Indonesian government blocks hacking forum after data leak
The Indonesian government has blocked access inside its borders to Raid Forums, a well-known cybercrime hub, in an attempt to limit the spread of a sensitive data leak.
The ban, which the government wants internet service providers to implement, comes after a threat actor claimed in a Raid Forums post on May 12 to be in possession and selling the personal data of 279 million Indonesians.
The threat actor, an individual known as Kotz, leaked a sample of one million citizens' details to prove their claims.
The leaked data included citizen names, national ID numbers, tax registration information, mobile phone numbers, and for some citizens also came with headshots and salary-related information.
And here we go. Full data of the entire country’s population. Including salaries and data of dead people. Personal data protec whaaaaaaat?? pic.twitter.com/yZpWp6xTe8
— Nuice Media (@nuicemedia) May 20, 2021
Albeit the data was deemed to contain some outdated information, along with the details of deceased persons (hence the total number of 279 million being larger than Indonesia's current census of 273 million citizens), local Indonesian reporters found the data to be authentic.
The Indonesian government confirmed the leak's authenticity last week in a press release from the Communications and Information Ministry (Kominfo).
The agency confirmed that a random check of the one million sample found authentic data and started an investigation together with the National Cyber and Crypto Agency (BSSN) and the Social Security Administrator for Health (BPJS).
Officials appear to believe the data might have originated from the BPJS, but this has yet to be confirmed.
In the meantime, the government ordered ISPs to block access to the Raid Forums site, but also to bayfiles.com, mega.nz, and anonfiles.com URLs where the sample data was hosted and offered for download.
Nonetheless, the decision to ban access to the site and the download links was widely ridiculed last week, as the government's DNS-based blocklist can be easily circumvented with something as simple as a proxy or VPN application.
Kominfo has blocked Raid Forums to prevent future uploads and sharing of Indonesian consumer or user data.
— Nuice Media (@nuicemedia) May 22, 2021
Have they not heard of TOR browser and VPN? Also, as if that’s going to stop the actual breaches and the leaks. pic.twitter.com/38gVPjyClD
Meanwhile, the forum post advertising the Indonesian citizen database was deleted last week, shortly after the government's ban. It is unclear if the topic was deleted by Kotz or the forum's administrators.
But while Jakarta officials appear to have confirmed the leak, rumors and clues of a massive Indonesian government hack have been circulating since earl 2020.
At the time, another threat actor leaked the details of 2.3 million Indonesian voters and similarly claimed to be in possession of a database containing the personal records of more than 200 million Indonesians. The General Election Commission (KPU) confirmed the authenticity of the 2.3 million sample, which it traced back to 2013, but did not confirm the larger breach.
Catalin Cimpanu
is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.