The bitter fact was displayed by the hacking of the National Cyber and Encryption Agency (BSSN) some time ago.
By
Kompas Editor
·3 minutes read
A Kompas investigation has revealed how the websites of government agencies are easily subject to cyberattacks. This poses a threat to the security of personal data of citizens.
A vulnerability assessment and tracking of hackers’ activity in Indonesia by the Kompas team have discovered how government websites are easily hacked. The bitter fact was displayed by the hacking of the National Cyber and Encryption Agency (BSSN) some time ago.
Also read:
> Govt Websites Easily Hacked Citizens Data Sold freely
In the vulnerability assessment of 30 government websites, only three were not found to be vulnerable. The other 27 websites were found to have various levels of vulnerability, categorized as critical, high, medium or low.
The Kompas team also traced the validity of data from the Kotz account, which claims to have possession of 270 million personal data points of Indonesian citizens originating from the Social Security Agency (BPJS). After contacting Kotz, two resident’s identification numbers (NIK) were sent for checking.
Kotz responded by giving resident’s data – full names, addresses, religions, dates of birth, blood types, salaries for three years (2017-2019) and card numbers for the Health Care and Social Security Agency (BPJS Kesehatan). The card numbers supplied by Kotz were identical to the numbers printed on the BPJS Kesehatan cards of the NIK owners. (Kompas, 29/10/2021)
There are several causes of the vulnerability of government websites, and sadly, they are mostly trivial. First, many websites lack solid passwords. This happens because the majority of website personnel discount the importance of passwords. Unsurprisingly, many passwords for government websites are easily guessed, as they are not far from the letters or words related to institutional names. By simply guessing passwords, hackers may find it easy to access the websites, even within seconds.
The impression that “what matters is the presence of personnel in charge” makes the websites of government agencies vulnerable in terms of security.
The other reason is that the majority of website personnel are not competent staff members, so the effort to strengthen website security has not become a priority. This problem results from the random or unselective recruitment of employees in charge of websites. The impression that “what matters is the presence of personnel in charge” makes the websites of government agencies vulnerable in terms of security.
The empirical problem of website management is worsened by the debate on the personal data protection bill (RUU PDP), still in limbo at the House of Representatives. This means that the legal umbrella for the protection of citizens’ personal data is still far from being realized. This issue is prone to the perpetuation of hacking of government websites, which ends in the spread or sale of the personal data of citizens.
In a digital era like today, in which websites have become the locomotive of information and where the public can access many things about government agencies, the time has come for the government to prioritize the security and protection of citizens’ personal data. What happens if government websites are hacked and their data is sold? The RUU PDP should be quickly finalized, especially as it was proposed by the government, while the urgency of institutional website management must be made widely understood.