the benefits? Just revenge?

Son1x77: As I said, it was just a response to the Indonesian defacer, they asked for it... and got a response!

Can you explain how long it takes to hack the BSSN site?

Son1x77: To hack the BSSN website, it might take 10 minutes, first I started doing a little website reconnaissance, then I found a promising one. I started to analyze the technology running on the webserver, then I have coded taking advantage of this particular technology.

I did testing to exploit it manually, everything works fine. The next step is to configure the exploit I coded specifically for BSSN, launch the exploit and wait to receive the reverse shell, now I get the shell, then upload the web shell to the server to serve me as a backdoor, if something is detected I can go back...

Ok, but now I'm not satisfied with a simple shell and normal www-data (apache users), so I decided to r00t b0x (post exploits to upgrade to high-level privileges) on the server aka root. After that, I have full control over the server (BSSN).

OMG! Impressive! Are you still be able to do that?

No problem. Haha

Alright, after this hack did the BSSN contact anyone? Or do you guys have something agreed?

Son1x77: The BSSN has not contacted me after the hack.

Apart from the BSSN, what else can hackers target?

Son1x77: I can't provide any information on that right now, but I'm ready to respond with another large organization if needed.

How long have you been in this hacker world? And tell me what are the benefits?

Son1x77: I have been in this hacker world for a few months, I joined theMx0nday in April and started hacking with them, they let me in the team because they thought I was promising. But before that, I've coded and had a passion for technology, but in the world of hackers, it was only April.

The profit I get is mostly financial, after hacking, many other hackers around the world want to buy BSSN database, confidential documents, and other large network access.

Are you joining a big group in Brazil?

Son1x77: Yes, I joined them in Brazil.

After hacking an important site in Indonesia, any response?

Son1x77: There's always a security issue somewhere, if a vulnerability isn't fixed or patched, someone will take advantage of it. One mistake can cost everything. Organizations need to take information security very seriously, this time it's just destruction ... but for example, I can take over the network and spy on the BSSN for months ... after that, I can sell the data.

Pusmanas for example is a malware center, it contains exploits and malware being analyzed ... tools that others may not know about, I can steal them and use them against them, after that I can sell them at a very high price in the market, which will then be used to hack other organizations.

Btw! Are you aware of the legal consequences of this act?

Son1x77: I'm totally aware of the consequences, I don't want to be arrested, nobody is doing it. But sometimes, we don't think about it... and it's hard to stop hacking, once you get into it, it's like adrenaline, drugs... that don't bore you.

You are quite friendly as a hacker, where to learn to hack? On your own or with a friend?

Son1x77: Haha.. I started with hacking this year, my way of learning is reading code or doing something practical... I like reading books about hacking and programming. My motto: "Study hard, hack easy." Want to hear something funny about me?

That's okay too, do you want to say that you are 16 years old? I already know.

Son1x77: Yeah, hahaha. This is crazy, isn't it? OMG!

Totally crazy, but shouldn't you be enjoying your teenage years? It's like playing a game with friends, do you do it too?

Son1x77: Yes haha, I live a normal life, I socialize, go out with friends, play together etc… in my spare time I study and hack he he… Nobody knows what I do ha ha ha… Yes, my family also does not know.

I grew up very poor, now we have everything we want... So it's good for me and them, they just think I'm studying etc..