jpnn.com, JAKARTA - Cyber security expert Pratama Persadha said the data of National Police personnel was allegedly leaked and distributed for free on online forums.
He said it was known from an upload by Twitter account @son1x777, which had also defaced the website of the National Cyber and Crypto Agency (BSSN).
ALSO SEE: Habib Rizieq Detained in Prison Basement, Police Confirm
According to Pratama, the data was uploaded on Wednesday (17/11) afternoon by the same account as the alleged BSSN website hacker.
In the upload, he said, a link was also provided to download samples, which allegedly contained police personnel databases.
ALSO SEE: Listyo Removes Six Police Chiefs, One Regional Police Officer
According to him, two databases were provided with the same size, namely 10.27 MB, with the first file named polrileak.txt and the second polri.sql.
"The file contains a lot of important personal data of police personnel, for example name, NRP, rank, place and date of birth, working unit, position, address, religion, blood type, ethnicity, email, and even phone number. This is clearly dangerous," Pratama said in a written statement, Thursday (11/18).
ALSO SEE: Police Post in Aceh Shot by Unknown Person
The chairman of the Communication and Information System Security Research Center (CISSReC) added that there were also data columns for rehabilitation decision, rehabilitation trial verdict, type of violation, rehabilitation information, punishment finished, and so on.
He said the data was possibly leaked by police personnel.
"Most likely, this attack is a form of hacktivist, seeking reputation in the community while introducing the hacking team," said Pratama.
Previously, he said, the police had also been hacked several times, including a deface and theft of the personnel database.
Until now, he continued, the police personnel data is still being sold on internet forum RaidForum through the account name "Stars12n". In the forum, sample data is also provided to be downloaded for free.
Pratama reminded the police that they must learn from the various hacking cases in order to further improve their security awareness and strengthen their systems.
"Low awareness of cyber security is one of the reasons why many government websites become victims of hacking," he said.
According to Pratama, this can be seen from the budget and management of the information system.
In some institutions, human resources, infrastructure, and budget for cyber security are minimal, with little attention from people in charge.
In contrast, technology companies usually have a director in charge of technology and cyber security, and even then, they can still be hacked.
"In the country, there are efforts for improvement, for example through the formation of CSIRT (Computer Security Incident Response Team). The CSIRT coordinates a lot with the BSSN when a hack occurs," he added.
An example of a weak cybersecurity management system was in the case of the Ministry of Health's eHAC, where the Ministry of Health's IT team did not respond to reports of data leaks twice.
Only after a report was submitted to the BSSN, within two days, the eHAC system was taken down. This should have been done in a matter of hours.
He hoped that the Personal Data Protection Law (UU PDP) could provide early warning to state and private institutions.
"If from the beginning they do not treat personal data properly, when there is a leak due to hacking, they should be sued for compensation of tens of billions of rupiah," he said. (boy/mcr20/jpnn)
This news has been broadcast on JPNN.com with the title: Data Personel Polri Diduga Bocor dan Dibagikan Gratis, Pratama: Ini Berbahaya