Indonesia is a country with a history of turbulence and cyber insecurity. In 2017 alone, the nation was hit by a series of major crises, including the imprisonment of Jakarta’s mayor for blasphemy against the Quran, the aggressive spread of ISIS throughout the provinces, and the arrest of Indonesian national Siti Aisyah in connection with the assassination of Kim Jong-nam. In addition to these incidents, the Wannacry attack hit two major hospitals in the country, endangering thousands of people’s lives and costing the global economy an estimated $8 billion.
Despite these challenges, Indonesia is poised to become a major global player, with the GDP predicted to reach $10.1 trillion by 2030, making it the world’s fourth-largest economy. This rapid growth will require significant investments in digital infrastructure, which will greatly increase the country’s attack surface.
Recent records show that Indonesia’s government and businesses have frequently been targeted by hackers, with motives ranging from hacktivism to cybercrime and even nation-state attacks. In this article, we provide an overview of some of the most significant cyber incidents in Indonesia.
2020
In 2020, Indonesian e-commerce marketplace Tokopedia suffered a cyber attack resulting in the theft of 15 million records. Also in 2020, a data breach in the Covid-19 test-and-trace mobile app potentially affected 1.3 million users.
2019
Ride-hailing app Gojek exposed major security flaws. In 2019, the Indonesian Universal Healthcare Program leaked social security data of 279 million people.
In February and March of 2019, the country’s electoral system was under attack before the general elections, with groups from China and Russia attempting to disrupt the process and influence the results by creating fake voter identities. Fake news was also spread on social media and instant messaging platforms, often playing on the society’s soft spot of nationalism. Although there were six deaths in violent protests following the election, there were no significant cybersecurity incidents associated with it.
In March 2019, Bukalapak, one of Indonesia’s leading e-commerce sites, confirmed that it had been hacked, along with several other companies, including YouthManual. Stolen information from Bukalapak was put up for sale on the dark web for $5,000, with 13 million accounts being compromised. YouthManual, meanwhile, had 1.12 million user accounts stolen, with information including names, emails, addresses, date of birth, and in some cases, profile pictures and phone numbers.
2018
In June 2018, a pro-Islamic State cyber group called United Cyber Caliphate (UCC) claimed responsibility for hacking 213 websites across Indonesia, South Korea, Thailand, and the Philippines. The attack was part of a broader effort that took down around 500 other websites, including social media profiles, via a DDoS attack.
2017
Finally, in May 2017, Indonesia was hit by the global Wannacry outbreak, with Dharmais Hospital and Universitas Jember being among the twelve organizations affected. Dharmais Hospital, Indonesia’s largest cancer hospital, was partially affected but was able to minimize the damage due to solid security practices and regular data backups. Jember University’s IT system was also hit, but the outbreak was isolated and dealt with before it caused significant damage.
Summary
Indonesia has faced significant cybersecurity challenges over the years, including attacks on its electoral system, e-commerce platforms, and even hospitals. With its economy rapidly growing and becoming more digital, it is likely that Indonesia will continue to be a target for cybercriminals and state-sponsored hackers.
To address these challenges, the government and businesses in Indonesia must prioritize cybersecurity and invest in the necessary infrastructure, training, and technology to protect themselves and their citizens. This includes improving their digital defenses and adopting best practices such as regularly backing up data, using strong passwords, and keeping software up to date.
If you are an Indonesian citizen or business owner, take steps to secure your digital assets and protect yourself from cyber threats. This includes regularly updating your software and security systems, using strong passwords and two-factor authentication, and being cautious about clicking on suspicious links or downloading attachments from unknown sources.
