Ransomware on Indonesian PDNS (Indonesia Temporary National Data Center)

pantaiema

Well-Known Member
Cager
Joined
Apr 15, 2022
Messages
1,422
https://www.cnnindonesia.com/teknol...Z3YTEE9sCp2p5b62CU_aem_4MXup49w9nK1nY8yPJ_M0w PDNS Data Leak Facts, Mastermind and Ransom Amount

https://nasional.kompas.com/read/20...k-akan-bayar-permintaan-tebusan-8-juta-dollar Minister of Communication and Information: Government Will Not Pay Ransom Demand of 8 Million Dollars from PDN Hackers

Good to know. What will they do to prevent this from happening in the future? Have the people responsible for maintaining this data center been held accountable?
 
The wonders of the internet and fantastic computers arelooking more and more like a swamp. Step in at your peril.
1719453003697.png
 
I took at look at the ransomware group - they have attacked a bunch of targets all over the world.
I'd be willing to bet they get in with infected emails to idiots without the common sense not to open them.
 
I took at look at the ransomware group - they have attacked a bunch of targets all over the world.
I'd be willing to bet they get in with infected emails to idiots without the common sense not to open them.
"Idiots".... Mmmm never in your professionnal life you opened an attachment in an email ?
Never downloaded any update to some program or application ?
 
"Idiots".... Mmmm never in your professionnal life you opened an attachment in an email ?
Never downloaded any update to some program or application ?
They immediately blamed it on a temp worker. Seems to always move blame down the ladder. The fact that Indonesia sucks at securing their systems has nothing to do with it. Leave your car door open with keys in the ignition and when it gets stolen, blame the cat,
 
"Idiots".... Mmmm never in your professionnal life you opened an attachment in an email ?
Never downloaded any update to some program or application ?
All cyber security experts know that the weakest link in security is ... the employees.
Responsibilities are split between the cloud service customer (i.e. the owner of the data in the primary process) and the cloud service provider.

Check ISO 27017 "Code of practice for information security control".

Introduction
The guidelines contained within this Recommendation | International Standard are in addition to and complement the guidelines given in ISO/IEC 27002.
Specifically, this Recommendation | International Standard provides guidelines supporting the implementation of information security controls for cloud service customers and cloud service providers. Some guidelines are for cloud service customers who implement the controls, and others are for cloud service providers to support the implementation of those controls. The selection of appropriate information security controls and the application of the implementation guidance provided, will depend on a risk assessment and any legal, contractual, regulatory or other cloud-sector specific information security requirements. ......
 
Last edited:
All cyber security experts know that the weakest link in security is ... the employees.
Responsibilities are split between the cloud service customer (i.e. the owner of the data in the primary process) and the cloud service provider.

Check ISO 27017 "Code of practice for information security control".

Introduction
The guidelines contained within this Recommendation | International Standard are in addition to and complement the guidelines given in ISO/IEC 27002.
Specifically, this Recommendation | International Standard provides guidelines supporting the implementation of information security controls for cloud service customers and cloud service providers. Some guidelines are for cloud service customers who implement the controls, and others are for cloud service providers to support the implementation of those controls. The selection of appropriate information security controls and the application of the implementation guidance provided, will depend on a risk assessment and any legal, contractual, regulatory or other cloud-sector specific information security requirements. ......
But you didn't answer the question ....
 
But you didn't answer the question ....
In an "IT-management controlled environment", like an government organization employees cannot or are not allowed to download apps or click on unsafe links ... however this still happens.
 
Last edited:
Of course you can’t solely blame the staff and employees.

Now it seems the backup & recovery solutions are very diverse and not standardized, depending on ministry, department and even system.

And that in a country that loves formal processes and where SOP’s (Standar Operasional Prosedur 🙄 they call it here) are a big trend.
 
"Idiots".... Mmmm never in your professionnal life you opened an attachment in an email ?
Never downloaded any update to some program or application ?
For the email - Once with bad results.
I downloaded a duff attachment that messed me up until I got rid of it. The thing loaded a virus but it was a piss poor job I managed to clear after visiting a few anti-hacker sites.
I make mistakes, but I try not to make the same one twice.

For the updates - Never.
My computers and phones are tools. That means they get apps they need to do my work, but nothing else.
I have a PC just for work. It has Chrome for the internet, and a legal version of PowerPoint so I can make presentations. I have audio and video editors, and Coreldraw, but nothing else.
My office uses Google's suite of tools so everything else is on Chromebooks for speed and ease. I have to use PowerPoint as presentations commonly have audio and video components, but I can't guarantee stable internet so Google Slides presentations don't always work offline.
Updates aren't an issue if you don't download dodgy software.

My personal stuff gets what I need and nothing else. Most of the apps on those machines are Google or very well known apps that are considered safe. No games, no porn, and no gambling.
I don't mix work and personal machines so there is no crossover at all.
I can't access personal files from my work computers, nor can I access work on my personal devices.

That means I carry two phones, both Samsung S series. A slight downside, but not a major one. Having the S21 for work means I can pop it onto a monitor and have a full desktop (DeX) if I need to access work files from home. The same goes in reverse at work. If I need to send a personal email or whatever, I can pop my S22 onto my desk monitor and I have desktop access to all my personal stuff.
 
Of course you can’t solely blame the staff and employees.
Partially, but most is likely down to lax standards. If you don't regulate or provide the required equipment, you will always leave yourself open to problems.
I read some of the hacked files from that hacker forum that became famous for a while. Most of the hacks on there were allowed by poor security. Passwords like '12345678' and 'password' were commonplace in big organisations.
The employees were clearly stupid, but the bosses didn't do anything about it.
 
If you have a bookkeeper or clerk working with a system, that person will never have (database or system) administrator access rights.

We had a young dude once working in our sys admin department, working overtime. With all training and SOP’s in place, he did not see anything wrong with giving access to his remote friends to play some games….
 
If you have a bookkeeper or clerk working with a system, that person will never have (database or system) administrator access rights.

We had a young dude once working in our sys admin department, working overtime. With all training and SOP’s in place, he did not see anything wrong with giving access to his remote friends to play some games….
That's why there should be no mixing between personal and work systems.
 
Of course you can’t solely blame the staff and employees.

Now it seems the backup & recovery solutions are very diverse and not standardized, depending on ministry, department and even system.

And that in a country that loves formal processes and where SOP’s (Standar Operasional Prosedur 🙄 they call it here) are a big trend.
This datacenter, as far as I understand, is a temporary datacenter. What ever that means.
I think they chose for the cheapest backup/recovery solution: active-passive, meaning when the active datacenter gets compromised, they partially have to manually get the systems and datasets online.
 
Glad there is still a person who want to come forward criticizing with this mentality
https://nasional.kompas.com/read/20...nggung-jawab-penuh-atas-peretasan-pdn-anggota Regretting that no party is fully responsible for the PDN hack, DPR members: This is a matter of the mentality of our officials... Kompas.com - 06/29/2024

However, criticism alone does not work in Indonesia. There needs to be further action to publicly identify and shame those responsible, followed by them getting sacked.
 
Long time ago .. when designing a datacenter infrastructure for the Dutch government, we said "one datacenter is no datacenter. Two datacenters is one datacenter". So we created 4 government datacenters. All being synchronized mirrored to one another.

This was finished in 2018.

Not backing up the datasets is indeed stupid.

However, the hackers were able to enter the systems, because someone in one of the governments offices opened a mail and clicked on a link. So, a virus infected the system and the hackers penetrated the authorization applications with passwords etc.
 
Last edited:
Not backing up the datasets is indeed stupid.


"Ketua Komisi I DPR Meutya Hafid menyentil pemerintah bahwa persoalan atas tidak adanya back up data sistem pusat data nasional (PDN) yang diretas bukanlah masalah tata kelola, melainkan kebodohan"

"Chairman of Commission I of the DPR, Meutya Hafid, criticized the government that the problem of NOT HAVING BACK UP on PDN which was hacked was not a problem of governance, but rather stupidity!"

Not having a backup for a national data center is indeed stupidity. However, it could also be due to the fact that resources meant for this purpose have been diverted to other uses, who knows.
 
Last edited:
It seems the hackers are feeling sorry and promised to provide the key 🫤
 
It seems the hackers are feeling sorry and promised to provide the key 🫤
It's supposed to have been uploaded but that makes no sense.
It shows extreme weakness and that means others are just going to wait them out.

Either it's untrue, or there's something we aren't being told.
 

Users who viewed this discussion (Total:0)

Follow Us

Latest Expat Indo Articles

Latest Tweets by Expat Indo

Online Now

No members online now.

Forum Statistics

Threads
6,287
Messages
104,939
Members
3,559
Latest member
chickenstevenson
Back
Top Bottom