Indonesia’s meteoric rise to become the world’s largest source of cyber attacks has raised concerns over diplomacy and online security in one of the world’s fastest-growing Internet markets.
“We have… concerns,” said Gatot Dewa Broto, spokesman for the Ministry of Communication and Information. “Almost every day Indonesia gets 1,225,000 attacks coming not from outside, but from inside Indonesia.”
Indonesia’s rise to surpass China as the leading root of online attacks has startled observers. One year ago the nation was a relative unknown, responsible for only 0.7 percent of recorded attacks. Six months later Indonesia sprinted past China as the leading source of cyber attacks, according to a report by the US-based Akamai Technologies.
It is now responsible for 38 percent of the world’s malicious traffic.
The reasons behind the growth are under debate, but the implications of a dramatic increase in online attacks have some officials worried.
"There are some [signs] that in the future the hacking is going to be higher," Ministry of Defense spokesman Brig. Gen. Sisriadi Iskandar said. "It is [currently] very huge. I know from the Ministry of Communication and Information that last year... [the ministry] was attacked, like, 13 million times. I am not surprised."
Cyber security is notoriously weak in Indonesia, according to several experts. The second-highest cause of the 1.2 million daily attacks recorded by the government is attempts at data theft. Network-heavy industries, such as oil and gas, are most susceptible to data phishing attempts.
The defense ministry is concerned enough about online threats to mull the creation of a “cyber army” to safeguard the nation’s military infrastructure.
“The Indonesian armed forces are more network-centric now because of all of the modern weaponry,” Sisriadi said. “We have to have a system that can secure the network. The cyber army would be for the armed forces.”
Domestic hackers, global reach?
The nation’s “hacktivist” community has become increasingly bold, launching thousands-strong “cyber operations” against foreign governments and prompting calls for calm from Indonesian officials worried about diplomatic repercussions.
“[Official online security experts] tried to cool down all the hackers in Indonesia [before], saying ‘Yes, we understand that our nationality is very important… but it is a problem if we extremely attack Malaysia,’” Gatot said. “If Malaysian hackers attack us, it is a huge problem because the infrastructure in Indonesia is less [advanced] than the infrastructure in Malaysia.”
Online activists have defaced or temporarily shut down government websites in Egypt, Indonesia, Israel, Malaysia and Myanmar in recent months in a series of operations carried out in the name of Islam and nationalism. Indonesian hacktivists say they are waging a cyber war for human rights, targeting offending nations in visible, but often-unreported digital protests.
“We defend the dignity of our motherland” said Rio, a self-described “IT lover,” with the activist group Indonesian Fighter Cyber.
The November 2012 alleged rape of Indonesian migrant workers by Malaysian police sparked outrage online. Thousands of Indonesian hackers, including Rio, launched a series of defacement and denial of service attacks on Malaysian sites in an operation dubbed “Defending the ‘Foreign Currency Heroes.’” Several government websites were temporarily knocked offline and “thousands” of personal websites were defaced in protest, Rio said.
Similar actions were launched against websites in Myanmar over the deaths of Rohingya Muslims and in Egypt following the shooting of pro-Morsi demonstrators by the Egyptian military, Rio said. Websites were defaced, servers were knocked offline and sensitive government data was copied in several of the operations, the hackers said.
“During the aforementioned ‘operations,’ we attacked all servers of target countries simultaneously in a coordinated, scheduled [attack] to cripple the Internet access, or to at least play havoc with it,” said Tomomi, of the “Internet activist” group Team Pocong. “Those attacks are basically a form of protest.”
In Indonesia, the arrest of a hacker charged with defacing President Susilo Bambang Yudhoyono’s official website set off a wave of attacks on government websites in a protest that exposed how vulnerable the nation was to cyber attacks.
Online protests remain the largest source of cyber attacks in Indonesia, according to the government Computer Security Incident Response Team (CSIRT). But Indonesian officials see little to concern in attacks. A hacktivist's main purpose is often the defacement of a government website, something that amounts to, in the words of one expert, little more than “digital graffiti.”
“It is a concern, but from a social-economic perspective, it doesn’t really matter,” said Kim Andreasson, managing director at DAKA Advisory, a Swedish-based consulting group that authored a recent report on Indonesia’s cyber security.
Or a proxy pandemic?
The sudden spike in malicious traffic from Indonesian servers is evidence of a larger problem, Andreasson said: the widespread proliferation of computer viruses like malware.
The surge in cyber attacks has far outpaced the growth of hardware in Indonesia, pointing to a dramatic increase in infected computers, not hackers.
Internet access bloomed to reach 63 million people in 2012, as the market grew 24.4 percent, according to the Internet Service Providers Association (APJII). It's the second-fastest growing Internet market in the world, according to a report by the Silicon Valley–based Kleiner Perkins Caufield & Byers and Mary Meeker, a respected authority on the Internet.
But the nation's growth has consequences, Andreasson said. Industry experts said that awareness of online security concerns has failed to keep pace with connectivity. More Indonesians are online than ever before, but few understand the dangers that lie on the other side of the digital divide.
“All of a sudden Indonesia is at the point in the development where people are seeing the number of Internet users rise rapidly,” he said. “But the downside is that people are not aware of the security implications.”
Despite a proliferation of Internet connections, bandwidth speeds in Indonesia remain among the slowest in Southeast Asia. Indonesia ranked 149th globally, above Papua New Guinea and Myanmar, but below everyone else in the region, according to an October report of bandwidth speeds compiled by Net Index. The proliferation of cheap USB flash drives helps Indonesians cope with sluggish connection speeds, but the devices, coupled with lax security, also spread malicious software.
Official estimates place the number of computers in Indonesia infected with malware at less than 5 percent, according to IGN Mantra, the head of the Indonesia Academic CSIRT. But a survey of pirated Microsoft Windows software in Southeast Asia found malware on 63 percent of DVDs and computers running bootleg Windows OS, according to Microsoft Indonesia.
The combination of new Internet users and low awareness of security threats makes Indonesia ideal for exploitation by foreign hackers, Andreasson said. Local computers can be infected by malware or remote-controlling botnets and then be harnessed by hackers abroad to launch cyber attacks elsewhere.
"Hackers don't care where computers are located," Andreasson said. "They look for the weakest links around the world. Indonesia suffers from... lax enforcement and little security awareness among users.
"Thus, we have seen the number of malware attacks increase significantly and they will probably continue to do so until there is greater awareness of the problem, at which point law enforcement strengthens and people install anti-virus software and are taught not to click on links in suspicious e-mails."
Akamai suspected a similar issue in its report, but was unable to determine whether the attacks originating in Indonesia were launched by hackers elsewhere in the world. The company hosts as much as 30 percent of the global Internet on its servers and tracks attempts to access hidden "honeypot" systems — a sign of an attempted attack. It can't track whether the source computer is infected with a virus, said David Belson, the author of the report.
"Unfortunately, I don’t have any additional insight into what is causing this," Belson said. "We don’t have a way to see if the attackers are truly located elsewhere, and just launching attacks from compromised systems in Indonesia, nor do our honeypot systems provide us insight into the payload of the connection attempts, which would enable us to see what these attacks targeting ports 80 & 443 are requesting – a signature, if you will."
Indonesian officials believe the sudden surge in cyber attacks is likely the result of an outside party.
Chinese hackers are renowned worldwide for their skills, IGN Mantra said. He doubted the nation's burgeoning hacker community has reached a similar level of sophistication in less than a year.
"I am not sure [if] the ability of the Indonesian society is very high," he said. "[I doubt it] may exceed the skill of China. I think IP-IP is being used by another party using IP [in] Indonesia."
But as the Indonesian government grapples with the unprecedented surge in cyber attacks and considers forming military units to combat the perceived threat, it seems certain that it is not a problem that is going to go away.
“Our struggle is to fight for humanity in whatever way we can,” Rio told the Jakarta Globe. “The virtual world is our way.”