PDN Paralyzed for More than a Week, Government Reveals Random Use of "Passwords" as Reason (2024)

English›PDN Paralyzed for More than a ...

The Coordinating Minister for Political, Legal and Security Affairs revealed that the use of "passwords" was a loophole that caused PDN to be attacked by "ransomware".

JAKARTA, KOMPAS — The government has found the cause of the ransomware attack on the National Data Center or PDN which has been taking place more than one week. Careless use of passwords or passwords is suspected to be an opening for cyber attacks that cause PDN to be paralyzed. Not only will the government process legal proceedings for users who carelessly use passwords, the government will also monitor all user agencies through the National Cyber ​​and Crypto Agency.

"From the forensic results, we can find out which user always uses the password and ultimately these very serious problems occur," said the Coordinating Minister for Political, Legal Affairs, and Security (Coordinating Minister for Political, Legal and Security Affairs) Hadi Tjahjanto after chairing a ministerial level coordination meeting to discuss the replacement of Temporary PDN 2 which was attacked by ransomware at the Office of the Coordinating Ministry for Political, Legal and Security Affairs, Jakarta, Monday (1/7/2024).

The closed meeting lasting more than 1.5 hours was attended by the Minister of Communication and Information (Menkominfo) Budi Arie Setiadi, Head of the National Cyber ​​and Crypto Agency (BSSN) Hinsa Siburian, Director Main PT Telkom Ririek Adriansyah, as well as a number of representatives from related ministries/institutions.

Also read: PDN Hacked by "Ransomware", Cyber ​​Security Should Not Be Underestimated

Hadi explained that the results of the forensic audit found a loophole that caused PDN Temporary 2 to be attacked by ransomware LockBit 3.0. The loophole in question is the careless use of passwords.

The government has also found out who the random password user is. Therefore, the government will take legal steps in accordance with applicable regulations.

"Therefore, law enforcement by BSSN, by law enforcement officials, can be carried out in accordance with applicable regulations," said Hadi.

In the future, continued Hadi, the government will issue a circular to PDN managers to be more careful, not to use passwords carelessly. "We appeal to users that later we will give a circular so that the use of this password must be careful, not haphazard, and will be monitored by BSSN," he said.

The Ministry of Communication and Information uses third party cloud data center facilities for temporary PDN while the Ministry of Communication and Information's PDN is being built. PT Telkom Indonesia Tbk is the third party for PDN Temporary 2 located in Surabaya. This temporary PDN is supported by two data center facilities located in Tangerang (Banten) and Surabaya (East Java), as well as a data recovery center (DRC) cold backup or backup which is carried out when the system is offline. or off.

We urge users that later we will give a circular so that the use of password must be careful, not careless, and will be monitored by BSSN.

After giving a press statement for approximately 5 minutes, Hadi immediately left the location. Hadi did not answer various questions from journalists including explanations regarding whether there was negligence and who the user in question was which resulted in the ransomware attack on PDN Temporary 2.

Separately, when confirmed regarding the forensic results and negligence that resulted in the ransomware attack on BSSN Head Hinsa Siburian, he did not comment. He only stated that everything had been conveyed by Hadi Tjahjanto.

"One door, yes," said Hinsa Siburian as she left the office of the Coordinating Ministry for Political, Legal and Security Affairs in an official car.

July target to recover

On the same occasion, Hadi said, the government is targeting public services affected by the ransomware attack on the Temporary National Data Center 2 in Surabaya to return to normal by July 2024. The government also asked agencies or tenants< /i> which uses the PDN system to have its own recovery backup data and will increase PDNS in Batam as a data recovery center or data recovery center (DRC).

There are 239 government agencies, from central to regional, affected by the LockBit 3.0 ransomware attack on PDN Temporary 2 Surabaya. Only 43 agencies were not affected because the main data was stored in Temporary PDN 1 South Tangerang and Temporary PDN 3 Batam.

"From the results of the coordination meeting, I can conclude that for services using Temporary PDN 2, we can carry out services actively in July 2024 and be backed up by the cold site in Batam by increasing "its ability to become a special website for strategic services," said Hadi.

Also read: PDN Hacked by "Ransomware", Cyber ​​Security Should Not Be Underestimated

Hadi also asked all agencies to back up their data to anticipate if similar attacks were to occur. This backup data recovery system has restored fast service to normal, as experienced by immigration services.

”Every tenant or ministry must also have a backup, this is mandatory, not optional any more. "So if operationally there is a problem with PDNS, there will still be backups, namely at the coldsite in Batam," said Hadi.

Apart from that, Hadi also said that he would activate the Computer Security Incident Response Team (CSIRE) which would be monitored by BSSN. BSSN will also improve cybersecurity. Moreover, President Jokowi has asked the Coordinating Ministry for Political, Legal and Security Affairs to review presidential regulations related to cyber operationalization to facilitate command and control if problems occur.

"And of course, we can also receive orders from the President to review presidential regulations, presidential instructions related to cyber operations, including BSSN, BSSN and its hierarchy, so that later the command and control will be easy in the event of problems," said Hadi.