Indonesia hunts for Bjorka, hacker selling 1.3b SIM card users’ data, taunting officials

0 147

Indonesia’s newly formed data protection task force is chasing down a hacker behind a series of data leaks related to 1.3 billion registered mobile phone numbers and 105 million voters, and a log of the President’s correspondence, among others.

The hacker, who goes by the pseudonym of Bjorka and claims to be based in Warsaw, Poland, has been selling stolen data, including that from Indonesian state-owned enterprises, mobile phone operators and general election commission, on hacking forum BreachForums in the past few weeks.

Bjorka has also leaked a log of incoming and outgoing confidential documents between President Joko Widodo and the State Intelligence Agency.

The hacker also posted personal data of public figures such as Coordinating Minister for Maritime Affairs and Investment Luhut Pandjaitan and Communication and Informatics Minister Johnny G. Plate. The details leaked included phone numbers, identity numbers, and vaccine numbers.

The day after a senior informatics applications official appealed to Bjorka to stop leaking Indonesians’ personal data at a press conference on Sept 5, the hacker boldly told the government to “stop being an idiot” in a BreachForums post.

Bjorka’s intention, the hacker said in a tweet on Sept 10, was to show how easy it is “to get into various doors due to a terrible data protection policy”, “primarily if it is managed by the government”.

On Twitter, Bjorka also said those investigating the hacking would not know where to start looking, and taunted public figures such as State-Owned Enterprises Minister Erick Thohir, telling him to give up his presidency hopes.

At least three of Bjorka’s Twitter accounts have been suspended.

Coordinating Minister for Political, Legal, and Security Affairs Mahfud MD last Wednesday called on the public to remain calm, claiming no crucial systems were hacked and no state secrets were leaked.

The leaks “only occurred to general data pertaining to the President’s correspondence. Until now, their content has not been leaked”, he said.

He added that authorities have identified Bjorka and the hacker’s location based on “tools that can track all the stuff”.

Soon after the data protection task force was formed last Wednesday, the police interrogated a 23-year old man, identified by the initials MAH, in Madiun regency in East Java, where he sells drinks in a traditional market.

The police have not confirmed if he is Bjorka, and the task force is investigating the recent incidents.

Ruby, chief executive of Jakarta-based Digital Forensic Indonesia, underlined that instead of focusing only on the latest data breach, the task force should also investigate similar leaks since 2019 and at least, get “lessons learned from the past cases” to avert similar incidents in the future.

“It’s better for the task force to improve data management. Relevant institutions just denied data leaks in the past few years and did not enhance their data protection, and therefore, there have been recurrent data leaks,” Alfons Tanujaya, an IT security specialist at Vaksincom.

“If Bjorka is arrested, but the data continues to be leaked, within three to six months there will be other Bjorkas exploiting the breached data.”

Parliament is expected to pass the Personal Data Protection Bill within a month, said Dr Mahfud.

When the Bill is passed into law, government institutions and private companies will be pushed to enhance their cyber security, both Ruby and Alfons said. This is because any data leaks will result in financial penalties and criminal sanctions.

“Logically, due to the fine and sanctions, all parties will be well-prepared, ensuring that their cyber security is better than the past and data leaks can be averted,” said Ruby.

“If there’s a leak, the public can demand accountability and compensation because of the existence of a valid legal basis.”

 

 

SOURCE: NEWS AGENCIES

You might also like