Hackers Involved in Crimes in 44 Countries were Self-Taught
Hackers can learn how to hack numerous systems and websites all over the world. They can also enhance their skills through numerous communities and online discussion groups.
By
·4 minutes read
JAKARTA, KOMPAS – Hacking remains a serious threat, including in Indonesia. Hackers can learn how to hack numerous systems and websites all over the world. They can also enhance their skills through numerous communities and online discussion groups.
As previously reported, the police arrested three members of the Surabaya Black Hat (SBH) group identified as AN, 21; ATP, 21 and KRS, 21, for allegedly hacking 3,000 websites and electronic systems in 44 countries. The police said the three suspects, who were college students, allegedly asked for “ransom money” to fix the hacked systems. Despite knowing each other and going to the same college, the three suspects worked on their own.
ATP, who met with Kompas at the Jakarta Police headquarters on Thursday, said his aim was to expose the weaknesses of the systems that he hacked. He added that he never explicitly asked for money.
“Some system owners refused to pay and wanted to fix the problem on their own. Some failed and asked me to fix their hacked systems. Some asked me to hack their systems again,” ATP said.
He added that he chose his targets randomly. Of the 100 hacked systems, between 5 and 10 percent responded or were willing to pay. ATP said he received Rp 40 million (US$2,920) a year from his victims. “I learned how to hack on my own three years ago. I didn’t learn this in college.”
AN said he hacked systems and websites to find weaknesses and improve upon them. He chose his targets randomly based on Google ranks or deliberately attacked websites with tight security. In order to hack websites, you only needed coding skills (understanding programming codes or languages) and a laptop, he added.
“I used the money to fix the systems I hacked. I never threatened my victims. Some even thanked me for improving their systems,” said AN who was once an SBH member.
The SBH is a discussion forum covering information technology, hacking, software development and coding. It also discussed the recent phenomenon of spreading hoaxes. The community, which holds discussions through the Telegram application, has about 800 members.
Lacking defense
Jakarta Police special crimes investigation director Sr. Comr. Adi Deriyan and unit IV head of cybercrimes sub-directorate Comr. Fian Yunus said Indonesia lacked a proper cyber defense. This was despite the prevalence of hoaxes and pornography on Indonesian websites. Both said Indonesia should look at South Korea with its strong cyber defense, which countered cyber attacks from North Korea.
“No system is perfectly secure. It is only a matter of time until a system is hacked. Therefore, system owners must always update or patch their systems to fix the weaknesses,” Fian said.
According to him, communities like the SBH have both positive and negative sides. In the wrong hands, hacking skills can be dangerous. Furthermore, these skills can be easily and freely obtained from the internet. Communities like the SBH exist in a number of cities, including Jakarta and Bandung.
“One company is hacked and then asked to hand over $2,000. Through negotiations, the ransom is reduced to $800. Sometimes, it is not the company that pays the ransom but employees using personal money as they are afraid of being fired,” Fian said.
Digital forensic expert Ruby Alamsyah said the name “black hat” was common globally. The name was not necessarily negative. Ruby himself has been active in a United States-based black hat community since 2009. “Just let the police handle the case. Let them find out whether the suspects did the hacking on their own or on behalf of the SBH. Most likely it was on their own. They may be SBH members, but they abused their skills and then the police arrested them,” he explained.
Richardus Eko Indrajit, a professor of computer science and information and communication technology at the Perbanas Institute, said the government had shown that cyber security was among its priorities through the establishment of the National Cyber and Encryption Agency (BSSN). The government must also be serious about enforcing the cybercrime law, he added.
“BSSN is only beginning its duties. It must help reduce cybercrimes and other agencies must work together in ensuring cyber security,” Eko said.
He added that millions of hacking attempts based on various motives occurred every day all over the world. It was the duty of all organizations to ensure the implementation of a proper information security management system Eko said.