Jakarta, Gizmologi – Cybersecurity researcher, also known as DarkTracer, revealed that 10,000 websites were infected with the stealer malware. It is even suspected that hundreds of thousands of credential data originating from Indonesian websites have been accessed and leaked.
Several Indonesian government websites are said to be infected with malware, including (djponline.pajak.go.id), Pre-Employment Card (dashboard.prakerja.go.id), Ministry of Education and Culture (ssp.datadik.kemendikbud.go.id), BKN (ssc List. bkn.go.id), the Ministry of Finance (spanint.kemenkeu.go.id), the Ministry of Religion, to the Ministry of Manpower (tka-online.kemnaker.go.id).
“1,753,669 credentials from more than 49 thousand government sites have been leaked from users infected with the Stealer malware,” wrote the @darktracer_int account as quoted by Gizmologi, Friday (4/3/2022).
DarkTracer said that as many as 40,629 users in Indonesia were infected with Stealer, such as Redline, Raccoon, and Vidar. Meanwhile, 502,581 credentials accessed to the .id domain were leaked and distributed to dark sites.
DGT Malware Infected Makes sure Taxpayer Data is Safe
Stealer Malware Intelligence Report – Government
1,753,658 credentials of 49K+ government sites have been leaked from users infected with Stealer malware.
*The users may include government users or public users of gov public services*
— Fusion Intelligence Center @ DarkTracer (@darktracer_int) March 2, 2022
In response to this, the Ministry of Finance’s Directorate General of Taxes (DGT) ensures that the data they manage is safe. This answers the alleged leak of hundreds of thousands of credential data accessed via the web in Indonesia.
“Based on our investigation, DGT’s website is ensured to be safe and accessible as usual,” said Director of Extension, Services and Public Relations of DGT Neilmaldrin Noor in a written statement, Friday (4/3/2022).
According to him, the alleged data leak came from a user’s device that was infected with malware. Then the data is taken and used to enter the government site.
Therefore, he suggested that users of the tax.go.id website and taxpayers periodically change their passwords with stronger and more secure combinations so that they are not easily hacked. In addition, he advised taxpayers to install the latest anti-virus on their respective devices to avoid malware infection.
“For the sake of our security, we urge users and all taxpayers to immediately change the password to login on the tax.go.id website with a stronger password and then change it periodically. In addition, make sure that the antivirus that is installed is the most up-to-date,” he explained.
Tech Minister Prepares Personal Data Regulation
On the other hand, the Ministry of Communication and Informatics (Kemkominfo) of the Republic of Indonesia continues to work on the Personal Data Protection Bill (RUU) to be finalized this year, after being delayed for almost two years.
“We at the Government Working Committee and the DPR are trying our best so that the law can be completed this year,” said Kominfo spokesman, Dedy Permadi in a webinar, some time ago.
Regulations regarding the protection of personal data are becoming increasingly important because one of the main issues in the G20 Digital Economy Working Group (DEWG) is the reliable flow of cross-border data. Kominfo was appointed to be the supervisor in this working group. This international forum is expected to result in an agreement on the governance of cross-country data flows.
The Personal Data Protection Law will also strengthen regulations on data, which so far are still scattered in various sectors. Even though there is no primary regulation for the protection of personal data, Dedy reminded that so far the protection of data is still running according to the existing rules.
The rules that currently contain the protection of personal data include Law Number 19 of 2016 concerning Amendments to Law Number 11 of 2008 concerning Information and Electronic Transactions, aka the ITE Law and Government Regulation Number 71 of 2019 concerning the Implementation of Electronic Systems and Transactions. . In the Kominfo sector, there is also a Ministerial Regulation relating to the management of personal data, namely Permenkominfo Number 5 of 2020 concerning Private Scope Electronic System Operators.
“When there is a data leak incident, Kominfo can make various efforts according to the rules, such as investigations to giving sanctions to electronic system operators who are proven to have violated,” said Dedy.
The Indonesian version of this article can be read in Gizmologi.ID