September 18, 2021
The paper says that prior to the latest cyberattack, there were already reports of private data being leaked from various platforms managed by the government.
The Health Ministry’s Indonesian Health Alert Card (eHAC) app, which is used to monitor people’s mobility during the Covid-19 pandemic, was the latest app to fall victim to data leakage, said the paper. PHOTO: PIXABAY
By The Jakarta Post/Asia News Network
JAKARTA – A recent string of cybersecurity threats only shows that Indonesia’s data security system remains vulnerable to attacks and intrusions that endanger not only people’s privacy rights but also the security of the state.
In the latest incident, Mustang Panda, a China-backed group of hackers, was reportedly able to infiltrate the server of the State Intelligence Agency (BIN).
The spy agency naturally rejected such a claim, saying its servers were safe and regularly maintained to ensure their security and reliability.
BIN also said it was cooperating with the Communications and Information Ministry and the National Cyber and Encryption Agency (BSSN) to further investigate the claim.
Insikt Group, an internet security research group owned by The Record, said on Sept 11 it had reported suspected activities to the relevant Indonesian authorities twice in June and July, but none of the reports received any feedback.
Prior to the alleged cyberattack, there were already reports of private data being leaked from various platforms managed by the government.
The Health Ministry’s Indonesian Health Alert Card (eHAC) app, which is used to monitor people’s mobility during the Covid-19 pandemic, was the latest app to fall victim to data leakage.
The incident was first reported by vpnMentor researchers who contacted the Health Ministry in mid-July and again in early August – neither effort received a response.
The group said it found that the personal information of some 1.4 million users, both Indonesians and foreigners, was not protected, as the developer had failed to deploy a proper data privacy protocol.
Communications and Information Minister Johnny G Plate has revealed that 29 state institutions had experienced data leaks in the past three years.
This is a worrying trend, especially as President Joko “Jokowi” Widodo has incessantly been promoting the digitalisation of almost all aspects of life with his penchant for anything digital, from the 4.0 Industrial Revolution to his high praise for unicorn and decacorn start-ups.
During the campaign of his second presidency, Jokowi proudly claimed that any problem in this country could be solved by launching an app.
“It just takes two weeks to develop an app,” he said. But he seemed to have forgotten to keep the backdoor closed. Data leaks, however, are not typical to Jokowi alone.
During the presidency of Susilo Bambang Yudhoyono, a much higher risk took place in that his phone and those of his closest aides were wiretapped by Australia in 2009, news of which did not emerge until 2013.
Then-BIN chief Norman Marciano said Australia had been doing their snooping from 2007 to 2009.
Wiretapping can be done in two ways: physically on the mobile phone itself and by manipulating the telecommunications network.
Nothing short of an espionage blockbuster.
All these incidents demonstrate that Indonesia really has to up its digital defence system because even the mighty United States saw alleged Russian cyberattacks play a role in bringing Donald Trump to the White House.
Going digital is without a doubt the way going forward, as has been proven during the lengthened pandemic.
Cyberattacks, however, also provide an impetus for Indonesia to develop its capabilities in the digital industry – both hardware and software – and to provide and serve data protection, as well as prevent, trace and, if necessary, counterattack any future cyberthreats.