Hackers behind recent data breaches disclose their modus operandi and goals

Data breaches have been recurring events in Indonesia over the past few years, with the private data of millions of internet users being leaked again and again, whether from government institutions or private corporations.

The most recent breaches were revealed in an online forum called breached.to, where millions of data entries were either sold or distributed for free within a short span of under three weeks from Aug. 15 to 31.

“Indonesia's cybersecurity is really awful, I think it's run by 14-year-olds,” said Xerxes (a pseudonym), one of the hackers who claimed to come from Europe.

The 21-year-old hacker said he had cracked the security of an unknown trading and business-to-business (B2B) marketplace platform, from which he stole nearly 500,000 users’ data, and more than 1 million company user databases and documents.

Based on IBM’s Threat Intelligence Index 2022, ransomware accounted for 21 percent of total attacks in 2021 and Interpol ranked Indonesia first in Southeast Asia with 1.3 million cases of ransomware, according to the ASEAN Cyberthreat Assessment in 2021.

Xerxes revealed that he undertook the hacking of a few Indonesian companies (that he declined to disclose) last December and discovered the vulnerability by accident, from whence he managed to gain direct access to the Structured Query Language (SQL) of the sites.

Popular

Jokowi’s influence casts shadow on Prabowo administration

Indonesia issues permits for five Apple iPhone 16 models

Indonesia plans launch of forestry-based carbon offset trade soon