Cyber Pirate Hacks Indonesia’s Top Officials to Highlight Breaches
Officials stymied by mysterious figure
A cagy figure nicknamed Bjorka over the past month has been running the Indonesian government in circles, hacking and disseminating millions of items of personal information, some from the country’s most senior officials and including correspondence purported to be to President Joko Widodo from his intelligence agency, and saying the government is made up of idiots. The palace and the agency denied the claims.
The government has responded by setting up a special task force to clean up the country’s shambolic data protection system and under the pressure the House of Representatives has moved on a long-stalled data protection bill, while continuing to be ridiculed by the hacker.
At one point, the police arrested a 21-year-old iced tea drinks seller with the initials MAH who was suspected of being Bjorka. However, it turned out that MAH, who has no hacking skills, was only the owner of a channel that Bjorka bought to upload his content. He admitted to selling his account to the hacker for US$100, paid in bitcoin.
Bjorka, who claims to live in Warsaw, Poland, began to attract media attention at the end of August after uploading and trading millions of Indonesian citizens’ data entries on the online forum “breached.co” The data include 91 million Tokopedia customer entries, 270 million Wattpad social media users, 26 million Indihome users, 1.3 billion SIM Card registrations, and data on 105 million voters from the General Elections Commission (KPU).
A growing number of social media users, especially on Twitter, support Bjorka's actions for calling attention to the fact that Indonesia is among the world’s top 10 countries for data leak cases, with relevant authorities considered incompetent to handle the thefts.
Semuel Abrijani Pangerapan, a spokesperson for the Directorate General of Informatics Applications of the Ministry of Communication and Information (Kominfo) made matters worse by telling reporters the hackers are harmless, because "if possible (they) do not attack because it will harm the community."
That response provoked scorn from Bjorka and social media users, who called it shallow and hardly reflecting an authority with the power and dignity to fight crime.
"Stop being an idiot," Bjorka responded to Kominfo on Breached.to.
Bjorka has expanded his presence on Telegram and Twitter, attracting attention especially among young social media users. For each of his channels, he uses a profile photo of music covers by the Islandic musician Bjork. He wrote "Yea, catch me if you can" in the caption of his Twitter profile @bjorkanism, which has now been suspended.
"This country has been run arbitrarily for far too long and without any opposition,” he tweeted before his account was suspended. “Those who are criticized are permanently removed in the wrong way. Various ways have been done, including the correct way. Did it work? So I choose to be a martyr to make a change by slapping their face."
On his social media channels, Bjorka “doxed” a number of public officials, uploading mobile phone numbers, addresses, and vaccination status. The officials included the Minister of Communication and Information Johnny G. Plate, the chairman of the House of Representatives Puan Maharani, the governor of Jakarta Anies Baswedan, and the Coordinating Minister for Maritime Affairs and Investment, Luhut Binsar Pandjaitan.
Bjorka also shared personal information about Muchdi PR, a former military officer and now a politician, who is suspected of being the mastermind behind the murder of human rights activist Munir Said Thalib. Muchdi was brought before the court for his role in the murder case but was acquitted.
"I just wanted to point out how easy it is for me to get into various doors due to a terrible data protection policy,” he tweeted, “primarily if it is managed by the government. I have a good Indonesian friend in Warsaw, and he told me a lot about how messed up Indonesia is. I did this for him."
Bjorka’s appearance has sparked pros and cons among Twitter users. Some suspect that his or her appearance is only an attempt by unknown parties as a diversion from important issues bedeviling the government. But for those who are fed up with official performance regarding the protection of public data, support for Bjorka, whoever it is, is satisfaction in itself. According to data from cybersecurity company Surfshark, 1.04 million accounts experienced data leaks in Indonesia during the second quarter of 2022, up 143 percent from the first quarter, ranking Indonesia ranked eighth in terms of the number of global cyberattacks and ranking it first in Southeast Asia.
TRANSLATION: What #Bjorka did 'wrong under the law?' So why do so many people want #bjorkanism to be the winner? In fact, many are 'sick' of seeing 'authority' (government) so that (the public) justifies and supports #Bjorka even in the wrong way.
In the midst of Bjorka's attacks and public ridicule, Jokowi formed a special team to address the data leak claims, racing against hackers who are increasingly able to steal massive amounts of public data. Many were disappointed by the government's attitude which only acted after the personal data of state officials was breached and shared.
The House of Representatives also finally moved to ratify the Personal Data Protection Bill which has been discussed since 2020. This new rule is expected to be a shield for the public, government and private sector from theft and misuse of personal data. Some of the things regulated in the Act are the imposition of fines on data management institutions that experience data leakage, as well as selling or buying personal data which can be punished with five years or a fine of Rp50 billion.
Coordinating Minister for Political, Legal and Human Rights Mahfud MD recently said the police know Bjorka’s identity and are hunting for him. Bjorka, Mahfud said, had a political motive, to show that the government was weak. Mahfud said no state secrets had been leaked, because all the data that the hackers shared was available on the internet.
Through breached.co, Bjorka sneered at the police for having wrongly arrested people after receiving misinformation from the dark web intelligence platform DarkTracer. He also claimed to have received information from someone who works in the state palace that Plate, the Minister of Communications and Informatics, would be removed by Jokowi.
"Make sure the replacement is a tech-savvy person, not an idiot from the party, politician, or armed force, because all of that will be for nothing," he wrote.