Hackers have defaced more than 12 government
websites in Indonesia following the arrest of an alleged hacker in East Java
this month. Analysts say weak security and strong solidarity among underground
hacker networks is at the heart of the problem. In one of the world’s most
social-media savvy countries, the online group ‘Anonymous Indonesia’ has been
drawing attention in recent days.
In a matter of hours, the group brought down the websites of seven government ministries and that of the national police. Instead of the official pages, web users were greeted by a cloaked figure alongside the catchphrase: ‘No Army Can Stop an Idea.’ The coordinated hack is seen as retaliation for the arrest of 22-year-old Wildan Yani Ashari, who hacked the president’s website earlier in January.
A social media lecturer who focuses on underground online movements, Donny Bu says solidarity among Indonesian hackers is strong. “Even if you don’t know the other hackers, if one of them is from the underground community, or an underground hacker is arrested and becomes quote unquote ‘famous,’ on the media, then the others, underground community, will use that issue to voice their statement,” he said. Anonymous Indonesia and its supporters have rallied against his arrest on twitter and other social media networks. They say it is unfair that Wildan faces up to five years in prison when corrupt officials regularly walk away with much lighter sentences.
An employee of an Internet cafe in East Java, the 22-year-old is being charged under the 2008 Information and Electronic Transaction Law. Although critics say the penalty for what is essentially a prank is too harsh, Indonesia’s Communications Minister Tifatul Sembiring said Wildan must be appropriately punished. “They [Indonesian online community] try to compare for the punishment for the corrupters and punishment for the hacker… It is a serious problem because, you know, if the policeman or the court not punish this guy maybe other hackers will try to do something that will disturb our Internet network,” he explained. The minister says there were 36.6 million incidents of hacking against the government in 2012. But, cyber security analysts say that most of these incidents are cases of ‘online graffiti’, pranks committed by juveniles. Few are involved in more serious crimes such as e-commerce fraud, says cyber analyst Budi Rahardjo.
“Hacking in Indonesia is common, just like in other places in the world, mostly done by youngsters trying to establish themselves,” he added. “Most of them just hack websites just to show themselves but, other than that, they don’t do other harms.” Rahardjo admits that many government websites are not secure and an easy target for low-skilled hackers. However, he says, these days you do not have to be a sophisticated programmer or skillful hacker to paralyze government websites. Communications Minister Tifatul Sembiring says he has a team working 24 hours a day to secure the firewalls of government sites.
People like [internet founder] Tim Berners-Lee argue that their idea of the internet is a place where people can interact and do so with freedom. Every time a group like Anonymous gets involved, people cringe because it’s self-defeating – these attacks are partly what these changes [the introduction of SOPA] are meant to reduce: the lawlessness of the internet. The attacks are being perpetrated by a collective of more than 5,000 internet users, apparently using more than 27,000 computers to set up a distributed denial of service (DDoS) attack.
In a DDoS attack, many users attempt to access the same website at the same time, hoping to crash the target website under the increased traffic load. But according to Dr Mark Gregory, such attacks are unlikely to cause any lasting damage. “The point of a distributed denial of service attack is that it’s going to work for a short period of time until the website’s defences kick in; defences such as blocking the IP address ranges where the attacks are coming from”, Dr Gregory said”. I imagine they [the Deparment of Justice, the FBI etc.] are more worried by being seen to be the target of the attack – that they’re the bad guys – than they are of the technical aspects of the attack.”
The Megaupload shutdown comes only a day after Wikipedia, reddit and several other websites staged a voluntary blackout to protest against the SOPA bills. A recent survey by the Ponemon Institute showed the average cost of cyber crime for U.S. retail stores more than doubled from 2013 to an annual average of $8.6 million per company in 2014. The annual average cost per company of successful cyber attacks increased to $20.8 million in financial services, $14.5 million in the technology sector, and $12.7 million in communications industries.
This paper lists known cyber attacks on private U.S. companies since the beginning of 2014. (A companion paper discussed cyber breaches in the federal government.) By its very nature, a list of this sort is incomplete. The scope of many attacks is not fully known. For example, in July, the U.S. Computer Emergency Readiness Team issued an advisory that more than 1,000 U.S. businesses have been affected by the Backoff malware, which targets point-of-sale (POS) systems used by most retail industries. These attacks targeted administrative and customer data and, in some cases, financial data.