JAKARTA - A number of members of Commission I of the DPR RI questioned the cyber attacks and data leaks that often occur to the Minister of Communication and Information (Menkominfo). In August 2022 alone, three data leaks had occurred.
Member of Commission I DPR RI Nurul Arifin is suspicious. "How can you keep conceding, it's impossible for no one to inside this person, sir. This is embarrassing in my opinion, during the Kominfo three times the leak with the data being a big number."
Nurul suspects that the low level of compliance with Electronic System Operators (PSE) in following up on detection notifications is one of the causes of various cyber incidents in Indonesia.
"I question the function of Kominfo, Kominfo should be able to take down those who are naughty, sir. If you shake your head again, please explain, sir, because we don't understand," said Nurul during a meeting of Commission I of the DPR RI with the Minister of Communication and Information on September 7, 2022 in Senayan, Jakarta.
This is because Kominfo initially required users to provide population information as a condition for activating SIM cards.
However, the Minister of Communication and Informatics Johnny G. Plate with a cyber attack in the digital space is not the main task of Kominfo. Kominfo's task is only to ensure that Electronic System Operators (PSE) comply with policies in Indonesia, including data processing.
The task of anticipating a cyber attack is actually, said Johnny, to enter the realm of the National Cyber and Crypto Agency (BSSN).
"In this case, we want to convey in PP 71 of 2019 against all cyber attacks, leading sectors, and important domains, the main tasks and functions are not in the Communications and Informatics. Against all cyber attacks on digital spaces, the technical domain of BSSN (Siber Agency and State Password)," he said.
"So the question related to our cyberattack certainly can't answer for and on behalf of the BSSN," Johnny continued.
Even so, Kominfo is ready to provide support for BSSN regarding the improvement of technical and system capabilities to avoid cyber attacks.
Recommendations include three things:
"This is so that everything is known. So far, we have answered all of this just so that the public knows about it, but it is not a domain and is not the task of Kominfo in relation to technical matters of cyber attacks. Because of the cyber-domain attack by BSSN," explained Johnny.
Responding to the alleged data leak incident, BSSN admitted that it had conducted a search and validated the published data. Together with PSE, BSSN is also making rapid mitigation efforts to strengthen the cyber security system to prevent greater risks.
However, BSSN Spokesperson Ariandi Putra emphasized that data leakage is not only the responsibility of BSSN. According to PP Number 71 of 2019, every Electronic System Operator must organize an electronic system in a reliable and safe manner. Also, responsible for the operation of the electronic system as it should be.
"We have also coordinated with law enforcement to take law enforcement steps," said Ariandi Putra in a written statement.
BSSN is the result of the merger of the State Crypto Institution (Lemsaneg) and the Directorate of Cyber Security of Kominfo. It was formed on May 19, 2017 through Presidential Decree Number 53 of 2017 concerning the National Cyber and Crypto Agency.
In the Presidential Decree, it is stated that BSSN is a non-ministerial government institution that is responsible to the President through a minister who oversees coordination in the fields of politics, law, and security.
His job is to carry out cybersecurity effectively by coordinating all elements related to cybersecurity. Be it for detection, monitoring, prevention, recovery, evaluation, for incidents or cyber attacks.
"Securing data in the digital space is a process that must be carried out with discipline and continuous," said Ariandi.
A total of 26 million Indihome user data, 17 million PLN customer data, and 1.3 billion cell phone SIM card user data in Indonesia were leaked and traded on a breached.to online forum for US$5,000 by hacker Bjorka.
Cybersecurity and digital forensic expert from Vaccinecom, Alfons Tanujaya, has examined the validity of the SIM card user data. As a result, these data are correct.
From the number and the NIK given as a sample, it turns out that everything that is checked is authentic data. The telephone number related to the NIK is also active and is indeed used by the NIK owner in question," he said.
However, according to Coordinating Minister for Political, Legal and Security Affairs Mahfud MD, these data are not confidential data. So, nothing is dangerous yet.
"Currently, we are investigating the reason why hackers can take the data," Mahfud told the media crew on Monday (12/9).
Even so, said Alfons, the owner of the data is still at a loss. If the leaked data is credentials, maybe mitigation such as changing the password or activating the Two Factor Authentication (TFA) can be done and effective in warding off negative effects for data owners as long as it is announced immediately and the credible owner is aware of this.
"Meanwhile, if what is leaked is other data such as population data, personal confidential information or site access log, then the owner of the population data and access log of the site will suffer the most," explained Alfons as quoted by Tempo.co.
It is not impossible, these data will be used for negative things. Such as being used to design social engineering targeting data owners. Forging themselves as acustomer service bank asks for transaction credentials to steal customer funds.
Or, you can use fake ID cards which are then used for example for legislative nominations or other things. Data can also be used to embarrass data owners in cyberspace.
That is why member of Commission I DPR RI Fadly Zon asked the government to immediately conduct a total evaluation regarding cyber defense in Indonesia.
"We are treated like this and there is no adequate resistance like there is no defense. Ironically, our netizens mostly support (what Bjorka is doing). This is something wrong," he said, Monday (12/9).
Mahmud Ashari in his writings on the website of the Ministry of Finance explained a number of factors that could cause data leakage, namely:
Acer Indonesia on its official website also added one other factor that causes data leaks, namely because of the actions of individuals. Most of the data loss doesn't always occur through electronic media. However, it can also be caused by an employee who has bad intentions.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)