JAKARTA - The Indonesian government seems to be a target for hackers. After the data centers from several Ministries/Institutions were previously suspected of being leaked, now it's the turn of data from the Ministry of Communication and Information Technology.
The Brain Cipher ransomware group has also claimed that they were responsible for the attack, and reportedly demanded a ransom of USD 8 million or approximately IDR 131 billion.
With a large number of public data managed on its servers, PDN is one of the agencies that is very vulnerable to cyber attacks. So should the ransom be followed?
IT expert from Digital Security Indonesia, Didik Irawan said following the wishes of hackers was not the only option. He reasoned that no one had yet confirmed that the stolen data could return to perfection.
According to Didik, the transient PDN was successfully infiltrated by ransomware, this shows unpreparedness in managing and managing risks in cybersecurity. "The main weakness here is actually located on the Standard Operational side of the procedure in data center management, there is no periodic backup to handle government service data, in my opinion, it is enough to be a joke material that will be discussed for a long time in IT forums or talks," IT Expert Didik Irawan told VOI, Monday, July 1.
SEE ALSO:
Didik said the most appropriate step in solving the PDNS problem requires a comprehensive audit of all cyber governance in PDNS. Next, improve (patch) the findings of the audit results, thirdly carry out cyber governance SOPs in PDN using the good IT governance approach.
"Until now, it is not clear where this ransomware infection came in, whether through internal (employee negligence) or internal sabotage (some ransomware offers cooperation in profit sharing for its affiliators) or through external infection, so for post mortem this incident needs to be opened to the public through cybersecurity investigations," said Didik Irawan.
"To prevent this incident from happening again, it is necessary to protect both internally and externally through SOP governance properly, meaning that things like regular backups have become mandatory for the entire series of SOP governance," he added.
Government Promises July PDN Services Recover
Coordinating Minister for Political, Legal & Security Affairs, Hadi Tjahyanto announced that based on forensic results, there were users from internal parties who were suspected of being careless in using passwords. It is this internal party who was later found guilty of the LockBit 3.0 ransomware attack. Even the exact sentence is
"Even from the forensic results, we can already find out who the user always uses his password and finally these very serious problems occur," said Coordinating Minister for Political, Legal and Security Affairs Hadi Tjahyanto after leading the Coordination Meeting, Monday, July 2.
Not only that, Hadi Tjahjanto targets PDN services to recover in July 2024. He explained that the government's efforts were between backing up or backing up PDNS 2 with a cold site.
Later, the cold site will be improved with a hot site in Batam which is a system that regulates the use of location backup data. In addition, the government continues to seek layered data protection in PDNS 2 with a cloud monitored directly by BSSN.
"Each data center owner also has a backup so that there are at least three layers to four layers of that backup, then we will also backup it with a backup cloud," said Hadi.
The government, he said, requires all ministries, institutions and agencies to back up or back up data to anticipate hacking. This is because data in several ministries and agencies can still be saved after the temporary PDN hack if backup is carried out.
If Only There Was No Hurry
Telematics and Multimedia observer Roy Suryo said the carelessness occurred apart from work management issues that did not comply with standard operating procedures (SOP) that should be carried out in PDN. According to Roy, it should follow the ISO-27001 and TIER-4 standards according to the TIA (Telecommunication Industry Standard)-942 & IEC (International Electronic Commission), namely Confidentiality, Integrity & Availability.
"Also due to the "social engineering" error that could be realized or did not happen to the staff or person in charge of the system at the Surabaya PDNs-2 belonging to Telkomsygma," Telematics and Multimedia Observer Roy Suryo told VOI via written message, Tuesday, July 2.
Roy also explained that more technically, carelessness about the use of non-proper passwords can happen because of many things, for example not complying with the existing User-Id & password confidentiality, too often logging in as a "root" even though it is not necessary, forgetting to log out after doing maintenance or indeed "trapped" following hackers' lures who take advantage of Games, Online Gambling or even Pornography Sites that make them negligent.
"This method of phishing cases is often used to deceive the elements of the brainware, even though Software and Hardware have actually been pursued to have certain security standards," said Roy Suryo.
With the term negligence allegedly carried out by insiders, Roy asked the government not to distract from disasters that are very large to just one person. He reasoned that after all there would also be no very embarrassing and worrying incident if there was no hurry.
"I think this leak is due to the pursuit of the broadcast of the PDN-1 (temporary) completion target in Deltamas Cikarang, which should only be completed in October 2024, has to be completed to be inaugurated on August 17, next month." he said.
Roy added that if everything was according to the original plan and concept, where there would be 4 PDN: 1. Deltamas Cikarang, 2. Nongsa Batam, 3. Balikpapan IKN and 4. LabuanBajo Manggarai, of course the deployment and implementation will not be in a hurry and there is no need to bother renting for Lintasarta's PDNS-1 in Serpong and Telkomsygma's PDN-2 which finally conceded only 2% of the data.
"The rental price, if I'm not mistaken, reaches hundreds of billions. This is what I always call the need for an Budget Investigative Audit other than its IT Forensic Audit, because there can be irregularities due to chasing something (personal ambition?) which is unclear but has resulted in enormous losses in the history of data in this republic," he said.
Roy explained that the current data leak clearly will not recover by 100 percent. The reason is, technically the available data backup is only in urban villages and local governments, both municipality and district.
"And it can be ascertained that the existing data is obsolete data (obsolete). Stimulate here at least the last 1-2 years before Presidential Decree No. 82/2023 concerning the Acceleration of Digital Transformation and the Integrability of National Services, even Presidential Decree No. 132/2022 which regulates the architecture of the National Electronic-Based Government System (SPBE)," he said.
"Because the Presidential Decree which regulates the issue of SDI (One Indonesian Data) in addition to ordering data unification to PDN has also prohibited the allocation of regional servers, including budgeting. In other words, the loss due to the paralysis of PDNS-2 is really large," he concluded.
Hackers' "Rayuan" For Indonesia
Data from several agencies in Indonesia is also suspected of being leaked. Among them are the Strategic Intelligence Agency (BAIS), the Indonesian Auto Finger Sidik (INAFIS) of the NATIONAL POLICE, data from BPJS Ketenagakerjaan, and many more. Then, hackers announced asking the government for ransom via the official Brain Cipher website.
Cyber observer from Vaccine.com Alfons Tanujaya has also confirmed that the announcement shared on the official Brain Cipher website is true.
"Brain Cipher issued a statement on its website that we can access, and that's the official website, we've checked that's true," Alfons said in a statement on Tuesday, July 2.
However, Alfons warned the government and all parties involved not to be quickly lulled by the promise. Because according to him, there is no exact date when the key will be given.
Because, based on his observations, Brain Cipher only gives days, and does not disclose the date of the decryption key will be given. So, it is not certain that the waiver key will be given on Wednesday, July 3 tomorrow.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
