‘I think Indonesia’s cybersecurity is run by 14-year olds’: Hackers
September 2, 2022
JAKARTA – Hackers behind recent data breaches disclose their modus operandi and goals.
Data breaches have been recurring events in Indonesia over the past few years, with the private data of millions of internet users being leaked again and again, whether from government institutions or private corporations.
The most recent breaches were revealed in an online forum called breached.to, where millions of data entries were either sold or distributed for free within a short span of under three weeks from Aug. 15 to 31.
“Indonesia’s cybersecurity is really awful, I think it’s run by 14-year-olds,” said Xerxes (a pseudonym), one of the hackers who claimed to come from Europe.
The 21-year-old hacker said he had cracked the security of an unknown trading and business-to-business (B2B) marketplace platform, from which he stole nearly 500,000 users’ data, and more than 1 million company user databases and documents.
Based on IBM’s Threat Intelligence Index 2022, ransomware accounted for 21 percent of total attacks in 2021 and Interpol ranked Indonesia first in Southeast Asia with 1.3 million cases of ransomware, according to the ASEAN Cyberthreat Assessment in 2021.
Xerxes revealed that he undertook the hacking of a few Indonesian companies (that he declined to disclose) last December and discovered the vulnerability by accident, from whence he managed to gain direct access to the Structured Query Language (SQL) of the sites.
Another incognito hacker who claimed to come from the United States and communicated using the nickname “gimmci”, said “I saw many vulnerabilities in Indonesian sites. […] I’m not saying it’s [that] weak, but, in fact, even government sites can still be hacked,” gimmci said.
The 19-year-old hacker did not disclose which specific sites he hacked, but gimmci claimed that he was holding more than 130,000 Indonesian databases consisting of ID card photos, family card pictures, tax IDs and much more, which he garnered illegally from a job-hunting platform.