Indonesian Police Data Allegedly Leaked by Brazilian Hackers

Nusantara Pol - Indonesian Police's website was allegedly attacked by hackers from Brazil who previously also hacked the National Cyber and Crypto Agency (BSSN). The cyber crime group claimed that they have leaked 28,000 accounts and personal data.

The alleged data leak is known from a Twitter post by @son1x777, who is part of TheMx0nday hacker group. The same group also defaced Indonesian cyber security agency's website which store malware repository last October. As of Saturday (20/11/2021), the Twitter account had been suspended.

According to Cyberthreat.id, the hacker gained access through a subdomain, namely https://e-rehab.propam.polri.go.id/.

As reported by Kompas  on Friday (19/11/2021), the Directorate of Cybercrime from Criminal Investigation Agency of the Indonesian National Police is investigating the alleged hacking. 

Cyber security words cloud. (Photo: Pixabay)

Cybersecurity expert Pratama Persadha said that the leak was uploaded on Wednesday (17/11/2021) by the same hacker who previously had attacked BSSN's website.

Persadha also added that the hacker provided a download link which allegedly contained a sample of the leaked Indonesian Police personnel database. The hackers provided two files, namely polrileak.txt and polri.sql. The two files contains the same information and the size of each file is 10.27 MB.

"The file contains a lot of important information from personal data of police personnel, for example name, NRP (Main Registration Number), rank, place and date of birth, work unit, position, address, religion, blood type, ethnicity, email, and even phone number. This is clearly dangerous," he said.

Pratama Persadha, who is the chairman of the CISSReC (Communication & Information System Security Research Center) also told Kompas that the leaked data may also contains information related to violations committed by police personnel. He assumed that the attack is also a form of hacktivism and the group is looking for reputation in the community.

According to Persadha, the leaked police personnel database is still up for sale on the RaidForum under the account of "Stars12n".

Persadha elaborated that Indonesian Police had been hacked several times in the past. He also suggests the government to increase cyber security awareness among officials. Persadha also hopes that the upcoming Personal Data Protection Law could be powerful enough to improve personal data security management by private and state institutions.

Hacker Warfare Indonesia vs Brazil

The Brazilian hacker, son1x of the theMx0nday group was interviewed by Andi Nugroho, a journalist from Cyberthreat.id through Telegram (28/10/2021).

The hacker confirmed the BSSN hacking was a retaliation against Indonesian hackers, namely "Panataran" and Hacktivist of Garuda group. 

Son1x claimed to be a 16 year old and joined theMx0nday group since April 2021. The Brazilian hacker stated that he was able to gain access to the Indonesia's cyber security agency through exploits and installed a web shell as a backdoor.

The defaced National Cyber and Crypto Agency. (Photo: CISSReC)

The hacker gained access to the National Malware Center and claimed to also gain deeper access to other subnets connected to the hacked sub domain. However, the hacker stated that he did not steal or alter any data.

Son1x also confirmed that theMx0nday group also defaced Sebelas Maret University faculty of cultural studies' website. The hacker also advised the hacked institution to take cyber security seriously.

Meanwhile, on October 27, 2021, National Cyber and Crypto Agency (BSSN) issued a warning about the increased hacking activities on electronic systems in Indonesia. The agency has advised all institutions to implement anticipatory steps to prevent further attacks and increase vigilance.

The Directorate of Cybersecurity Operations of the BSSN detected indications of an increasing number of cyber attacks carried out by hacker groups that were indicated to be from Brazil. The group targets the electronic systems of various Ministries and Institutions, Military, Academic, and other sectors in Indonesia.