Bjorka, the Online Hacker Trying To Take Down the Indonesian Government


The nation’s cyber defenses have glaring holes that the as-yet-unidentified perpetrator has brought to light through a string of high-profile intrusions.

When news of a sizable data leak first appeared at the beginning of September, Indonesia learned about the hacker now known as Bjorka for the first time.

On a dark web online market, over 1.3 billion SIM card registration credentials were stolen and put up for sale. The legislative change in 2017 that mandated that everyone using an Indonesian SIM card register it in their name using their identity card, known as a KTP, and their family card, known as a KK, led to the collection of the data in part.

The story might not have gotten much attention if the leaks had stopped there or if Bjorka, who appear to have borrowed their name from the Icelandic musician Bjork, had posted more online information that appeared to be done only for financial gain. However, Bjorka has developed something of a cult following online in the weeks following the data release thanks to an unusual personal history and a string of disagreements with the increasingly irate Indonesian government.

“I just wanted to point out how easy it is for me to get into various doors due to a terrible data protection policy. Primarily if it is managed by the government,” Bjorka posted on Twitter on September 10, using the now-suspended account @Bjorkanism.

The hacker wasn’t wrong.

According to research analyst Uday Bakhshi, “the case highlights severe shortcomings in Indonesia’s overall approach to cybersecurity over the years, in addition to the obvious issues regarding what data Bjorka actually owns and how the leaks occurred.”

Attacks typically target the public, corporations, and government. Important ministers shouldn’t be defending the Bjorka leaks, he continued.

The Indonesian government attempted to minimize Bjorka’s hacking efforts in the days following the initial SIM card data leak, and Semuel Abrijani Pangerapan, the director general of informatics applications at the Ministry of Communication and Information, made an effort to reason with any would-be hackers.

“If you can, don’t attack. Every time data is leaked, the people lose out, because that’s illegal access,” Pangerapan said at a press conference on September 5.  “If you want to embarrass the government, find other ways to do it.”

Bjorka’s reply was succinct: “My message to the Indonesian government: Stop being an idiot.”

 

Fact or Fiction?

Despite many account suspensions, Bjorka has continued to post content on Twitter, doxxing a number of Indonesian politicians and ministers while also making fun of others, such as the speaker of the parliament, Puan Maharani, and the minister of state-owned enterprises, Erick Thohir.

Bjorka has criticized politicians for, among other things, the rising cost of petrol, which has sparked demonstrations across the nation. This has given the mysterious person a sort of Robin Hood status as a stand-in for the people holding the government accountable, especially after they threatened to release a database of information about Pertamina, the state-owned oil and gas company of Indonesia, that was likely obtained through hacking.

Despite many account suspensions, Bjorka has continued to post content on Twitter, doxxing a number of Indonesian politicians and ministers while also making fun of others, such as the speaker of the parliament, Puan Maharani, and the minister of state-owned enterprises, Erick Thohir.

Bjorka has criticized politicians for, among other things, the rising cost of petrol, which has sparked demonstrations across the nation. This has given the mysterious person a sort of Robin Hood status as a stand-in for the people holding the government accountable, especially after they threatened to release a database of information about Pertamina, the state-owned oil and gas company of Indonesia, that was likely obtained through hacking.

“I did this for him,” Bjorka added of his recent data leaks.

Bjorka also said that their “friend” had left Indonesia as a result of the “1965 policy”—an apparent allusion to the anti-communist purges of 1965 and 1966, which caused tens of thousands of intellectuals, academics, activists, and political figures to flee the nation after mass executions of people thought to be sympathizers with the communist cause. According to estimates, between 500,000 and 1 million individuals perished during the anti-communist purges.

Although impossible to confirm, this interesting backstory gave Bjorka’s most recent hacks a decidedly political flavor.

Analysts told The Diplomat that in addition to the online mischief, Bjorka’s antics also bring to light the more serious issue of Indonesia’s lack of cybersecurity readiness.

By demonstrating how “easy” it is to access personal data across databases, Bjorka has exposed the weaknesses in our data protection mechanism and laws, according to Beltsazar Krisetya, a researcher at the Department of Politics and Social Change at the Centre for Strategic and International Studies who specializes in cybersecurity issues.

“What the government has done in response to the attack, ironically, exposes such vulnerabilities even further.”


RELATED: Deadline Looms for Indonesia’s Harsh New Internet Content Restrictions

https://thediplomat.com/2022/07/deadline-looms-for-indonesias-harsh-new-internet-content-restrictions/


The National Cyber and Crypto Agency (BSSN), the Ministry of Communication and Information (Kominfo), the Indonesian National Police (Polri), and the Indonesian Intelligence Agency (BIN) have been assembled as a data protection task force by the government, which Krisetya claimed went against the very purpose of the agency’s establishment in 2017—to eliminate duplication of authority among government institutions handling cybersecurity issues.

He continued, “The government’s decision to establish yet another authority demonstrates how disjointed our cybersecurity governance is and that none of the existing organizations has the coordinating capacity to respond to cyber incidents.

When contacted by The Diplomat regarding the matter, a spokeswoman for the President’s Office declined to comment.

History of Threats 

Hacking, cybercrime, and data leaks are problems that Indonesia has long faced.

According to Gatria Priyandita, an analyst at the Australian Strategic Policy Institute’s International Cyber Policy Centre, this isn’t Indonesia’s first or last significant data leak. In the end, the government must set an example by guaranteeing that its own cybersecurity infrastructure is capable of protecting the data of regular Indonesians.

Data from more than 17 million State Electricity Company (PLN) consumers was published online at the end of August, and earlier in the same month, private records from more than 21,000 Indonesian companies were also released.

In 2020, 91 million Tokopedia customers’ personal information was sold online, and the following year, hackers obtained the social security numbers of 279 million people.

Many people have complained throughout the years about the Personal Data Protection Bill, a piece of legislation that sat in parliament from 2016 to 2022 and was intended to protect the data of Indonesian individuals.

In response to the recent disclosures, a bill was quickly enacted on Tuesday making it possible for anyone abusing data to face up to six years in prison.

Additionally, a two-year transitional period will be in place until the new law comes into force.

Research analyst Bakhshi said, “The law should not, however, be the only safeguard against cybersecurity threats; there needs to be better awareness and a shift in attitudes, among other measures. The government pushed through the Personal Data Protection Bill, but it should have been approved years ago, not in response to Bjorka.”

Krisetya concurred, telling The Diplomat that bad actors could use leaked personal information, such as names, phone numbers, and dates of birth, for online fraud, harassment, abuse, or even cyberterrorism. She urged the government to take more proactive measures to address these potential consequences.

The government’s resources “appears to be directed towards apprehending Bjorka, instead of addressing our vulnerabilities,” he continued, adding that current objectives may seem out of touch.

On its side, the government has detained a suspect in the matter, a vendor of iced beverages from Madiun, East Java.

The family doesn’t have a laptop or home internet, the man’s mother claims, but authorities last week accused Muhammad Agung Hidayatullah, 21, of assisting Bjorka in setting up a Telegram channel. This development has only heightened public interest in the matter as Hidayatullah has now acknowledged that he sold his Telegram channel to Bjorka or his administrators but denies being a member of the hacker’s “team.”

It is unclear whether the hacker known as Bjorka is an Indonesian national or even whether they are in the nation, which might provide a problem if the police want to prosecute them. This uncertainty has added to the commotion around the case.

Kosman Samosir, a lecturer in international law at Santo Thomas Catholic University in Medan, claimed that the real question at hand was one of jurisdiction. If Bjorka is outside of the country, they would need to be extradited to Indonesia, which is a difficult process.

Any requests for extradition would rely on whether Bjorka was living in a nation with which Indonesia had an extradition agreement and whether Indonesian authorities could establish a solid case against them to justify any such request.

Last Wednesday, Mahfud MD, the Coordinating Minister for Legal, Political, and Security Affairs, stated that the authorities are making great efforts to identify the hacker and are exploring a number of legitimate leads in the case. Bjorka called this remark “total crap” on social media.

In light of recent events, analyst Priyandita stated: “The government’s failure to preserve the billions of data allegedly exposed in the Bjorka assaults demonstrate the lack of interest and political will in the data security of ordinary Indonesians.”

The government’s response to dangers in cyberspace has so far shown how receptive the government has been to them.


REFERENCES:

By: Miss Cherry May Timbol – Independent Reporter

You can support my work directly on Patreon or Paypal
http://patreon.com/cherrymtimbol
http://Paypal.Me/cherrymtimbol
Contact by mail: cherrymtimbol@newscats.org
Contact by mail: timbolcherrymay@gmail.com

 

100% Data Tampering

Ad