BAIS And INAFIS TNI-Polri Sensitive Data Leaked, Sold On Dark Web

Illustration of hacking reports made by the Twitter account @falconfeedsio (photo: x @FalconFedsio)

Sensitive data from the Indonesian Strategic Intelligence Agency (BAIS) of the Indonesian National Army (TNI) and the Indonesian Automated Finger Sidik Identification System (INAFIS) of the Indonesian National Police (Polri) have been leaked and sold on the dark web. Hackers operating with alias MoonzHaxor demanded a ransom of up to 7,000 US dollars (around Rp114 million) for the compromised data.

This breach was first reported by the Twitter account @falconfeedsio, which revealed that the hacker had posted a stolen data sample on the dark web market, offering full data sets to interested buyers. MoonzHaxor, a prominent member of BreachForums, has uploaded files from the Strategic Intelligence Agency (BAIS). This leak includes a sample of files, with complete data sets available for sale.

TNI spokesman Major General, Nugraha Gumilar, confirmed that the TNI Cyber Team is currently investigating the alleged violation of the TNI BAIS data.

🚨🚨Indonesian Intelligence Agency Data BreachLeaked by: MoonzHaxor on BreachForumsSummary:MoonzHaxor, a prominent member of BreachForums, has uploaded files from the Badan Intelijen Strategis (Indonesian Military Strategic Intelligence Agency). The leak includes sample… pic.twitter.com/73doXJDYG1

— FalconFeeds.io (@FalconFeedsio) June 24, 2024

Indonesian Intelligence Agency Data BreachLeaked by: MoonzHaxor on BreachForumsSummary:MoonzHaxor, a promising member of BreachForums, has uploaded files from the Strategic Intelligence Agency (Indonesian Military Strategic Intelligence Agency). The leak includes sample... pic.twitter.com/73doXJDYG1

"Regarding information from the Falcon Feed account that BAIS TNI data has been hacked, it is still under thorough investigation by the TNI Cyber Team," Nugraha said on Wednesday, June 26, 2024.

Lieutenant General Hinsa Siburian, Head of the National Cyber and Crypto Agency (BSSN), admitted that the leaked data included old but convincing information that the INAFIS system is currently functioning properly. "Indeed, there is a lot of data leaked," said Hinsa.

The @FalconFedsio account also details that MoonzHaxor disclosed the breach, which includes sensitive information such as fingerprint images, emails, and SpringBoot apps with configuration properties.

This incident occurred after a similar incident in 2021 in which the State Intelligence Agency's (BIN) internal network was compromised by a group from China, Mustang Panda. This incident highlights the continued cyber vulnerability and the urgent need for strong data protection measures within Indonesia's strategic and law enforcement agencies.