Jakarta, IO – The General Election Commission (KPU) has once again been attacked by hackers. An anonymous villain, going by the name “Jimbo,” claims to have successfully infiltrated the kpu.go.id website and obtained voter data from the site, as also claimed by hacker Bjorka in 2022, when they scooped up data on 105 million voters from the KPU website.
This time, “Jimbo” shared 500 thousand examples of sample data in one of his posts on BreachForums, a platform used to trade hacked information, along with several screenshots from cekdptonline.kpu.go.id/, to verify data authenticity. In his post, Jimbo admitted that out of the 252 million data points, some are duplicated. There are 204,807,203 “extraordinary” data units, a nearly identical number to the total number of voters in the Permanent Voter List (DPT) of the KPU, at 204,807,222 voters from 514 districts and cities in Indonesia and 128 representative countries.
Extraordinary – as the data contains essential personal details, such as NIK (National Identification Number), Family Card Number (No. KK), ID card number (including passport number for voters residing overseas), full name, gender, date of birth, place of birth, marital status, complete address, RT (residential association), RW (residential block), village code, sub-district, district, and polling station code. The Cissrec team has also attempted to verify Jimbo’s shared data through the cekdpt website and proven the match, including the polling station number where voters are registered. Jimbo is offering the data for a $74,000 ransom, nearly equivalent to IDR 1.2 billion.
Another shared screenshot image shows a page from the KPU website that appears to be the user dashboard page. The screenshot indicates that Jimbo probably gained login access with the KPU Admin role from the sidalih.kpu.go.id domain by phishing, social engineering, or malware manipulation. Access allowed Jimbo to download voter data and other information. CISSREC previously issued an alert to the Chairman of KPU, regarding vulnerabilities in the KPU system, on June 7, 2023.
Read: The Absence Of A Minimum Wage Framework
If Jimbo obtained credentials through an admin role, this would severely jeopardize the upcoming election, as the admin account could manipulate vote tally results, damaging the democratic process and potentially triggering a national disturbance. The KPU needs to have its security system and servers audited and undergo forensic analysis to identify all vulnerable spots.
The KPU has not officially responded to the leaked voter data on the breach forum platform. While conducting the investigation, it is suggested that the KPU IT team change all accounts’ usernames and passwords to those with access to the KPU system. At least this would prevent the credentials from being reused by Jimbo or other hackers.