Cybersecurity incident in Indonesia: the PDN(S) incident
Summary
TLDRBudhar discusses the recent ransomware attack on Indonesia's National Data Center, possibly due to a variant of LockBit called 'Brain Chipper.' The incident on June 20th disrupted immigration servers and affected government services hosted by the center, causing inconvenience and raising concerns about Indonesia's cybersecurity. Budhar, who runs a cybersecurity company and teaches incident response, seeks to understand the scale of the issue and the lessons to be learned from it.
Takeaways
- 🌐 The speaker, Budhar, is currently in Shanghai and is posting a video on a secondary channel due to issues with two-factor authentication on his main channel.
- 💻 Budhar discusses a recent incident involving Indonesia's National Data Center (PDN), which was reportedly attacked by a variant of the Locky ransomware called 'Brain Chipper'.
- 📅 The incident is believed to have occurred on June 20th, causing issues with the Indonesian immigration server and affecting the integrated services at the airports.
- 🛂 The disruption led to the inability to access applications necessary for electronic gate operations, which are part of the virtual machines hosted by the PDN.
- 🏢 The PDN is hosted by a company called Talom Sigma, which also hosts other companies' services, indicating the widespread impact of the attack.
- 🔒 The ransomware attack targeted the main virtual machine, causing a denial of service for all dependent Indonesian government organizations.
- 🔄 Despite having a disaster recovery center, the PDN's backup site was not operational for an unknown reason, exacerbating the situation.
- 🚨 Several services were disrupted, and it took several days for some to be restored, highlighting the severity of the incident.
- 🤔 Budhar expresses confusion over how the incident occurred and the lack of public information, which limits understanding of the situation.
- 🏛️ As a professional in cybersecurity and an educator, Budhar feels the need to understand the incident to learn lessons and improve response strategies.
- 🌍 Budhar compares Indonesia's cybersecurity situation to other countries, noting that the scale of impact is significantly larger due to the country's large population.
Q & A
What is the main topic discussed in Budhar's video transcript?
-The main topic discussed in the video transcript is the ransomware attack on the National Data Center in Indonesia, also known as Pat Data National, and its impact on various services.
Why is Budhar unable to access his normal channel?
-Budhar is unable to access his normal channel due to a two-factor authentication issue that he cannot resolve while traveling.
What was the ransomware variant involved in the attack on the National Data Center?
-The ransomware variant involved in the attack is mentioned as something similar to Locky, possibly called 'brain chipper,' though Budhar is not entirely sure of the exact name.
When did the incident with the Indonesian immigration server occur?
-The incident with the Indonesian immigration server occurred on the 20th of June.
What was the immediate impact of the ransomware attack on the Indonesian immigration server?
-The immediate impact was that the applications and integrated services required for electronic gates at the airports could not be accessed, causing disruptions in immigration processes.
Who is hosting the Pat Data National's data center?
-The data center is hosted by a company referred to as 'talom talcom Sigma,' which is likely a misspelling or mispronunciation of the actual company name.
What other services were affected besides the Indonesian government's?
-Besides the government services, other companies hosted in the same data center were also affected, although the specific companies are not mentioned.
What is the role of the Pat Data National in hosting services?
-The Pat Data National is responsible for hosting more than 200 government services, indicating its critical role in the country's digital infrastructure.
Does Budhar have any information about the disaster recovery center's status?
-Budhar is unsure about the status of the disaster recovery center, as he mentions that it might not be working for some unknown reason.
What is Budhar's professional interest in this incident?
-Budhar is interested in the incident as he runs an Indonesia computer emergency response team, a cybersecurity company, and teaches incident handling at a university, making it crucial for him to understand and learn from this incident.
How does Budhar view the cybersecurity situation in Indonesia compared to other countries?
-Budhar views the cybersecurity situation in Indonesia as similar to other countries, with the main difference being the scale of impact due to Indonesia's large population and internet user base.
What is Budhar's final note on the situation?
-Budhar's final note is that while the incident is a big disaster, it has not created a significant economic disruption in Indonesia, although it has caused inconvenience.
Outlines
😕 Ransomware Attack on Indonesia's National Data Center
Budhar discusses a recent ransomware incident at Indonesia's National Data Center, known as Pat Data National, which affected the Indonesian immigration server on June 20th. The attack, possibly involving a variant of Locky called 'brain chipper,' led to inaccessibility of applications and services at airports, causing a significant disruption. The data center, hosted by Talom Sigma in Suaya, supports not only government services but also other companies. The scale of the impact is substantial due to the number of services hosted, which exceeds 200. Budhar mentions a potential issue with the disaster recovery center, which may not be functioning correctly. The incident is a cause for concern for Budhar, who is involved in cybersecurity and incident response, and he is seeking to understand and learn from this event.
🌐 Reflections on Indonesia's Cybersecurity Situation
In the second paragraph, Budhar addresses the state of cybersecurity in Indonesia, comparing it to other countries but emphasizing the unique challenges posed by Indonesia's large internet-using population, which is over 200 million. He suggests that while the situation is not unique to Indonesia, the scale of any incident can be significantly larger due to the country's size. Budhar mentions that while the recent ransomware attack is a disaster, it has not caused a major economic disruption, though it has inconvenienced many. He expresses his intention to continue updating on the situation and ends with well-wishes for his audience, reminding them to stay safe and healthy.
Mindmap
Keywords
💡Changi
💡Two-Factor Authentication
💡National Data Center
💡Ransomware
💡Locky
💡Indonesian Immigration Server
💡Virtual Machines
💡Hypervisor
💡Denial of Service
💡Disaster Recovery Center
💡Cybersecurity
💡Incident Response
Highlights
Budhar is currently in Shanghai and is unable to access his usual channel due to two-factor authentication complications.
A new channel was created for Budhar's travel session.
The National Data Center (PDN) in Indonesia experienced a significant incident involving ransomware, possibly a variant of LockBit called 'Brain Chipper'.
The incident occurred on June 20th, affecting the Indonesian immigration server and integrated services.
Servers are part of virtual machines hosted by PDN, which is temporarily located in Suaya by Talom Sigma.
Many services, not just government-related, are hosted in the data center, indicating a broad impact.
The hyper-visor of the main virtual machine was compromised, affecting all government organization virtual machines.
The incident led to a denial of service attack, causing significant disruption.
PDN hosts more than 200 government services, and the incident affected many of them.
A disaster recovery center (DRC) exists, but it was not operational for unknown reasons during the incident.
Several services were disrupted for several days, with some now operational but still experiencing issues.
Budhar is seeking to understand the incident's cause for professional reasons, as he runs an incident response team and a cybersecurity company.
The security situation in Indonesia is comparable to other countries, with scale being the main difference due to the large population.
The scale of the incident's impact is significantly larger due to Indonesia's large internet user base.
Budhar emphasizes that while the incident is a disaster, it has not caused a significant economic disruption in Indonesia.
The main issue is the inconvenience caused to the public, rather than economic impact.
Budhar plans to update on the situation as time and resources allow, currently posting from Changi Airport.
Transcripts
good morning this is budhar from
bu uh on the root version I'm doing it
I'm doing this while I'm in shangi
actually so um this is one of those
things that I have to uh post my video
on my other channel actually Channel
that I created just for this uh
traveling session because I could not
access my normal Channel because there's
uh some kind of uh two Factor
authentication that I need to do which I
could not
do complicated anyway so I'm here at uh
Changi and people ask me uh about the uh
the National Data Center the Fiasco in
Indonesia Pat data National the national
centralized data center so PDF uh was
recently um attack or there was an
incident um to our pad dat National or
data
center um uh to cut to cut the story
short um uh I think it was because of a
ransomware uh it's kind of a variations
of lock bit I think called brain chipper
or something like that I'm not really
sure because I I'm still on my way back
to Indonesia
um I've been away
for almost a week actually more than a
week uh B to shansen yesterday so anyway
going back to the the
story how did it happen I think it
happened on the 20th of June um there
was an issue with uh Indonesian
immigration server and uh they could not
access the applications they could not
access the uh the the uh integrated G uh
Services you know one of those things
that you have to go through the uh gate
without going uh to get uh to electronic
gate without going through um the normal
conventional custom um the application
um did not work so they investigated and
they found out that their servers could
not be uh they uh could not be accessed
from um from the the airports um now
these servers are part of virtual
machines that are hosted by the uh Pat
data National so that's that and
apparently the pat dat national uh Sara
Sara is it's kind of a crazy is s means
temporar it is hosted in
suaya by uh talom talcom Sigma I believe
uh so they are the one who holding uh
handling the the uh the data center and
in this data center actually there are
many services not just the government uh
data center but they are hosting other
uh companies and company other companies
are are well except for this one um so I
don't know what happened um but mainly
the the I can say I guess the
hyper hypervisor kind of the main
virtual machine was got hit by the uh
ransomware and all the virtual machines
on top of that which are being used by
Indonesian uh government uh
organizations
are basically collaps or dead or
unaccessible or we can call it the
denial of selfish
attack because of that this is a big
issue because of the uh scale of of of
of this now U the pat data uh National
the
pdns uh is actually hosting more than
200 uh
comans uh so uh basically uh they're
hosting all government services and they
do have a a disaster recovery center I
believe a backup site but for some
reason it's not
working I don't know whether the uh the
DRC side also got hacked by this
ransomware I'm I'm not sure um since I'm
I'm I'm find I'm trying to find out the
information but all the informations
that I got are mainly from the internet
on me from uh friends or uh chat groups
so that's that's that's the story uh the
service uh several Services got uh
disrupted and I believe it took uh them
for several days and some of the
services are already up uh although
there are issues now here's the thing
that I don't understand is the the kind
of how did this happen I don't know uh
how that uh happened and probably the
information is limited so it's not for
public consumption so that's why we
don't know anything about that but uh
for my professional side I I need to
find out what what it is because I'm
also running Indonesia computer
emergency response them and I also
running a cyber security company and I'm
also teaching
incident uh response incident handling
secure operation and incident handling
at the University so I need to find out
because there has to be a lesson a
lesson or lessons learned from uh this
incident so uh now uh questions um that
many people ask me is that uh what is
the the state or the situation of cyber
security or the security situation in
Indonesia in my opinion it is the same
as other countries uh except that the
scale is different what do you mean by
scale you can imagine like the
population of Indonesia on the internet
I believe it's more than 200 millions
and if you can see the population of
other countries uh not not just the
internet users in other countries but
the population of other countries say
Singapore probably only 5 million or 7
Millions I'm not sure um Malaysia 75
Millions I think so Millions is is
actually a a very large number so if
there is an issue uh or if there is a
problem then the scale is probably 20 to
50 times bigger than uh other countries
because of the this the scale is what's
What's um killing us uh other than that
actually it's the same uh many countries
got hit by
ransomware I'm not trying to don'tplay
this though but uh this is just the the
uh the the situation of what it is okay
so U uh what I'm trying to say here here
is that uh it's not a big disaster big
it is a big disaster but the scale is is
we still uh uh don't know but it's not
creating like a big hoopla in
Indonesia um they're just many talks but
in terms of economy I don't think
there's a A disruption although
convenience is the one that got us very
bad anyway so so that's that I'm going
to update if I have the time uh and
resources to do I'm still on my way
so and this I'm posting this from uh
Changi Airport okay stay safe stay
healthy and have a good one
تصفح المزيد من مقاطع الفيديو ذات الصلة
FULL Dialog - Mantan Hacker Bicara Soal Data Nasional "Down"
More about PDNS incident 2024 (The Indonesia National Data Center)
Teknologi Sebenarnya di Balik Peretasan Pusat Data Kominfo (Enkripsi Data)
Jawaban Menkominfo terkait Peretasan Data Pusat Data Nasional | Narasi Daily
Special report: Major computer outages occur worldwide
Blue Screen of Death(BSOD) | CrowdStrike’s Mistake: Inside the Microsoft Outage |Must Watch
5.0 / 5 (0 votes)