Monday, 2024 November 25

Indonesia sees mysterious, escalating cyber attacks in 2020

Teguh Aprianto is a cybersecurity consultant who founded a community called Ethical Hacker Indonesia in 2018. As its name suggests, the community is a coalition of white hat hackers who identify security weaknesses in the systems of private firms and government institutions before they can be exploited by nefarious parties.

A consistent advocate for internet security, Aprianto has for years posted his findings on Twitter, where he uses the handle @secgron. He analyzes major data breaches in Indonesia, including a breach where hackers stole up to 91 million users’ data from e-commerce giant Tokopedia.

But since August 5, Aprianto’s Twitter account has been suspended. The white hat hacker said he does not know why the site has barred him from tweeting.

“I realized something was wrong when I couldn’t access my Twitter account as it was locked. I filed an appeal to Twitter, but there was no response. I found it strange because I didn’t violate any of Twitter’s rules. The same thing also happened to my Instagram account, so I can only access Facebook for now,” Aprianto told KrASIA.

This is the second time Aprianto lost access to his own social media accounts. In June, his Twitter account was also suspended for several days, not long after he tweeted a thread of his findings on RaidForums, a database breach forum and marketplace used by hackers. Specifically, Aprianto noticed that a user with the handle hojatking claimed to offer access to modify, add, or remove personnel information in the Indonesian police force’s database.

The tweet attracted local media attention and Aprianto was questioned by the police on this matter. It didn’t take long to resolve the issue, and Aprianto moved on with his life.

Or so he thought.

“I realized that my tweets and critiques had been a bit too harsh lately and they might bother and annoy some people,” the hacker said. When asked about who might have filed complaints that would lead to his account’s suspensions, Aprianto didn’t point any fingers, but he did say that he is concerned that some people have become the subjects of controversy after they posted controversial tweets. “I think this kind of problem has been quite common in Indonesia lately, so it looks like we now live in this era [where speech is restricted].”

Twitter may suspend accounts for several reasons. Most commonly, the company removes access to accounts that violate its community guidelines, such as by disseminating content related to terrorism, child exploitation, the glorification of violence, or the sale of illegal or regulated goods and services.

In addition, government and law enforcement agencies in any country may file requests or legal demands to ban certain content or specific accounts. Twitter and Facebook issue transparency reports regularly, showing the number of requests they receive from state entities to remove posts.

According to Twitter’s transparency removal requests from July to December 2019, the platform received five demands from Indonesian authorities, which cited an unusually large number of registered users in each request, totaling 42,550 accounts. Twitter determined that roughly 90% of the reported content did not violate its terms of service.

kr asia community

Read this: ‘This is just a warning from me’ | How Grab and Gojek are utilized to intimidate activists in Indonesia

“From the report, we can see that the government sends out requests quite often,” Damar Juniarto, executive director of Safenet, told KrASIA. Safenet, or the Southeast Asia Freedom of Expression Network, is an official partner of Twitter, Google, and Facebook in Indonesia, where it advises these companies and monitors digital rights violations.

Juniarto said he himself was included in a government request for content removal two years ago. He immediately appealed to Twitter and managed to save his account.

Safenet communicates with Twitter, Google, and Facebook to ensure that all parties agree on how to navigate government requests to take down content or accounts: they must adhere to the UN’s Declaration of Human Rights, specifically regarding freedom of speech. “We certainly hope that the platforms remain neutral, are not influenced by political pressure, and stick to these international references. If there is a special request because someone is considered a traitor and endangers the country, for example, it must be proven through the court,” Juniarto said.

Responding to KrASIA’s inquiries, Twitter said that it will take direct action if it is made aware of cases where accounts are compromised by malicious parties. The platform said the most effective way to prevent users’ accounts from being hacked is to activate two-factor authentication and password reset verification. The company referred to its Twitter Rules for descriptions of circumstances that may lead to account suspensions. Repeated violations of the rules may lead to permanent suspension.

Increasingly frequent cyber attacks targeting activists and journalists

Some of Indonesia’s activists and journalists have had problems with their social media accounts recently. In July, Indonesia Corruption Watch reported that someone had attempted to hack their Instagram and Telegram accounts. A few days ago, the Twitter account of an epidemiologist named Pandu Riono was hacked and suspended after he criticized the government’s handling of the COVID-19 pandemic. News websites Tempo.co and Tirto.id have also fallen victims to hacks earlier this month, not long after they published reports that included criticisms of government policies.

Safenet has evaluated these incidents and determined that they can be categorized as targeted cyber threats, which refer to continuous efforts to infiltrate network devices and infrastructure. The organization recorded at least 29 targeted cyber attacks this year. Six of them happened in August.

“We found these threats targeting risk groups such as journalists, academics, anti-corruption activists, human right defenders, and so forth. These attacks are motivated by political goals and usually get more rampant when there are hot issues happening, such as the controversy of the omnibus law draft and the current COVID-19 crisis,” Safenet’s Juniarto said, adding that social media hacks are the most common type of attack. The omnibus bill was drafted by the Indonesian government to regulate multiple business sectors. Proponents say the law would make it easier to do business in Indonesia and attract higher levels of foreign investment. However, critics say it undermines workers’ rights.

Read this: Tokopedia rolls out fintech lending service amid data breach investigation

The perpetrators behind these violations are likely those who are offended or even impacted by the victims’ criticism. Safenet “strongly condemns” the proliferation of politically motivated digital intrusions that impact the personal safety of activists and journalists. Unfortunately, such cases are not seen as a priority for the authorities, said Juniarto, whose organization has accompanied the victims to report these cases to the police. Investigations have proceeded very slowly.

Safenet also reported the cases to the national commission of human rights, since these incursions violate the victims’ freedom of speech.

“We communicate with the people’s representative council in commission III, which is responsible for the issues of human rights, law, and legislation, as well as security affairs. We also got in touch with the Indonesian ombudsman and national police commission, as we hope to find the solution to this problem. However, it seems that not everyone understands the danger of cyber attacks and how they can hurt the principle of democracy and fair governance,” Juniarto said.

Meanwhile, the IT ministry has asked the public and media outlets not to accuse the government of directing these hacks without citing hard evidence. In a discussion session with Tempo about “silencing criticism during the pandemic” on Thursday, the director-general of applications and information at the ministry, Semuel Abrijani Pangerapan, said that the government is open to helping to solve these cases by deploying its digital forensic experts, as long as victims report the complaint.

Most social media users, like Aprianto, believe that the platforms they log on to are places for open, direct, respectful discussions. “My intention [of using social media] is to educate people about the importance of protecting their data and privacy on the internet, and continuously remind companies and organizations to be optimal in protecting their users’ data,” the white hat hacker said.

“I hope the government will do something about these [cyber attacks] to ensure everyone has the opportunity to speak and express themselves through digital platforms.”

Note: This article was updated on September 2 to include a response from Twitter.

Khamila Mulia
Khamila Mulia
Khamila Mulia is a seasoned tech journalist of KrASIA based in Indonesia, covering the vibrant innovation ecosystem in Southeast Asia.
MORE FROM AUTHOR

Related Read