Cybersecurity incident in Indonesia: the PDN(S) incident
Summary
TLDRBudhar discusses the recent ransomware attack on Indonesia's National Data Center, possibly due to a variant of LockBit called 'Brain Chipper.' The incident on June 20th disrupted immigration servers and affected government services hosted by the center, causing inconvenience and raising concerns about Indonesia's cybersecurity. Budhar, who runs a cybersecurity company and teaches incident response, seeks to understand the scale of the issue and the lessons to be learned from it.
Takeaways
- π The speaker, Budhar, is currently in Shanghai and is posting a video on a secondary channel due to issues with two-factor authentication on his main channel.
- π» Budhar discusses a recent incident involving Indonesia's National Data Center (PDN), which was reportedly attacked by a variant of the Locky ransomware called 'Brain Chipper'.
- π The incident is believed to have occurred on June 20th, causing issues with the Indonesian immigration server and affecting the integrated services at the airports.
- π The disruption led to the inability to access applications necessary for electronic gate operations, which are part of the virtual machines hosted by the PDN.
- π’ The PDN is hosted by a company called Talom Sigma, which also hosts other companies' services, indicating the widespread impact of the attack.
- π The ransomware attack targeted the main virtual machine, causing a denial of service for all dependent Indonesian government organizations.
- π Despite having a disaster recovery center, the PDN's backup site was not operational for an unknown reason, exacerbating the situation.
- π¨ Several services were disrupted, and it took several days for some to be restored, highlighting the severity of the incident.
- π€ Budhar expresses confusion over how the incident occurred and the lack of public information, which limits understanding of the situation.
- ποΈ As a professional in cybersecurity and an educator, Budhar feels the need to understand the incident to learn lessons and improve response strategies.
- π Budhar compares Indonesia's cybersecurity situation to other countries, noting that the scale of impact is significantly larger due to the country's large population.
Q & A
What is the main topic discussed in Budhar's video transcript?
-The main topic discussed in the video transcript is the ransomware attack on the National Data Center in Indonesia, also known as Pat Data National, and its impact on various services.
Why is Budhar unable to access his normal channel?
-Budhar is unable to access his normal channel due to a two-factor authentication issue that he cannot resolve while traveling.
What was the ransomware variant involved in the attack on the National Data Center?
-The ransomware variant involved in the attack is mentioned as something similar to Locky, possibly called 'brain chipper,' though Budhar is not entirely sure of the exact name.
When did the incident with the Indonesian immigration server occur?
-The incident with the Indonesian immigration server occurred on the 20th of June.
What was the immediate impact of the ransomware attack on the Indonesian immigration server?
-The immediate impact was that the applications and integrated services required for electronic gates at the airports could not be accessed, causing disruptions in immigration processes.
Who is hosting the Pat Data National's data center?
-The data center is hosted by a company referred to as 'talom talcom Sigma,' which is likely a misspelling or mispronunciation of the actual company name.
What other services were affected besides the Indonesian government's?
-Besides the government services, other companies hosted in the same data center were also affected, although the specific companies are not mentioned.
What is the role of the Pat Data National in hosting services?
-The Pat Data National is responsible for hosting more than 200 government services, indicating its critical role in the country's digital infrastructure.
Does Budhar have any information about the disaster recovery center's status?
-Budhar is unsure about the status of the disaster recovery center, as he mentions that it might not be working for some unknown reason.
What is Budhar's professional interest in this incident?
-Budhar is interested in the incident as he runs an Indonesia computer emergency response team, a cybersecurity company, and teaches incident handling at a university, making it crucial for him to understand and learn from this incident.
How does Budhar view the cybersecurity situation in Indonesia compared to other countries?
-Budhar views the cybersecurity situation in Indonesia as similar to other countries, with the main difference being the scale of impact due to Indonesia's large population and internet user base.
What is Budhar's final note on the situation?
-Budhar's final note is that while the incident is a big disaster, it has not created a significant economic disruption in Indonesia, although it has caused inconvenience.
Outlines
π Ransomware Attack on Indonesia's National Data Center
Budhar discusses a recent ransomware incident at Indonesia's National Data Center, known as Pat Data National, which affected the Indonesian immigration server on June 20th. The attack, possibly involving a variant of Locky called 'brain chipper,' led to inaccessibility of applications and services at airports, causing a significant disruption. The data center, hosted by Talom Sigma in Suaya, supports not only government services but also other companies. The scale of the impact is substantial due to the number of services hosted, which exceeds 200. Budhar mentions a potential issue with the disaster recovery center, which may not be functioning correctly. The incident is a cause for concern for Budhar, who is involved in cybersecurity and incident response, and he is seeking to understand and learn from this event.
π Reflections on Indonesia's Cybersecurity Situation
In the second paragraph, Budhar addresses the state of cybersecurity in Indonesia, comparing it to other countries but emphasizing the unique challenges posed by Indonesia's large internet-using population, which is over 200 million. He suggests that while the situation is not unique to Indonesia, the scale of any incident can be significantly larger due to the country's size. Budhar mentions that while the recent ransomware attack is a disaster, it has not caused a major economic disruption, though it has inconvenienced many. He expresses his intention to continue updating on the situation and ends with well-wishes for his audience, reminding them to stay safe and healthy.
Mindmap
Keywords
π‘Changi
π‘Two-Factor Authentication
π‘National Data Center
π‘Ransomware
π‘Locky
π‘Indonesian Immigration Server
π‘Virtual Machines
π‘Hypervisor
π‘Denial of Service
π‘Disaster Recovery Center
π‘Cybersecurity
π‘Incident Response
Highlights
Budhar is currently in Shanghai and is unable to access his usual channel due to two-factor authentication complications.
A new channel was created for Budhar's travel session.
The National Data Center (PDN) in Indonesia experienced a significant incident involving ransomware, possibly a variant of LockBit called 'Brain Chipper'.
The incident occurred on June 20th, affecting the Indonesian immigration server and integrated services.
Servers are part of virtual machines hosted by PDN, which is temporarily located in Suaya by Talom Sigma.
Many services, not just government-related, are hosted in the data center, indicating a broad impact.
The hyper-visor of the main virtual machine was compromised, affecting all government organization virtual machines.
The incident led to a denial of service attack, causing significant disruption.
PDN hosts more than 200 government services, and the incident affected many of them.
A disaster recovery center (DRC) exists, but it was not operational for unknown reasons during the incident.
Several services were disrupted for several days, with some now operational but still experiencing issues.
Budhar is seeking to understand the incident's cause for professional reasons, as he runs an incident response team and a cybersecurity company.
The security situation in Indonesia is comparable to other countries, with scale being the main difference due to the large population.
The scale of the incident's impact is significantly larger due to Indonesia's large internet user base.
Budhar emphasizes that while the incident is a disaster, it has not caused a significant economic disruption in Indonesia.
The main issue is the inconvenience caused to the public, rather than economic impact.
Budhar plans to update on the situation as time and resources allow, currently posting from Changi Airport.
Transcripts
00:01good morning this is budhar from
00:04bu uh on the root version I'm doing it
00:09I'm doing this while I'm in shangi
00:13actually so um this is one of those
00:17things that I have to uh post my video
00:21on my other channel actually Channel
00:23that I created just for this uh
00:26traveling session because I could not
00:28access my normal Channel because there's
00:32uh some kind of uh two Factor
00:36authentication that I need to do which I
00:39could not
00:40do complicated anyway so I'm here at uh
00:43Changi and people ask me uh about the uh
00:48the National Data Center the Fiasco in
00:51Indonesia Pat data National the national
00:56centralized data center so PDF uh was
01:00recently um attack or there was an
01:04incident um to our pad dat National or
01:09data
01:10center um uh to cut to cut the story
01:13short um uh I think it was because of a
01:18ransomware uh it's kind of a variations
01:21of lock bit I think called brain chipper
01:25or something like that I'm not really
01:26sure because I I'm still on my way back
01:28to Indonesia
01:30um I've been away
01:32for almost a week actually more than a
01:35week uh B to shansen yesterday so anyway
01:38going back to the the
01:40story how did it happen I think it
01:43happened on the 20th of June um there
01:47was an issue with uh Indonesian
01:49immigration server and uh they could not
01:52access the applications they could not
01:54access the uh the the uh integrated G uh
01:57Services you know one of those things
01:59that you have to go through the uh gate
02:01without going uh to get uh to electronic
02:04gate without going through um the normal
02:07conventional custom um the application
02:10um did not work so they investigated and
02:13they found out that their servers could
02:15not be uh they uh could not be accessed
02:18from um from the the airports um now
02:22these servers are part of virtual
02:25machines that are hosted by the uh Pat
02:28data National so that's that and
02:30apparently the pat dat national uh Sara
02:34Sara is it's kind of a crazy is s means
02:39temporar it is hosted in
02:42suaya by uh talom talcom Sigma I believe
02:48uh so they are the one who holding uh
02:49handling the the uh the data center and
02:53in this data center actually there are
02:55many services not just the government uh
02:57data center but they are hosting other
02:59uh companies and company other companies
03:01are are well except for this one um so I
03:05don't know what happened um but mainly
03:09the the I can say I guess the
03:14hyper hypervisor kind of the main
03:17virtual machine was got hit by the uh
03:20ransomware and all the virtual machines
03:23on top of that which are being used by
03:25Indonesian uh government uh
03:28organizations
03:30are basically collaps or dead or
03:33unaccessible or we can call it the
03:35denial of selfish
03:37attack because of that this is a big
03:40issue because of the uh scale of of of
03:45of this now U the pat data uh National
03:49the
03:50pdns uh is actually hosting more than
03:53200 uh
03:56comans uh so uh basically uh they're
03:59hosting all government services and they
04:02do have a a disaster recovery center I
04:05believe a backup site but for some
04:08reason it's not
04:10working I don't know whether the uh the
04:12DRC side also got hacked by this
04:14ransomware I'm I'm not sure um since I'm
04:18I'm I'm find I'm trying to find out the
04:20information but all the informations
04:22that I got are mainly from the internet
04:25on me from uh friends or uh chat groups
04:29so that's that's that's the story uh the
04:33service uh several Services got uh
04:37disrupted and I believe it took uh them
04:41for several days and some of the
04:43services are already up uh although
04:46there are issues now here's the thing
04:50that I don't understand is the the kind
04:54of how did this happen I don't know uh
04:57how that uh happened and probably the
05:00information is limited so it's not for
05:03public consumption so that's why we
05:05don't know anything about that but uh
05:07for my professional side I I need to
05:09find out what what it is because I'm
05:12also running Indonesia computer
05:14emergency response them and I also
05:15running a cyber security company and I'm
05:18also teaching
05:20incident uh response incident handling
05:24secure operation and incident handling
05:26at the University so I need to find out
05:29because there has to be a lesson a
05:31lesson or lessons learned from uh this
05:36incident so uh now uh questions um that
05:40many people ask me is that uh what is
05:44the the state or the situation of cyber
05:47security or the security situation in
05:49Indonesia in my opinion it is the same
05:52as other countries uh except that the
05:54scale is different what do you mean by
05:57scale you can imagine like the
05:59population of Indonesia on the internet
06:02I believe it's more than 200 millions
06:05and if you can see the population of
06:07other countries uh not not just the
06:10internet users in other countries but
06:11the population of other countries say
06:13Singapore probably only 5 million or 7
06:16Millions I'm not sure um Malaysia 75
06:20Millions I think so Millions is is
06:22actually a a very large number so if
06:26there is an issue uh or if there is a
06:30problem then the scale is probably 20 to
06:3350 times bigger than uh other countries
06:36because of the this the scale is what's
06:39What's um killing us uh other than that
06:42actually it's the same uh many countries
06:44got hit by
06:46ransomware I'm not trying to don'tplay
06:48this though but uh this is just the the
06:52uh the the situation of what it is okay
06:56so U uh what I'm trying to say here here
06:59is that uh it's not a big disaster big
07:03it is a big disaster but the scale is is
07:07we still uh uh don't know but it's not
07:10creating like a big hoopla in
07:13Indonesia um they're just many talks but
07:17in terms of economy I don't think
07:18there's a A disruption although
07:21convenience is the one that got us very
07:25bad anyway so so that's that I'm going
07:29to update if I have the time uh and
07:31resources to do I'm still on my way
07:35so and this I'm posting this from uh
07:38Changi Airport okay stay safe stay
07:42healthy and have a good one
Browse More Related Video
FULL Dialog - Mantan Hacker Bicara Soal Data Nasional "Down"
More about PDNS incident 2024 (The Indonesia National Data Center)
Teknologi Sebenarnya di Balik Peretasan Pusat Data Kominfo (Enkripsi Data)
Jawaban Menkominfo terkait Peretasan Data Pusat Data Nasional | Narasi Daily
Special report: Major computer outages occur worldwide
Blue Screen of Death(BSOD) | CrowdStrikeβs Mistake: Inside the Microsoft Outage |Must Watch
5.0 / 5 (0 votes)