T

he nation’s financial institutions and telecommunications operators are prime targets for hackers seeking fame or looking for financial or political gain, according to local web security experts.

The Indonesia Security Incident Response Team on Internet Infrastructure (ID-SIRTII) said it detected 50 million “suspicious security incidents” last year.

Remote file inclusions (FRI) were the most common form of attack, peaking in August with 300,000 detected attacks, ID-SIRTII said.

FRIs exploit a common vulnerability on websites when a file, remotely placed on the web server through a script, is used to enable denial of service (DoS) attacks or data theft.

Muhammad Salahuddien, the vice chairman of ID-SIRTII, said that banks were among the most vulnerable companies, with more than 11,000 incidents identified last year.

Banks have always been reluctant to reveal losses suffered by cyber attacks and might have lost ”hundreds of billions of rupiah,” Salahuddien said.

The deadliest form of attack in the cyber world, according to Salahuddien, was a distributed denial of service (DDoS) attack, in which a computer system was flooded with data, forcing it to exceed its maximum memory and processor capacity, thus overloading and effectively crippling the system.

“This is also the toughest form of attack to counter.”

Meanwhile, Andrew Ong, the regional sales manager for IT solution provider Radware, said that DDoS attacks could cause websites to become inaccessible, denying service to those who needed it.

“Websites providing Internet banking services could be disrupted if a DDoS attack has been carried out against it,” Andrew said, adding that financial institutions and telecommunication companies were popular targets for hackers.

For example, he said, the Malaysian stock exchange suffered a DDoS attack of its website in February, causing access problems, while the websites of Visa and Mastercard were also similarly attacked in 2010 by hackers reportedly supporting Wikileaks, which said that the credit card companies had unfairly declined to process its payments.

Andrew added that the DDoS attacks could be also used as a “smoke screen”. While those under attack were “busy scrambling” to contain the attack, hackers could insert other viruses into the system.

“And that’s when they start stealing information,” Andrew told The Jakarta Post.

According to ID-SIRTII’s report, there were over 1,000 detected denial of service (DOS) attacks last year.

Andrew added that telecommunication operators “see all forms of attacks” because all Internet traffic had to go through the operators’ bandwidth.

“Even if the attackers are targeting a specific end-user, this [attacker] also has to go through the telecommunication operators.”

Andrew added that data centers were generally able to block attacks but lacked the ability to track down their source.

“A lot of people are still on the learning curve of the security needs of infrastructure, in terms of what are the highest security threats,” he said.

A survey released by Symantec in 2011 said that 45 percent of 100 Indonesian company executives said industrial espionage was their main security concern, followed by security breaches by well-meaning insiders (42 percent) and those perpetrated by malicious insiders (42 percent).

Meanwhile, a report compiled by Pricewaterhouse Cooper Indonesia on perceived fraud risks in 2011 said that 29 percent of bankers surveyed were concerned about identity fraud or theft while 25 percent were most worried about internal collusion (25 percent).