I figured it was time to stop reeling from all of the news about what’s going on with the various Doge Data Disasters, and get back to what >Trace is all about: weird little finds.
Follow my main body of work on TheMoloch.com.
I do not feel comfortable giving Substack a portion of your money for reasons. Feel free to join the Substack newsletter for the reminders, but I don’t plan on having any exclusive content here.
Support Financially or Subscribe to the Steady Newsletter
Donate to Mark on Buy Me A Coffee
Follow On Other Platforms
And one of the most interesting finds I’ve discovered in several days is that, Indonesian targets have experienced a ridiculous amount of alleged data leaks and breaches in the past four weeks. Over a hundred, if all of the claims can be believed (to be fair, I generally don’t).
Some of the biggest hits:
February 7th, Indonesian General Elections Commission (KPU) – Alleged Database Leak
This is huge if true, as it involves Indonesia’s commission responsible for overseeing elections. There could be severe implications for identity theft, voter security, and potential electoral interference.
The compromised data sample includes a significant amount of PII. Photos, full names, addresses, phone numbers, regional ids, maiden names, national id numbers, place of birth, date of birth, age, gender, disability records, and more.
February 12th, Bank Indonesia – Alleged Database Leak
Bank Indonesia is the country’s central bank, making this a critical financial sector breach with potentially widespread economic implications.
This dataset includes a sample that contains highly sensitive PII. It includes national id numbers, family info, full names, birthplaces, birthdates, gender identifiers, addresses, religion, marital status, education level, occupation, and more. Everything you need for deep identity theft.
If this checks out, it poses a significant risk for identity theft, financial fraud, and targeted cyberattacks.
Also, in favor of this risk being real, the person who posted the data has been vetted within their community as being a high-quality source.
That said, Bank Indonesia has been breached in the past. It’s definitely within the realm of possibility that the data leaker is “padding”, here.
February 7th Bank Central Asia (BCA) – Alleged Sale of Database and Access
BCA is of Indonesia’s largest private banks, meaning sensitive financial and customer data could be at risk. If it’s legit, it’ll impact both individuals and businesses.
The leaker claims to be selling access to and a database. The compromised data includes 890,000 accounts and 4.9 million databases.
It’s worth pointing out that the screenshot above shows that the (presumably illegitimately accessed) customer account was done so nearly two years ago. This coincides with a previous BCA breach, and the claim of its authenticity might be bullshit.
However, the dataset may not be old enough to be safe to ignore. That said, the person publishing the leak, like the previous one, has high community ratings indicating that they’re considered reliable.
February 7th, Mataram High Court – Alleged Database Leak
This court system breach exposes sensitive legal documents, case details, and PII.
The threat actor, TheSweetNight, claimed to have leaked an 8.1GB database from the court. Samples also contained national id numbers, phone numbers, names, emails, and more. They stated that this is just a demo leak, with over 20GB of additional data up for sale on a tor/darkweb site.
So Wait, Why Indonesia?
I’ll try to keep this short, as I don’t want to get too bogged down in contextual analysis on what’s supposed to be a short-form blog.
Indonesia doesn’t have the greatest track record in the world when it comes to human rights. This includes in the digital domain. Since 2019, numerous civil society groups have accused the government of using cyber tactics to intimidate dissenters.
When a government engages in behavior like this, partiuclarly one that is rapidly growing in its digital footprint, it’s pretty much asking for retalliation from hacktivists and cybercriminals.
This isn’t to say that I endorse every criminal’s actions here, I don’t endorse when hacktivists put civilians in the crossfire, and I certainly don’t endorse cybercriminals taking advantage of this for money. I’m just saying that I can understand it.
Either way, last year saw a number of massive data leak, ransomware, and other cyber incidents against Indonesian government, corporate, and financial entities.
Some Other Recent Examples:
- Brain Cipher Ransomware Incident
- Government E-Visa incident leaks data
- Indonesia’s tax agency probes alleged personal data breach
- Cyber attack compromised Indonesia data centre, ransom sought
When you have this much data flying around, you’d best expect there to be cascading cyber incidents coming from initial access, stolen passwords, or other connected events if you don’t get your cyber infrastructure on lock.